diff --git a/src/my_scrypt.py b/src/my_scrypt.py index e0cff7c83..b1fce1110 100644 --- a/src/my_scrypt.py +++ b/src/my_scrypt.py @@ -2,18 +2,20 @@ import scrypt # pip install scrypt import sql def getVerificationHash(password): - # getOption returns unicode bytes which scrypt doesn't like - salt = sql.getOption('verification_salt').encode('ascii', 'ignore') + salt = sql.getOption('verification_salt') return getScryptHash(password, salt) def getEncryptionHash(password): - # getOption returns unicode bytes which scrypt doesn't like - salt = sql.getOption('encryption_salt').encode('ascii', 'ignore') + salt = sql.getOption('encryption_salt') return getScryptHash(password, salt) def getScryptHash(password, salt): + # scrypt doesn't like unicode strings + password = password.encode('ascii', 'ignore') + salt = salt.encode('ascii', 'ignore') + hashed = scrypt.hash(password=password, salt=salt, N=16384, diff --git a/src/password_api.py b/src/password_api.py index bd17fc9a8..e2626b36a 100644 --- a/src/password_api.py +++ b/src/password_api.py @@ -3,6 +3,7 @@ from flask_login import login_required import hashlib import binascii import sql +import change_password password_api = Blueprint('password_api', __name__) @@ -19,4 +20,13 @@ def verifyPassword(): return jsonify({ 'valid': isValid - }) \ No newline at end of file + }) + +@password_api.route('/password/change', methods = ['POST']) +@login_required +def changePassword(): + req = request.get_json(force=True) + + result = change_password.change_password(req['current_password'], req['new_password']) + + return jsonify(result) diff --git a/static/js/settings.js b/static/js/settings.js index bca76f20f..575967522 100644 --- a/static/js/settings.js +++ b/static/js/settings.js @@ -8,7 +8,37 @@ function displaySettings() { } $("#changePasswordForm").submit(() => { - console.log("Submit"); + const oldPassword = $("#oldPassword").val(); + const newPassword1 = $("#newPassword1").val(); + const newPassword2 = $("#newPassword2").val(); + + $("#oldPassword").val(''); + $("#newPassword1").val(''); + $("#newPassword2").val(''); + + if (newPassword1 != newPassword2) { + alert("New passwords are not the same."); + return false; + } + + $.ajax({ + url: baseUrl + 'password/change', + type: 'POST', + data: JSON.stringify({ + 'current_password': oldPassword, + 'new_password': newPassword1 + }), + contentType: "application/json", + success: function (result) { + if (result.success) { + alert("Password has been changed."); + } + else { + alert(result.message); + } + }, + error: () => alert("Error occurred during changing password.") + }); return false; }); \ No newline at end of file