From cab1c5cb0afacc37999ec37b754f45a9bbc3dd93 Mon Sep 17 00:00:00 2001
From: Christian Dresen <c.dresen@fh-muenster.de>
Date: Thu, 6 Apr 2017 00:57:06 +0200
Subject: [PATCH] [WarpAuth] Smaller Fixes

---
 .../warpauth/templates/warpauth/profile/warp_pay.html |  6 +++---
 www/web/warpauth/views/profile.py                     | 11 +++++++----
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/www/web/warpauth/templates/warpauth/profile/warp_pay.html b/www/web/warpauth/templates/warpauth/profile/warp_pay.html
index 890f322..c74cb2a 100644
--- a/www/web/warpauth/templates/warpauth/profile/warp_pay.html
+++ b/www/web/warpauth/templates/warpauth/profile/warp_pay.html
@@ -9,14 +9,14 @@
         <div class="alert alert-success">{% trans "settings_changed_successful" %}</div><br>
     {% endif %}
     
-    <form class="form-horizontal" method="POST" action="/account/profile/warp_pay/" role="form">
+    <form class="form-horizontal" method="POST" action="/account/profile/warp_pay_settings/" role="form">
         {% csrf_token %}
-        <div class="form-group">
+        <!--<div class="form-group">
             <label class="control-label col-sm-2 col-lg-2 " for="id_curr_pw">{% trans "current_password" %}</label>
             <div class=" col-sm-10 col-lg-10 ">
                 <input class=" form-control" id="id_curr_pw" name="curr_pw" type="password" />
             </div>
-        </div>
+        </div>-->
         <div class="form-group">
             <label class="control-label col-sm-2 col-lg-2 " for="id_new_pin">{% trans "new_pin_code" %}</label>
             <div class=" col-sm-10 col-lg-10 ">
diff --git a/www/web/warpauth/views/profile.py b/www/web/warpauth/views/profile.py
index d2b3d3e..93a6569 100644
--- a/www/web/warpauth/views/profile.py
+++ b/www/web/warpauth/views/profile.py
@@ -98,14 +98,17 @@ def warp_pay_settings(request):
     if request.method == 'POST':
         user = LdapUser.objects.get(uid=str(request.user))
         if request.POST["new_pin"] != "":
-            if request.POST["new_pin"].isnummeric() and request.POST["new_pin"] == request.POST["new_pin_confirm"]:
-                pin = int(request.POST["new_pin"])
-                user.pinCode = bcrypt.hashpw(pin, bcrypt.gensalt())
+           # if not "curr_pw" in request.POST or not request.user.check_password(request.POST["curr_pw"]):
+           #     page_context["error_warp_pay_settings"] = "wrong_password"
+            if request.POST["new_pin"].isnumeric() and request.POST["new_pin"] == request.POST["new_pin_confirm"]:
+                pin = request.POST["new_pin"].encode('utf-8')
+                user.pinCode = bcrypt.hashpw(pin, bcrypt.gensalt(10,prefix=b"2a")).decode('utf-8')
                 user.save()
                 page_context["success_warp_pay_settings"] = True
             else:
-                page_context["error_warp_pay_settings"] = "YO"
+                page_context["error_warp_pay_settings"] = "pin_repeat_wrong"
 
+    set_user_object(request)
     return HttpResponse(render(request, 'warpauth/profile.html', page_context))
 
 
-- 
GitLab