feat: 新增密码修改功能

core/user.py

@@ -4,7 +4,7 @@ from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
 from typing import Optional
 
 from configure import conf
-from sql.user import read_user, check_role, get_user_email, create_user, get_role_name, delete_user
+from sql.user import read_user, check_role, get_user_email, create_user, get_role_name, delete_user, change_passwd_hash
 import core.blog
 import core.comment
 import core.msg
@@ -125,3 +125,6 @@ class User(UserMixin):
 
     def delete(self):
         return delete_user(self.user_id)
+
+    def change_passwd(self, passwd):
+        return change_passwd_hash(self.user_id, self.get_passwd_hash(passwd))

sql/user.py

@@ -39,6 +39,13 @@ def delete_user(user_id: int):
     return True
 
 
+def change_passwd_hash(user_id: int, passwd_hash: str):
+    cur = db.update(table='user', kw={'PasswdHash': f"'{passwd_hash}'"}, where=f'ID={user_id}')
+    if cur is None or cur.rowcount == 0:
+        return False
+    return True
+
+
 def get_user_email(user_id):
     """ 获取用户邮箱 """
     cur = db.search(columns=["Email"], table="user", where=f"ID='{user_id}'")

static/styles/auth/passwd.css

@@ -0,0 +1,6 @@
+.passwd-form {
+    background-color: white;
+    border-radius: 10px;
+    border: 2px solid #6b6882;
+    padding: 15px;
+}

templates/auth/login.html

@@ -24,10 +24,11 @@
                     {{ form.passwd(class="form-control") }}
                 </div>
 
-                <a class="btn btn-info mr-2" href="{{ url_for("auth.register_page") }}"> 前往注册 </a>
-                {{ form.submit(class='btn btn-info mr-2') }}
-                {{ form.remember() }} {{ form.remember.label }}
-
+                <div class="text-right">
+                    <a class="btn btn-info mr-2" href="{{ url_for("auth.register_page") }}"> 前往注册 </a>
+                    {{ form.submit(class='btn btn-info mr-2') }}
+                    {{ form.remember() }} {{ form.remember.label }}
+                </div>
             </form>
         </div>
     </div>

templates/auth/passwd.html

@@ -0,0 +1,39 @@
+{% extends "base.html" %}
+
+{% block title %} 修改密码 {% endblock %}
+
+{% block style %}
+    {{ super() }}
+    <link href="{{ url_for('static', filename='styles/auth/passwd.css') }}" rel="stylesheet">
+{% endblock %}
+
+{% block context %}
+    <section id="base" class="container mt-3">
+    <div class="row">
+        <div class="col-12 col-lg-6 offset-lg-3">
+            <form method="post" action="{{ url_for("auth.change_passwd_page") }}" class="passwd-form">
+                {{ ChangePasswdForm.hidden_tag() }}
+
+                <div class="form-group">
+                    {{ ChangePasswdForm.old_passwd.label }}
+                    {{ ChangePasswdForm.old_passwd(class="form-control") }}
+                </div>
+
+                <div class="form-group">
+                    {{ ChangePasswdForm.passwd.label }}
+                    {{ ChangePasswdForm.passwd(class="form-control") }}
+                </div>
+
+                <div class="form-group">
+                    {{ ChangePasswdForm.passwd_again.label }}
+                    {{ ChangePasswdForm.passwd_again(class="form-control") }}
+                </div>
+
+                <div class="text-right">
+                    {{ ChangePasswdForm.submit(class='btn btn-info') }}
+                </div>
+            </form>
+        </div>
+    </div>
+    </section>
+{% endblock %}

templates/auth/register.html

@@ -29,8 +29,10 @@
                     {{ RegisterForm.passwd_again(class="form-control") }}
                 </div>
 
-                {{ RegisterForm.submit(class='btn btn-info mr-2') }}
-                <a class="btn btn-info mr-2" href="{{ url_for("auth.login_page") }}"> 前往登录 </a>
+                <div class="text-right">
+                    {{ RegisterForm.submit(class='btn btn-info mr-2') }}
+                    <a class="btn btn-info" href="{{ url_for("auth.login_page") }}"> 前往登录 </a>
+                </div>
             </form>
         </div>
     </div>

templates/auth/yours.html

@@ -37,6 +37,7 @@
                         </div>
                     </div>
 
+                    <a class="card-link" href="{{ url_for('auth.change_passwd_page') }}"> 修改密码 </a>
                     <a class="card-link" data-toggle="modal" data-target="#LogoutModal"> 退出登录 </a>
                 </div>
             </div>

view/auth.py

@@ -35,6 +35,15 @@ class RegisterForm(FlaskForm):
             raise ValidationError("Email already register")
 
 
+class ChangePasswdForm(FlaskForm):
+    old_passwd = PasswordField("旧密码", validators=[DataRequired()])
+    passwd = PasswordField("新密码", validators=[DataRequired(),
+                                              EqualTo("passwd_again", message="两次输入密码不相同"),
+                                              Length(8, 32)])
+    passwd_again = PasswordField("重复密码", validators=[DataRequired()])
+    submit = SubmitField("修改密码")
+
+
 @auth.route('/yours')
 @login_required
 def yours_page():
@@ -105,6 +114,22 @@ def logout_page():
     return redirect(url_for("base.index_page"))
 
 
+@auth.route('/passwd', methods=['GET', 'POST'])
+@login_required
+def change_passwd_page():
+    form = ChangePasswdForm()
+    if form.validate_on_submit():
+        if not current_user.check_passwd(form.old_passwd.data):
+            flash("旧密码错误")
+            return redirect(url_for("auth.change_passwd_page"))
+        if current_user.change_passwd(form.passwd.data):
+            flash("密码修改成功")
+        else:
+            flash("密码修改失败")
+        return redirect(url_for("auth.yours_page"))
+    return render_template("auth/passwd.html", ChangePasswdForm=form)
+
+
 @auth.context_processor
 def inject_base():
     return {"top_nav": ["", "", "", "", "", "active"]}