diff --git a/cista/auth.py b/cista/auth.py index 09b249f..4145754 100644 --- a/cista/auth.py +++ b/cista/auth.py @@ -159,3 +159,35 @@ async def logout_post(request): res = json({"message": msg}) session.delete(res) return res + + +@bp.post("/password-change") +async def change_password(request): + try: + if request.headers.content_type == "application/json": + username = request.json["username"] + pwchange = request.json["passwordChange"] + password = request.json["password"] + else: + username = request.form["username"][0] + pwchange = request.form["passwordChange"][0] + password = request.form["password"][0] + if not username or not password: + raise KeyError + except KeyError: + raise BadRequest( + "Missing username, passwordChange or password", + ) from None + try: + user = login(username, password) + set_password(user, pwchange) + except ValueError as e: + raise Forbidden(str(e), context={"redirect": "/login"}) from e + + if "text/html" in request.headers.accept: + res = redirect("/") + session.flash(res, "Password updated") + else: + res = json({"message": "Password updated"}) + session.create(res, username) + return res diff --git a/cista/util/apphelpers.py b/cista/util/apphelpers.py index 9562226..52b07a6 100644 --- a/cista/util/apphelpers.py +++ b/cista/util/apphelpers.py @@ -59,7 +59,7 @@ def websocket_wrapper(handler): code = e.status_code message = f"⚠️ {message}" if code < 500 else f"🛑 {message}" await asend(ws, ErrorMsg({"code": code, "message": message, **context})) - if not getattr(e, "quiet", False): + if not getattr(e, "quiet", False) or code == 500: logger.exception(f"{code} {e!r}") raise diff --git a/frontend/src/App.vue b/frontend/src/App.vue index f737c68..22ff831 100644 --- a/frontend/src/App.vue +++ b/frontend/src/App.vue @@ -1,5 +1,6 @@