From ec1e6cf26eea26261603a67067a886c6d059d3a2 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Sun, 4 Jul 2021 13:17:04 +0200 Subject: [PATCH] project edit form: allow empty private code (= no change) Currently, the private code is mandatory in the edit form, and it's not clear whether it's meant to **check** for the right private code or to **change** the private code. Make the field optional and rename the help message to make it clearer it's only meant to **change** the private code. Also change the field type to "password" instead of simple string. --- ihatemoney/forms.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ihatemoney/forms.py b/ihatemoney/forms.py index 1f91c851..519a4d4f 100644 --- a/ihatemoney/forms.py +++ b/ihatemoney/forms.py @@ -103,7 +103,8 @@ class CalculatorStringField(StringField): class EditProjectForm(FlaskForm): name = StringField(_("Project name"), validators=[DataRequired()]) - password = StringField(_("Private code"), validators=[DataRequired()]) + # If empty -> don't change the password + password = PasswordField(_("New private code")) contact_email = StringField(_("Email"), validators=[DataRequired(), Email()]) project_history = BooleanField(_("Enable project history")) ip_recording = BooleanField(_("Use IP tracking for project history")) @@ -154,8 +155,13 @@ class EditProjectForm(FlaskForm): """Update the project with the information from the form""" project.name = self.name.data - # Only update password if changed to prevent spurious log entries - if not check_password_hash(project.password, self.password.data): + if ( + # Only update password if a new one is provided + self.password.data + # Only update password if different from the previous one, + # to prevent spurious log entries + and not check_password_hash(project.password, self.password.data) + ): project.password = generate_password_hash(self.password.data) project.contact_email = self.contact_email.data