Implement password change

db/sqlite.py

@@ -135,6 +135,24 @@ class DB:
             (username,)
         ).fetchone()
 
+    def get_user_password_by_id(self, user_id):
+        return self._db().execute('''
+            select password
+            from users
+            where user_id = ?
+            ''',
+            (user_id,)
+        ).fetchone()
+
+    def set_user_password(self, user_id, password):
+        return self.change_one('''
+            update users
+            set password = ?
+            where user_id = ?
+            ''',
+            (password, user_id)
+        )
+
     def get_user_public_info(self, user_id):
         return self._db().execute('''
             select name, about

main.py

@@ -134,6 +134,26 @@ def user_edit():
         about = about
     )
 
+@app.route('/user/edit/password/', methods = ['POST'])
+def user_edit_password():
+    user_id = session.get('user_id')
+    if user_id is None:
+        return redirect(url_for('login'))
+
+    new = request.form['new']
+    if len(new) < 8:
+        flash('New password must be at least 8 characters long', 'error')
+    else:
+        hash, = db.get_user_password_by_id(user_id)
+        if verify_password(request.form['old'], hash):
+            if db.set_user_password(user_id, hash_password(new)):
+                flash('Updated password', 'success')
+            else:
+                flash('Failed to update password', 'error')
+        else:
+            flash('Old password does not match', 'error')
+    return redirect(url_for('user_edit'))
+
 @app.route('/user/<int:user_id>/')
 def user_info(user_id):
     name, about = db.get_user_public_info(user_id)

templates/user_edit.html

@@ -7,7 +7,15 @@
 <tr><td>Username</td><td>{{ user.name }}</td></tr>
 <tr><td>ID</td><td>{{ user.id }}</td></tr>
 <tr><td>About</td><td><textarea name="about">{{ about }}</textarea></td></tr>
-</form>
 </table>
 <input type="submit" value="Update">
+</form>
+<br>
+<form method="post" action=edit/password/>
+<table>
+<tr><td>Old password</td><td><input type=password name=old></td></tr>
+<tr><td>New password</td><td><input type=password name=new></td></tr>
+</table>
+<input type="submit" value="Set password">
+</form>
 {% endblock %}