feat: change_password feature added

Author: codeperfectplus

CHANGELOG.md

@@ -12,6 +12,7 @@ All significant changes to this project will be documented here. The format foll
 - Flash messages are now displayed on the dashboard.
 - Flash messages are configurable in the admin dashboard.
 - Audit Logs are now displayed on the dashboard and can be exported to CSV.
+- Password now can be changed from the dashboard.
 
 
 ## Version 2.0.0

src/blueprints/admin.py

@@ -142,6 +142,11 @@ def dashboard():
     system_settings = Settings.query.first()
     audit_logs = AuditLog.query.filter_by(user_id=current_user.id).order_by(AuditLog.timestamp.desc()).all()
     if current_user.user_level == 'admin':
+        
+        if not current_user.password_changed:
+            flash('You need to change your password first to continue.', 'warning')
+            return render_template('change_password.html', settings=system_settings)
+
         total_users = User.query.count()  # Count total users
         active_sessions = len(session)  # This is a basic approach. You may want to track sessions differently.
 
@@ -164,7 +169,8 @@ def dashboard():
                             cpu_core=cpu_core,
                             cpu_util=cpu_utilization,
                             audit_logs=audit_logs,
-                            settings=system_settings)
+                            settings=system_settings,
+                            current_user=current_user)
     elif current_user.user_level == 'customer':
         return render_template('customer_dashboard.html', audit_logs=audit_logs)
 

src/blueprints/auth.py

@@ -1,7 +1,7 @@
-
+from datetime import datetime
 from flask import render_template, request, redirect, url_for,  Blueprint, flash
 
-from flask_login import login_user, logout_user
+from flask_login import login_user, logout_user, current_user, login_required
 
 from src.config import app, db, bcrypt, login_manager
 from src.models import User, log_action, Settings
@@ -19,9 +19,11 @@ def register():
         # Check if this is the first user
         if User.query.count() == 0:
             user_level = 'admin'  # Make the first user an admin
+            password_changed = False
         else:
             user_level = 'customer'  # Default to 'customer' for all other users
-        user = User(fname=fname, lname=lname, username=username, email=email, password=password, user_level=user_level)
+            password_changed = True
+        user = User(fname=fname, lname=lname, username=username, email=email, password=password, user_level=user_level, password_changed=password_changed)
         db.session.add(user)
         db.session.commit()
         return redirect(url_for('auth.login'))
@@ -37,12 +39,46 @@ def login():
         if user and bcrypt.check_password_hash(user.password, password):
             login_user(user)
             log_action(user.id, user.username, 'Login', f'User {user.username} logged in.')
+
+            # Check if the admin needs to change their password
+            if user.user_level == 'admin' and not user.password_changed:
+                flash('You need to change your password first to continue.', 'warning')
+                return redirect(url_for('auth.change_password'))
+            
             flash(f'Login successful as {user.username}', 'success')
             return redirect(url_for('admin.dashboard'))
         else:
             flash('Login failed. Please check your credentials.', 'danger')
     return render_template('login.html', settings=system_settings)
 
+@auth_bp.route("/change-password", methods=['GET', 'POST'])
+@login_required
+def change_password():
+    system_settings = Settings.query.first()
+    if request.method == 'POST':
+        current_password = request.form.get('current_password')
+        new_password = request.form.get('new_password')
+        user = User.query.get(current_user.id)
+
+        if user and bcrypt.check_password_hash(user.password, current_password):
+            user.password = bcrypt.generate_password_hash(new_password).decode('utf-8')
+            user.password_changed = True  # Set the flag to True
+            user.last_password_change=datetime.utcnow()
+            db.session.commit()
+            flash('Password updated successfully!', 'success')
+
+            return redirect(url_for('auth.change_password'))
+        else:
+            flash('Current password is incorrect.', 'danger')
+
+    # if current user password_changed false, flash a message
+    if not current_user.password_changed:
+        flash('You need to change your password first to continue.', 'warning')
+        return render_template('change_password.html', settings=system_settings)
+
+    return render_template('change_password.html', settings=system_settings)
+        
+
 @auth_bp.route("/logout")
 def logout():
     logout_user()

src/blueprints/decorators.py

@@ -0,0 +1,14 @@
+from flask import flash, render_template
+from flask_login import current_user
+from src.config import db
+from src.models import Settings
+
+def require_password_change(func):
+    def wrapper(*args, **kwargs):
+        # Check if the user is authenticated and if a password change is required
+        if current_user.is_authenticated and not current_user.password_changed:
+            flash('You need to change your password first to continue.', 'warning')
+            system_settings = Settings.query.first()  # Ensure to load system settings if needed
+            return render_template('change_password.html', settings=system_settings)
+        return func(*args, **kwargs)
+    return wrapper

src/blueprints/gold_calculator.py

@@ -2,12 +2,13 @@
 import logging 
 
 from flask import render_template, request, session, redirect, url_for, flash, Blueprint
-from flask_login import current_user
+from flask_login import current_user, login_required, login_remembered
 from src.calculators import GoldCalculator
 
 from src.config import db
 from src.models import Settings, GoldTransaction, JewellerDetails, log_action
 from src.blueprints.helper import get_currency_symbol
+from src.blueprints.decorators import require_password_change
 
 gold_calculator_bp = Blueprint('gold_calculator', __name__)
 
@@ -16,6 +17,7 @@
 def gold_calculator():
     system_settings = Settings.query.first()
     jeweller_details = JewellerDetails.query.first()
+
     if not system_settings.is_gold_calculator_enabled:
         return redirect(url_for('additional.permission_denied'))
     if request.method == 'POST':

src/config.py

@@ -28,3 +28,10 @@ def page_not_found(e):
 @app.errorhandler(500)
 def internal_server_error(e):
     return render_template('500.html'), 500
+
+# Custom filter to format dates
+@app.template_filter('format_datetime')
+def format_datetime(value, format='%Y-%m-%d %H:%M:%S'):
+    if value is not None:
+        return value.strftime(format)
+    return ''

src/models.py

@@ -33,7 +33,9 @@ class User(db.Model, UserMixin):
     username = db.Column(db.String(20), unique=True, nullable=False)
     email = db.Column(db.String(120), unique=True, nullable=False)
     password = db.Column(db.String(60), nullable=False)
+    last_password_change = db.Column(db.DateTime, default=datetime.utcnow)
     user_level = db.Column(db.String(10), nullable=False, default='customer')
+    password_changed = db.Column(db.Boolean, default=False)
 
     def __repr__(self):
         return f"User('{self.username}', '{self.email}', '{self.user_level}')"
@@ -126,7 +128,8 @@ def __init__(self, jeweller_name, jeweller_address, jeweller_contact, jeweller_e
             username='admin',
             email='[email protected]',
             password=generate_password_hash('admin'),
-            user_level='admin'
+            user_level='admin',
+            last_password_change=datetime.utcnow()
         )
         db.session.add(admin_user)
         db.session.commit()

src/static/css/admin_dashboard.css

@@ -31,6 +31,16 @@
     margin-bottom: 30px;
 }
 
+.card p:last-of-type {
+    font-size: 0.9em; /* Reduced font size */
+    color: #666; /* Light grey color for less emphasis */
+}
+
+.card h3 {
+    font-size: 1.3em; /* Adjusted heading size if necessary */
+    margin-bottom: 8px;
+}
+
 .card {
     background-color: #ffffff;
     padding: 20px;
@@ -128,3 +138,5 @@
 .disabled-link:focus {
     outline: none;
 }
+
+

src/static/css/change_password.css

@@ -41,6 +41,12 @@ <h3>CPU Core</h3>
             <h3>CPU Utilization</h3>
             <p>{{ cpu_util }}</p>
         </div>
+        <!-- last password change -->
+        <div class="card">
+            <i class="fas fa-key card-icon"></i>
+            <h3>Last Password Change</h3>
+            <p>{{ current_user.last_password_change | format_datetime('%Y-%m-%d %H:%M:%S') }}</p>
+        </div>
     </div>
 
     <div class="admin-tools">
@@ -51,6 +57,7 @@ <h3><i class="fas fa-tools"></i> Admin Tools</h3>
             <a href="{{ url_for('admin.settings') }}" class="btn btn-large"><i class="fas fa-cog"></i> System Settings</a>
             <a href="{{ url_for('admin.audit_log') }}" class="btn btn-large"><i class="fas fa-clipboard-list"></i> Audit Logs</a>
             <a href="{{ url_for('admin.update_jeweller_details') }}" class="btn btn-large"><i class="fas fa-cog"></i>Jewellers Config Settings</a>
+            <a href="{{ url_for('auth.change_password') }}" class="btn btn-large"><i class="fas fa-key"></i> Change Password</a>
         </div>
     </div>
     <div class="admin-dashboard">