diff --git a/app/models.py b/app/models.py
index 1cd1733..974518e 100644
--- a/app/models.py
+++ b/app/models.py
@@ -328,6 +328,36 @@ class User(db.Model):
db.session.commit()
return {'status': True, 'msg': 'Created user successfully'}
+ def update_local_user(self):
+ """
+ Update local user
+ """
+ # Sanity check - account name
+ if self.username == "":
+ return {'status': False, 'msg': 'No user name specified'}
+
+ # read user and check that it exists
+ user = User.query.filter(User.username == self.username).first()
+ if not user:
+ return {'status': False, 'msg': 'User does not exist'}
+
+ # check if new email exists (only if changed)
+ if user.email != self.email:
+ checkuser = User.query.filter(User.email == self.email).first()
+ if checkuser:
+ return {'status': False, 'msg': 'New email address is already in use'}
+
+ user.firstname = self.firstname
+ user.lastname = self.lastname
+ user.email = self.email
+
+ # store new password hash (only if changed)
+ if self.plain_text_password != "":
+ user.password = self.get_hashed_password(self.plain_text_password).decode("utf-8")
+
+ db.session.commit()
+ return {'status': True, 'msg': 'User updated successfully'}
+
def update_profile(self, enable_otp=None):
"""
Update user profile
diff --git a/app/templates/admin_createuser.html b/app/templates/admin_edituser.html
similarity index 53%
rename from app/templates/admin_createuser.html
rename to app/templates/admin_edituser.html
index fe7d4ea..3fdcb39 100644
--- a/app/templates/admin_createuser.html
+++ b/app/templates/admin_edituser.html
@@ -1,17 +1,17 @@
{% extends "base.html" %}
-{% block title %}
-
+
Add User
@@ -36,7 +36,7 @@
Email
Admin
Privileges
-
Deletion
+
Action
@@ -54,7 +54,10 @@
Revoke
-
+
+
+ Edit
+
Delete
diff --git a/app/views.py b/app/views.py
index d294d3d..3cf5760 100644
--- a/app/views.py
+++ b/app/views.py
@@ -1156,26 +1156,44 @@ def admin():
return render_template('admin.html', domains=domains, users=users, configs=configs, statistics=statistics, uptime=uptime, history_number=history_number)
-@app.route('/admin/user/create', methods=['GET', 'POST'])
+@app.route('/admin/user/edit/', methods=['GET', 'POST'])
+@app.route('/admin/user/edit', methods=['GET', 'POST'])
@login_required
@admin_role_required
-def admin_createuser():
+def admin_edituser(user_username=None):
if request.method == 'GET':
- return render_template('admin_createuser.html')
+ if not user_username:
+ return render_template('admin_edituser.html', create=1)
- if request.method == 'POST':
+ else:
+ user = User.query.filter(User.username == user_username).first()
+ return render_template('admin_edituser.html', user=user, create=0)
+
+ elif request.method == 'POST':
fdata = request.form
- user = User(username=fdata['username'], plain_text_password=fdata['password'], firstname=fdata['firstname'], lastname=fdata['lastname'], email=fdata['email'])
+ if not user_username:
+ user_username = fdata['username']
- if fdata['password'] == "":
- return render_template('admin_createuser.html', user=user, blank_password=True)
+ user = User(username=user_username, plain_text_password=fdata['password'], firstname=fdata['firstname'], lastname=fdata['lastname'], email=fdata['email'], reload_info=False)
+
+ create = int(fdata['create'])
+ if create:
+ if fdata['password'] == "":
+ return render_template('admin_edituser.html', user=user, create=create, blank_password=True)
+
+ result = user.create_local_user()
+ history = History(msg='Created user {0}'.format(user.username), created_by=current_user.username)
+
+ else:
+ result = user.update_local_user()
+ history = History(msg='Updated user {0}'.format(user.username), created_by=current_user.username)
- result = user.create_local_user();
if result['status']:
+ history.add()
return redirect(url_for('admin_manageuser'))
- return render_template('admin_createuser.html', user=user, error=result['msg'])
+ return render_template('admin_edituser.html', user=user, create=create, error=result['msg'])
@app.route('/admin/manageuser', methods=['GET', 'POST'])
@@ -1195,6 +1213,16 @@ def admin_manageuser():
jdata = request.json
data = jdata['data']
+ if jdata['action'] == 'user_otp_disable':
+ user = User(username=data)
+ result = user.update_profile(enable_otp=False)
+ if result:
+ history = History(msg='Two factor authentication disabled for user {0}'.format(data), created_by=current_user.username)
+ history.add()
+ return make_response(jsonify( { 'status': 'ok', 'msg': 'Two factor authentication has been disabled for user.' } ), 200)
+ else:
+ return make_response(jsonify( { 'status': 'error', 'msg': 'Cannot disable two factor authentication for user.' } ), 500)
+
if jdata['action'] == 'delete_user':
user = User(username=data)
if user.username == current_user.username: