Add option to change passwords

This commit is contained in:
Omar Roth 2019-04-22 10:18:17 -05:00
parent 30e567e8b6
commit 64aecba7a0
16 changed files with 168 additions and 0 deletions

View File

@ -13,6 +13,9 @@
"Next page": "الصفحة الثانية", "Next page": "الصفحة الثانية",
"Previous page": "الصفحة السابقة", "Previous page": "الصفحة السابقة",
"Clear watch history?": "مسح السجل ؟", "Clear watch history?": "مسح السجل ؟",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "نعم", "Yes": "نعم",
@ -82,6 +85,7 @@
"Data preferences": "إعدادات التفضيلات", "Data preferences": "إعدادات التفضيلات",
"Clear watch history": "حذف سجل المشاهدة", "Clear watch history": "حذف سجل المشاهدة",
"Import/export data": "إضافة\\إستخراج البيانات", "Import/export data": "إضافة\\إستخراج البيانات",
"Change password": "",
"Manage subscriptions": "إدارة المشتركين", "Manage subscriptions": "إدارة المشتركين",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "سجل المشاهدة", "Watch history": "سجل المشاهدة",

View File

@ -13,6 +13,9 @@
"Next page": "Nächste Seite", "Next page": "Nächste Seite",
"Previous page": "Vorherige Seite", "Previous page": "Vorherige Seite",
"Clear watch history?": "Verlauf löschen?", "Clear watch history?": "Verlauf löschen?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Ja", "Yes": "Ja",
@ -82,6 +85,7 @@
"Data preferences": "Dateneinstellungen", "Data preferences": "Dateneinstellungen",
"Clear watch history": "Verlauf löschen", "Clear watch history": "Verlauf löschen",
"Import/export data": "Daten im- exportieren", "Import/export data": "Daten im- exportieren",
"Change password": "",
"Manage subscriptions": "Abonnements verwalten", "Manage subscriptions": "Abonnements verwalten",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Verlauf", "Watch history": "Verlauf",

View File

@ -13,6 +13,9 @@
"Next page": "Next page", "Next page": "Next page",
"Previous page": "Previous page", "Previous page": "Previous page",
"Clear watch history?": "Clear watch history?", "Clear watch history?": "Clear watch history?",
"New password": "New password",
"New passwords must match": "New passwords must match",
"Cannot change password for Google accounts": "Cannot change password for Google accounts",
"Authorize token?": "Authorize token?", "Authorize token?": "Authorize token?",
"Authorize token for `x`?": "Authorize token for `x`?", "Authorize token for `x`?": "Authorize token for `x`?",
"Yes": "Yes", "Yes": "Yes",
@ -82,6 +85,7 @@
"Data preferences": "Data preferences", "Data preferences": "Data preferences",
"Clear watch history": "Clear watch history", "Clear watch history": "Clear watch history",
"Import/export data": "Import/export data", "Import/export data": "Import/export data",
"Change password": "Change password",
"Manage subscriptions": "Manage subscriptions", "Manage subscriptions": "Manage subscriptions",
"Manage tokens": "Manage tokens", "Manage tokens": "Manage tokens",
"Watch history": "Watch history", "Watch history": "Watch history",

View File

@ -13,6 +13,9 @@
"Next page": "Sekva paĝo", "Next page": "Sekva paĝo",
"Previous page": "Antaŭa paĝo", "Previous page": "Antaŭa paĝo",
"Clear watch history?": "Ĉu forigi vidohistorion?", "Clear watch history?": "Ĉu forigi vidohistorion?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Jes", "Yes": "Jes",
@ -82,6 +85,7 @@
"Data preferences": "Datumagordoj", "Data preferences": "Datumagordoj",
"Clear watch history": "Forigi vidohistorion", "Clear watch history": "Forigi vidohistorion",
"Import/export data": "Importi/Eksporti datumojn", "Import/export data": "Importi/Eksporti datumojn",
"Change password": "",
"Manage subscriptions": "Administri abonojn", "Manage subscriptions": "Administri abonojn",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Vidohistorio", "Watch history": "Vidohistorio",

View File

@ -13,6 +13,9 @@
"Next page": "Página siguiente", "Next page": "Página siguiente",
"Previous page": "Página anterior", "Previous page": "Página anterior",
"Clear watch history?": "¿Quiere borrar el historial de reproducción?", "Clear watch history?": "¿Quiere borrar el historial de reproducción?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Sí", "Yes": "Sí",
@ -82,6 +85,7 @@
"Data preferences": "Preferencias de los datos", "Data preferences": "Preferencias de los datos",
"Clear watch history": "Borrar el historial de reproducción", "Clear watch history": "Borrar el historial de reproducción",
"Import/export data": "Importar/Exportar datos", "Import/export data": "Importar/Exportar datos",
"Change password": "",
"Manage subscriptions": "Gestionar las suscripciones", "Manage subscriptions": "Gestionar las suscripciones",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Historial de reproducción", "Watch history": "Historial de reproducción",

View File

@ -13,6 +13,9 @@
"Next page": "Hurrengo orria", "Next page": "Hurrengo orria",
"Previous page": "Aurreko orria", "Previous page": "Aurreko orria",
"Clear watch history?": "Garbitu ikusitakoen historia?", "Clear watch history?": "Garbitu ikusitakoen historia?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Bai", "Yes": "Bai",
@ -82,6 +85,7 @@
"Data preferences": "", "Data preferences": "",
"Clear watch history": "", "Clear watch history": "",
"Import/export data": "", "Import/export data": "",
"Change password": "",
"Manage subscriptions": "", "Manage subscriptions": "",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "", "Watch history": "",

View File

@ -13,6 +13,9 @@
"Next page": "Page suivante", "Next page": "Page suivante",
"Previous page": "Page précédente", "Previous page": "Page précédente",
"Clear watch history?": "Êtes-vous sûr de vouloir supprimer l'historique des vidéos regardées ?", "Clear watch history?": "Êtes-vous sûr de vouloir supprimer l'historique des vidéos regardées ?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Oui", "Yes": "Oui",
@ -82,6 +85,7 @@
"Data preferences": "Préférences liées aux données", "Data preferences": "Préférences liées aux données",
"Clear watch history": "Supprimer l'historique des vidéos regardées", "Clear watch history": "Supprimer l'historique des vidéos regardées",
"Import/export data": "Importer/exporter les données", "Import/export data": "Importer/exporter les données",
"Change password": "",
"Manage subscriptions": "Gérer les abonnements", "Manage subscriptions": "Gérer les abonnements",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Historique de visionnage", "Watch history": "Historique de visionnage",

View File

@ -13,6 +13,9 @@
"Next page": "Pagina successiva", "Next page": "Pagina successiva",
"Previous page": "Pagina precedente", "Previous page": "Pagina precedente",
"Clear watch history?": "Sei sicuro di voler cancellare la cronologia dei video guardati?", "Clear watch history?": "Sei sicuro di voler cancellare la cronologia dei video guardati?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Si", "Yes": "Si",
@ -82,6 +85,7 @@
"Data preferences": "Preferenze dati", "Data preferences": "Preferenze dati",
"Clear watch history": "Cancella la cronologia dei video guardati", "Clear watch history": "Cancella la cronologia dei video guardati",
"Import/export data": "Importazione/esportazione dati", "Import/export data": "Importazione/esportazione dati",
"Change password": "",
"Manage subscriptions": "Gestisci le iscrizioni", "Manage subscriptions": "Gestisci le iscrizioni",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Cronologia dei video", "Watch history": "Cronologia dei video",

View File

@ -13,6 +13,9 @@
"Next page": "Neste side", "Next page": "Neste side",
"Previous page": "Forrige side", "Previous page": "Forrige side",
"Clear watch history?": "Tøm visningshistorikk?", "Clear watch history?": "Tøm visningshistorikk?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Ja", "Yes": "Ja",
@ -82,6 +85,7 @@
"Data preferences": "Datainnstillinger", "Data preferences": "Datainnstillinger",
"Clear watch history": "Tøm visningshistorikk", "Clear watch history": "Tøm visningshistorikk",
"Import/export data": "Importer/eksporter data", "Import/export data": "Importer/eksporter data",
"Change password": "",
"Manage subscriptions": "Behandle abonnementer", "Manage subscriptions": "Behandle abonnementer",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Visningshistorikk", "Watch history": "Visningshistorikk",

View File

@ -13,6 +13,9 @@
"Next page": "Volgende pagina", "Next page": "Volgende pagina",
"Previous page": "Vorige pagina", "Previous page": "Vorige pagina",
"Clear watch history?": "Kijk geschiedenis wissen?", "Clear watch history?": "Kijk geschiedenis wissen?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Ja", "Yes": "Ja",
@ -82,6 +85,7 @@
"Data preferences": "Gegevens voorkeuren", "Data preferences": "Gegevens voorkeuren",
"Clear watch history": "Kijkgeschiedenis wissen", "Clear watch history": "Kijkgeschiedenis wissen",
"Import/export data": "Importeer/Exporteer gegevens", "Import/export data": "Importeer/Exporteer gegevens",
"Change password": "",
"Manage subscriptions": "Abonnees beheren", "Manage subscriptions": "Abonnees beheren",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Kijkgeschiedenis", "Watch history": "Kijkgeschiedenis",

View File

@ -13,6 +13,9 @@
"Next page": "Następna strona", "Next page": "Następna strona",
"Previous page": "Poprzednia strona", "Previous page": "Poprzednia strona",
"Clear watch history?": "Wyczyścić historię?", "Clear watch history?": "Wyczyścić historię?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Tak", "Yes": "Tak",
@ -82,6 +85,7 @@
"Data preferences": "Preferencje danych", "Data preferences": "Preferencje danych",
"Clear watch history": "Wyczyść historię", "Clear watch history": "Wyczyść historię",
"Import/export data": "Import/Eksport danych", "Import/export data": "Import/Eksport danych",
"Change password": "",
"Manage subscriptions": "Organizuj subskrybcje", "Manage subscriptions": "Organizuj subskrybcje",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Historia", "Watch history": "Historia",

View File

@ -13,6 +13,9 @@
"Next page": "Следующая страница", "Next page": "Следующая страница",
"Previous page": "Предыдущая страница", "Previous page": "Предыдущая страница",
"Clear watch history?": "Очистить историю просмотров?", "Clear watch history?": "Очистить историю просмотров?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Да", "Yes": "Да",
@ -82,6 +85,7 @@
"Data preferences": "Настройки данных", "Data preferences": "Настройки данных",
"Clear watch history": "Очистить историю просмотра", "Clear watch history": "Очистить историю просмотра",
"Import/export data": "Импорт/Экспорт данных", "Import/export data": "Импорт/Экспорт данных",
"Change password": "",
"Manage subscriptions": "Управление подписками", "Manage subscriptions": "Управление подписками",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "История просмотров", "Watch history": "История просмотров",

View File

@ -13,6 +13,9 @@
"Next page": "Наступна сторінка", "Next page": "Наступна сторінка",
"Previous page": "Попередня сторінка", "Previous page": "Попередня сторінка",
"Clear watch history?": "Очистити історію переглядів?", "Clear watch history?": "Очистити історію переглядів?",
"New password": "",
"New passwords must match": "",
"Cannot change password for Google accounts": "",
"Authorize token?": "", "Authorize token?": "",
"Authorize token for `x`?": "", "Authorize token for `x`?": "",
"Yes": "Так", "Yes": "Так",
@ -82,6 +85,7 @@
"Data preferences": "Налаштування даних", "Data preferences": "Налаштування даних",
"Clear watch history": "Очистити історію переглядів", "Clear watch history": "Очистити історію переглядів",
"Import/export data": "Імпорт і експорт даних", "Import/export data": "Імпорт і експорт даних",
"Change password": "",
"Manage subscriptions": "Керування підписками", "Manage subscriptions": "Керування підписками",
"Manage tokens": "", "Manage tokens": "",
"Watch history": "Історія переглядів", "Watch history": "Історія переглядів",

View File

@ -1875,6 +1875,86 @@ post "/data_control" do |env|
env.redirect referer env.redirect referer
end end
get "/change_password" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]?
user = env.get? "user"
sid = env.get? "sid"
referer = get_referer(env)
if user
user = user.as(User)
sid = sid.as(String)
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY, PG_DB)
templated "change_password"
else
env.redirect referer
end
end
post "/change_password" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]?
user = env.get? "user"
sid = env.get? "sid"
referer = get_referer(env)
if user
user = user.as(User)
sid = sid.as(String)
token = env.params.body["csrf_token"]?
# We don't store passwords for Google accounts
if !user.password
error_message = "Cannot change password for Google accounts"
next templated "error"
end
begin
validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale)
rescue ex
error_message = ex.message
env.response.status_code = 400
next templated "error"
end
password = env.params.body["password"]?
if !password
error_message = translate(locale, "Password is a required field")
next templated "error"
end
new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v }
if new_passwords.size <= 1 || new_passwords.uniq.size != 1
error_message = translate(locale, "New passwords must match")
next templated "error"
end
new_password = new_passwords.uniq[0]
if new_password.empty?
error_message = translate(locale, "Password cannot be empty")
next templated "error"
end
if new_password.size > 55
error_message = translate(locale, "Password cannot be longer than 55 characters")
next templated "error"
end
if Crypto::Bcrypt::Password.new(user.password.not_nil!) != password
error_message = translate(locale, "Incorrect password")
next templated "error"
end
new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10)
PG_DB.exec("UPDATE users SET password = $1 WHERE email = $2", new_password.to_s, user.email)
end
env.redirect referer
end
get "/delete_account" do |env| get "/delete_account" do |env|
locale = LOCALES[env.get("preferences").as(Preferences).locale]? locale = LOCALES[env.get("preferences").as(Preferences).locale]?

View File

@ -0,0 +1,32 @@
<% content_for "header" do %>
<title><%= translate(locale, "Change password") %> - Invidious</title>
<% end %>
<div class="pure-g">
<div class="pure-u-1 pure-u-lg-1-5"></div>
<div class="pure-u-1 pure-u-lg-3-5">
<div class="h-box">
<form class="pure-form pure-form-aligned" action="/change_password?referer=<%= URI.escape(referer) %>" method="post">
<legend><%= translate(locale, "Change password") %></legend>
<fieldset>
<label for="password"><%= translate(locale, "Password") %> :</label>
<input required class="pure-input-1" name="password" type="password" placeholder="<%= translate(locale, "Password") %>">
<label for="new_password[0]"><%= translate(locale, "New password") %> :</label>
<input required class="pure-input-1" name="new_password[0]" type="password" placeholder="<%= translate(locale, "New password") %>">
<label for="new_password[1]"><%= translate(locale, "New password") %> :</label>
<input required class="pure-input-1" name="new_password[1]" type="password" placeholder="<%= translate(locale, "New password") %>">
<button type="submit" name="action" value="change_password" class="pure-button pure-button-primary">
<%= translate(locale, "Change password") %>
</button>
<input type="hidden" name="csrf_token" value="<%= URI.escape(csrf_token) %>">
</fieldset>
</form>
</div>
</div>
<div class="pure-u-1 pure-u-lg-1-5"></div>
</div>

View File

@ -213,6 +213,10 @@ function update_value(element) {
<a href="/clear_watch_history?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Clear watch history") %></a> <a href="/clear_watch_history?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Clear watch history") %></a>
</div> </div>
<div class="pure-control-group">
<a href="/change_password?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Change password") %></a>
</div>
<div class="pure-control-group"> <div class="pure-control-group">
<a href="/data_control?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Import/export data") %></a> <a href="/data_control?referer=<%= URI.escape(referer) %>"><%= translate(locale, "Import/export data") %></a>
</div> </div>