From fca49a01760c2e5122cd4f1a6b7a060b1a05a137 Mon Sep 17 00:00:00 2001 From: Ulrich Knechtelsdorfer Date: Sat, 4 Mar 2017 08:53:27 +0100 Subject: [PATCH 1/5] - fix unwanted password change --- app/views.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/app/views.py b/app/views.py index 7b74f97..3dda80e 100644 --- a/app/views.py +++ b/app/views.py @@ -364,20 +364,21 @@ def selfmanagement(): if not bcrypt.checkpw(request.form['password_old'], u.password): success = "Passwort falsch!" else: - if ('password1' in request.form) & ('password2' in request.form): - if request.form['password1'] == request.form['password2']: - u.password = bcrypt.hashpw(request.form['password1'], bcrypt.gensalt()) + if len(request.form['password1']) > 0: + if ('password1' in request.form) & ('password2' in request.form): + if (request.form['password1'] == request.form['password2']): + u.password = bcrypt.hashpw(request.form['password1'], bcrypt.gensalt()) - u.rfid_id = request.form['rfid_id'] + u.rfid_id = request.form['rfid_id'] - if 'onlyrfid' in request.form: - u.onlyrfid = True + if 'onlyrfid' in request.form: + u.onlyrfid = True + else: + u.onlyrfid = False + update_user(u) + success = u'Einstellungen wurden übernommen!' else: - u.onlyrfid = False - update_user(u) - success = u'Einstellungen wurden übernommen!' - else: - success = u'Neue Passwörter stimmen nicht überein!' + success = u'Neue Passwörter stimmen nicht überein!' else: u.rfid_id = request.form['rfid_id'] From 5ec6dacd4b2d53d956c8bc31ec016f4eeb8a43c2 Mon Sep 17 00:00:00 2001 From: Ulrich Knechtelsdorfer Date: Sat, 4 Mar 2017 09:13:02 +0100 Subject: [PATCH 2/5] -add baron can change password of users --- app/templates/manage_users_edit.html | 1 + app/views.py | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/app/templates/manage_users_edit.html b/app/templates/manage_users_edit.html index 032a54f..c06e40d 100644 --- a/app/templates/manage_users_edit.html +++ b/app/templates/manage_users_edit.html @@ -14,6 +14,7 @@ Name:

Email:

Euml ID: (falls mehrere durch ; trennen)

+ Neues Passwort: (wenn nicht ausgefüllt bleibt das alte)

Geschwärzt:
Baron:
Angezeigt:
diff --git a/app/views.py b/app/views.py index 3dda80e..4417b4c 100644 --- a/app/views.py +++ b/app/views.py @@ -134,6 +134,12 @@ def manage_users_edit(name=None): u.email = request.form['email'] u.rfid_id = request.form['rfid_id'] + if len(request.form['new_password']) > 0: + u.password = bcrypt.hashpw(request.form['new_password'], bcrypt.gensalt()) + else: + u2 = get_user_by_id(u.id) + u.password = u2.password + if 'isblack' in request.form: u.isblack = True else: @@ -159,9 +165,6 @@ def manage_users_edit(name=None): else: u.onlyrfid = False - u2 = get_user_by_id(u.id) - u.password = u2.password - update_user(u) return redirect('/manage_users') From 21863502f8f05bda5385e30c8d10b42a6e5e6a33 Mon Sep 17 00:00:00 2001 From: Ulrich Knechtelsdorfer Date: Sun, 5 Mar 2017 17:20:51 +0100 Subject: [PATCH 3/5] - fix: bug in removing RFID IDs --- app/database.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/database.py b/app/database.py index 27a58c4..95be41e 100644 --- a/app/database.py +++ b/app/database.py @@ -149,7 +149,8 @@ def set_rfid_to_userid(rfid_ids, user_id): if not u: #rfid id is not assigned to a user, so it should be added add_rfid_id(rfid_id, user_id) - for old_rfid in get_rfid_ids_by_userid(user_id): + old_rfids = get_rfid_ids_by_userid(user_id).replace(" ","").split(";") + for old_rfid in old_rfids: if old_rfid not in new_rfids: query_db("DELETE FROM Rfid WHERE rfid_id = ?", (old_rfid, )) From 6bfbba20bebd30b3cbf3f0e91bfbdf033a5b5127 Mon Sep 17 00:00:00 2001 From: Ulrich Knechtelsdorfer Date: Mon, 6 Mar 2017 19:56:45 +0100 Subject: [PATCH 4/5] -fix: error message when paying --- app/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views.py b/app/views.py index 4417b4c..05882c5 100644 --- a/app/views.py +++ b/app/views.py @@ -305,7 +305,7 @@ def billing(): for user in users: debt[user.id-1] = get_debt(user.name) - return render_template('billing.html', users=users, success="Writing to database is not implemented", debt=debt, user=get_user_by_name(session.get('name'))) + return render_template('billing.html', users=users, success=u"Einzahlungen übernommen", debt=debt, user=get_user_by_name(session.get('name'))) if request.method == 'GET': debt = [0 for user in users] for user in users: From e75e66337e81cb15ef63ad5946da2a9ea75355de Mon Sep 17 00:00:00 2001 From: Ulrich Knechtelsdorfer Date: Mon, 6 Mar 2017 20:12:22 +0100 Subject: [PATCH 5/5] -fix: reverse order of consumptions --- app/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views.py b/app/views.py index 05882c5..20edb3e 100644 --- a/app/views.py +++ b/app/views.py @@ -283,7 +283,7 @@ def personal(): for deposit in deposits: deposited += deposit.amount - return render_template('personal.html', user=user, consumed=consumed, + return render_template('personal.html', user=user, consumed=reversed(consumed), products=get_products(), deposits=deposits, deposited=deposited, owed=owed) @app.route('/billing', methods=['POST', 'GET'])