Fixed and finish profile update

2024-01-26 10:40:12 +01:00 · 2024-01-26 10:40:12 +01:00 · bcab78126a
commit bcab78126a
parent 1cdffa2453
3 changed files with 30 additions and 20 deletions
--- a/app.py
+++ b/app.py
@ -271,14 +271,18 @@ def profile_change():

    # Check for errors
    errors = {}
-    if not newName and not newEmail and not newPassword:
-        errors['newName'] = 'Mindestens eine Änderung muss erfolgen.'
-        errors['newEmail'] = 'Mindestens eine Änderung muss erfolgen.'
-        errors['newPassword'] = 'Mindestens eine Änderung muss erfolgen.'
+    if not newName:
+        errors['newName'] = 'Der Name ist erforderlich.'
+
+    if not newEmail:
+        errors['newEmail'] = 'Die E-Mail Adresse ist erforderlich.'
+
    if not oldPassword:
        errors['oldPassword'] = 'Du musst dein aktuelles Passwort angeben.'
+    else:
+        if hashlib.sha256(oldPassword.encode()).hexdigest() != current_user.password:
+            errors['oldPassword'] = 'Das Passwort ist falsch.'

-    print(errors)
    if errors:
        return render_template(
            "profile.html",
@ -287,11 +291,20 @@ def profile_change():
            errors=errors
        )

-    # Save habit to database
-    # habit = Habit.create(current_user.id, name, times, note, unit)
+    # Update user
+    current_user.name = newName
+    current_user.email = newEmail
+    if newPassword:
+        current_user.password = hashlib.sha256(newPassword.encode()).hexdigest()
+    current_user.update()

-    # Back to index
-    return redirect(url_for('index'))
+    # Back to profile
+    return render_template(
+        "profile.html",
+        name=current_user.name,
+        email=current_user.email,
+        errors={}
+    )


@app.route('/check', methods=['POST'])
--- a/db/SQLiteClient.py
+++ b/db/SQLiteClient.py
@ -42,12 +42,15 @@ def get_user_by_email(email: str):
    return user


-def update_user(id: int, name: str, email: str, password: str):
-    query = f"UPDATE users SET name = {name}, email = {email}, password = {password} WHERE id = {id};"
+def update_user(id: int, name: str, email: str, password: str = None):
+    if password:
+        query = f"UPDATE users SET name = '{name}', email = '{email}', password = '{password}' WHERE id = {id};"
+    else:
+        query = f"UPDATE users SET name = '{name}', email = '{email}' WHERE id = {id};"
    conn = con3()
    cursor = conn.cursor()
    cursor.execute(query)
-    user = cursor.fetchone()
+    conn.commit()
    conn.close()
    return cursor.lastrowid

--- a/models/User.py
+++ b/models/User.py
@ -25,14 +25,8 @@ class User(UserMixin):
        user = get_user_by_email(email)
        return User(user[0], user[1], user[2], user[3]) if user else None

-    def update(self, name: str = None, email: str = None, password: str = None):
-        update_user(self.id, name, email, password)
-        if name is not None:
-            self.name = name
-        if email is not None:
-            self.email = email
-        if password is not None:
-            self.password = password
+    def update(self):
+        update_user(self.id, self.name, self.email)

    def delete(self):
        delete_user(self.id)