more user handling features of flask-security activated

Now users can recover their passwords and change them while
logged in.

app/main.py

@@ -8,6 +8,7 @@ from flask.ext.security import Security, SQLAlchemyUserDatastore, \
     UserMixin, RoleMixin, login_required, roles_required, utils
 from flask.ext.security import user_registered
 from flask.ext.mail import Mail, Message
+from flask_security.core import current_user
 from flask_wtf import Form
 from wtforms import DateField, IntegerField, DecimalField
 from wtforms.validators import DataRequired, ValidationError
@@ -20,6 +21,8 @@ db = SQLAlchemy(app)
 
 app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512'
 app.config['SECURITY_REGISTERABLE'] = True
+app.config['SECURITY_CHANGEABLE'] = True
+app.config['SECURITY_RECOVERABLE'] = True
 app.config.from_envvar('config')
 app.config.from_object(__name__)
 
@@ -77,7 +80,6 @@ user_datastore = SQLAlchemyUserDatastore(db, User, Role)
 security = Security(app, user_datastore)
 
 
-
 @user_registered.connect_via(app)
 def user_registered_sighandler(app, user, confirm_token):
     """
@@ -171,9 +173,17 @@ def get_manual():
 @app.route('/admin', methods=['GET'])
 @roles_required('admin')
 def get_admin_page():
+    g.data['users'] = User.query.all()
     return render_template('admin.html', data=g.data)
 
 
+@app.route('/account', methods=['GET'])
+@login_required
+def get_account_page():
+    print(current_user)
+    return render_template('account.html', data=g.data)
+
+
 @app.route('/statistics', methods=['GET'])
 @login_required
 def get_statistics():

app/templates/account.html

@@ -0,0 +1,7 @@
+{% extends "layout.html" %}
+
+{% block body %}
+	<h1>Account management for {{current_user.email}}</h1>
+
+	<a href='{{ url_for('security.change_password') }}'>Change password</a>
+{% endblock %}

app/templates/admin.html

@@ -1,5 +1,12 @@
 {% extends "layout.html" %}
 
 {% block body %}
-			Admin
+	<h1>Admin</h1>
+    We have {{ data.users|length }} users so far:
+    <ul>
+        {% for user in data.users %}
+            <li>{{user.email}}</li>
+        {% endfor %}
+    </ul>
+    <a href='{{ url_for('security.login', _external=True) }}'>Login</a>
 {% endblock %}

app/templates/layout.html

@@ -2,6 +2,7 @@
 	{% if current_user.email %}
 		<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
 		<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
+		<li><a href='{{ url_for('get_account_page') }}'>Account</a></li>
 		{% if current_user.has_role('admin') %}
 			<li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li>
 		{% endif %}

app/templates/security/change_password.html

@@ -0,0 +1,13 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Change password</h1>
+<form class='form-horizontal' action="{{ url_for_security('change_password') }}" method="POST" name="change_password_form">
+  {{ change_password_form.hidden_tag() }}
+  {{ render_field_with_errors(change_password_form.password) }}
+  {{ render_field_with_errors(change_password_form.new_password) }}
+  {{ render_field_with_errors(change_password_form.new_password_confirm) }}
+  {{ render_field(change_password_form.submit) }}
+</form>
+{% endblock %}

app/templates/security/forgot_password.html

@@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Send password reset instructions</h1>
+<form class='form-horizontal' action="{{ url_for_security('forgot_password') }}" method="POST" name="forgot_password_form">
+    {{ forgot_password_form.hidden_tag() }}
+    {{ render_field_with_errors(forgot_password_form.email) }}
+    {{ render_field(forgot_password_form.submit) }}
+</form>
+{% endblock %}

app/templates/security/login_user.html

@@ -2,6 +2,7 @@
 {% from "security/_macros.html" import render_field_with_errors, render_field %}
 
 {% block body %}
+<h1>Login</h1>
 <form class='form-horizontal' action="{{ url_for_security('login') }}" method="POST" name="login_user_form">
     {{ login_user_form.hidden_tag() }}
     {{ render_field_with_errors(login_user_form.email) }}
@@ -9,5 +10,8 @@
     {{ render_field_with_errors(login_user_form.remember) }}
     {{ render_field(login_user_form.next) }}
     {{ render_field(login_user_form.submit) }}
+    {% if security.recoverable %}
+        <a href="{{ url_for_security('forgot_password') }}">Forgot password</a>
+    {% endif %}
 </form>
 {% endblock %}

app/templates/security/register_user.html

@@ -2,6 +2,7 @@
 {% from "security/_macros.html" import render_field_with_errors, render_field %}
 
 {% block body %}
+<h1>Register User</h1>
 <form class='form-horizontal' action="{{ url_for_security('register') }}" method="POST" name="register_user_form">
     {{ register_user_form.hidden_tag() }}
     {{ render_field_with_errors(register_user_form.email) }}

app/templates/security/reset_password.html

@@ -0,0 +1,12 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Reset password</h1>
+<form class='form-horizontal' action="{{ url_for_security('reset_password', token=reset_password_token) }}" method="POST" name="reset_password_form">
+    {{ reset_password_form.hidden_tag() }}
+    {{ render_field_with_errors(reset_password_form.password) }}
+    {{ render_field_with_errors(reset_password_form.password_confirm) }}
+    {{ render_field(reset_password_form.submit) }}
+</form>
+{% endblock %}