feat(authentication): check password policy during user profile password change

2025-04-19 02:07:31 +00:00 · 2023-03-17 03:45:37 +00:00 · 2023-03-17 03:45:37 +00:00 · 64017195da
commit 64017195da
parent fc14e9189d
2 changed files with 27 additions and 5 deletions
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@ -9,6 +9,8 @@ from flask_login import current_user, login_required, login_manager
 from ..models.user import User, Anonymous
 from ..models.setting import Setting
 from .index import password_policy_check
 user_bp = Blueprint('user',
                    __name__,
@ -79,12 +81,23 @@ def profile():
                            .format(current_user.username)
                        }), 400)
        (password_policy_pass, password_policy) = password_policy_check(current_user.get_user_info_by_username(), new_password)
        if not password_policy_pass:
            if request.data:
                return make_response(
                    jsonify({
                        'status': 'error',
                        'msg': password_policy['password'],
                    }), 400)
            return render_template('user_profile.html', error_messages=password_policy)
        user = User(username=current_user.username,
                    plain_text_password=new_password,
                    firstname=firstname,
                    lastname=lastname,
                    email=email,
                    reload_info=False)
        user.update_profile()
        return render_template('user_profile.html')
--- a/powerdnsadmin/templates/user_profile.html
+++ b/powerdnsadmin/templates/user_profile.html
@ -34,13 +34,13 @@
                            <div class="nav-tabs-custom mb-2">
                                <ul class="nav nav-tabs" role="tablist">
                                    <li class="nav-item">
-                                        <a class="nav-link active" href="#tabs-personal" data-toggle="tab">
+                                        <a class="nav-link {{ 'active' if not error_messages else '' }}" href="#tabs-personal" data-toggle="tab">
                                            Personal Info
                                        </a>
                                    </li>
                                    {% if session['authentication_type'] == 'LOCAL' %}
                                        <li class="nav-item">
-                                            <a class="nav-link" href="#tabs-password" data-toggle="tab">
+                                            <a class="nav-link {{ 'active' if 'password' in error_messages else '' }}" href="#tabs-password" data-toggle="tab">
                                                Change Password
                                            </a>
                                        </li>
@ -57,7 +57,8 @@
                            <!-- /.nav-tabs-custom -->
                            <div class="tab-content">
-                                <div class="tab-pane fade show active" id="tabs-personal">
+                                <div class="tab-pane fade {{ 'show active' if not error_messages else '' }}"
                                        id="tabs-personal">
                                    <form role="form" method="post" action="{{ user_profile }}">
                                        <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                                        <div class="form-group">
@ -91,7 +92,8 @@
                                <!-- /.tab-pane -->
                                {% if session['authentication_type'] == 'LOCAL' %}
-                                    <div class="tab-pane fade" id="tabs-password">
+                                    <div class="tab-pane fade {{ 'show active' if 'password' in error_messages else '' }}"
                                            id="tabs-password">
                                        {% if not current_user.password %}
                                            Your account password is managed via LDAP which isn't supported to
                                            change here.
@ -101,8 +103,15 @@
                                                       value="{{ csrf_token() }}">
                                                <div class="form-group">
                                                    <label for="password">New Password</label>
-                                                    <input type="password" class="form-control" name="password"
+                                                    <input type="password" class="form-control {{ 'is-invalid' if 'password' in error_messages else '' }}"
                                                           name="password"
                                                           id="newpassword">
                                                    {% if 'password' in error_messages %}
                                                    <div class="invalid-feedback">
                                                        <i class="fas fa-exclamation-triangle"></i>
                                                        {{ error_messages['password'] }}
                                                    </div>
                                                    {% endif %}
                                                </div>
                                                <div class="form-group">
                                                    <label for="rpassword">Re-type New Password</label>