Development

docker/routlin-dash/app/pages/preferences/action.py

@@ -1,6 +1,6 @@
 from pathlib import Path
 from flask import Blueprint, request, session, redirect, flash
-import json, bcrypt
+import bcrypt
 import auth
 import config_utils
 import sanitize
@@ -10,17 +10,14 @@ _PAGE = Path(__file__).parent.name
 bp = Blueprint(_PAGE, __name__)
 
 
-
-def _load_accounts():
+def _tz_to_offset_seconds(tz_str):
     try:
-        with open(config_utils.ACCOUNTS_FILE) as f:
-            return json.load(f)
+        from zoneinfo import ZoneInfo
+        from datetime import datetime
+        return int(datetime.now(ZoneInfo(tz_str)).utcoffset().total_seconds())
     except Exception:
-        return {'accounts': []}
-
-def _save_accounts(data):
-    with open(config_utils.ACCOUNTS_FILE, 'w') as f:
-        json.dump(data, f, indent=2)
+        import settings as _s
+        return _s.get_host_utc_offset()
 
 
 @bp.route('/action/preferences/accountdetails_save', methods=['POST'])
@@ -32,19 +29,8 @@ def accountdetails_save():
         flash('Timezone is required.', 'error')
         return redirect(f'/{_PAGE}')
 
-    email    = session.get('email_address', '').lower()
-    data     = _load_accounts()
-    accounts = data.get('accounts', [])
-    account  = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
-
-    if account is None:
-        flash('Account not found. Please log in again.', 'error')
-        return redirect('/accountlogin')
-
-    account['timezone'] = tz
-    _save_accounts(data)
-
-    session['timezone'] = tz
+    tz_offset = _tz_to_offset_seconds(tz)
+    session['tz_offset_seconds'] = tz_offset
 
     flash('Preferences saved.', 'success')
     return redirect(f'/{_PAGE}')
@@ -69,26 +55,28 @@ def changepassword_save():
         flash('New password must be at least 8 characters.', 'error')
         return redirect(f'/{_PAGE}')
 
-    email    = session.get('email_address', '').lower()
-    data     = _load_accounts()
-    accounts = data.get('accounts', [])
-    account  = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
-
+    account = config_utils.get_account_by_id(session.get('account_id', ''))
     if account is None:
         flash('Account not found. Please log in again.', 'error')
         return redirect('/accountlogin')
 
-    stored_hash = account.get('hashed_password', '').encode('utf-8')
-    if not bcrypt.checkpw(current_password.encode('utf-8'), stored_hash):
+    if not bcrypt.checkpw(current_password.encode('utf-8'), account['hashed_password'].encode('utf-8')):
         flash('Current password is incorrect.', 'error')
         return redirect(f'/{_PAGE}')
 
-    salt   = bcrypt.gensalt()
-    hashed = bcrypt.hashpw(new_password.encode('utf-8'), salt)
+    hashed = bcrypt.hashpw(new_password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
 
-    account['hashed_password'] = hashed.decode('utf-8')
-    account['salt']            = salt.decode('utf-8')
-    _save_accounts(data)
+    try:
+        con = config_utils.open_accounts_db()
+        con.execute(
+            'UPDATE accounts SET hashed_password=? WHERE account_id=?',
+            (hashed, account['account_id'])
+        )
+        con.commit()
+        con.close()
+    except Exception as exc:
+        flash(f'Could not update password: {exc}', 'error')
+        return redirect(f'/{_PAGE}')
 
     flash('Password changed successfully.', 'success')
     return redirect(f'/{_PAGE}')