From 7c6b5176f451145c11b703a3a80921762d0c263f Mon Sep 17 00:00:00 2001
From: djangoliv <ogiorgis@logilab.fr>
Date: Tue, 2 Jun 2020 09:38:59 +0200
Subject: [PATCH] Allow admin to change any password

---
 nativeauthenticator/handlers.py               | 34 ++++++++++++++++++-
 nativeauthenticator/nativeauthenticator.py    |  7 ++--
 .../templates/change-password.html            |  2 +-
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/nativeauthenticator/handlers.py b/nativeauthenticator/handlers.py
index ecbf24a..a871773 100644
--- a/nativeauthenticator/handlers.py
+++ b/nativeauthenticator/handlers.py
@@ -133,8 +133,12 @@ class ChangePasswordHandler(LocalBase):
 
     @web.authenticated
     async def get(self):
+        user = await self.get_current_user()
         self._register_template_path()
-        html = self.render_template('change-password.html')
+        html = self.render_template(
+            'change-password.html',
+             user_name=user.name,
+        )
         self.finish(html)
 
     @web.authenticated
@@ -145,11 +149,39 @@ async def post(self):
 
         html = self.render_template(
             'change-password.html',
+            user_name=user.name,
             result_message='Your password has been changed successfully',
         )
         self.finish(html)
 
 
+class ChangePasswordAdminHandler(LocalBase):
+    """Render the reset password page."""
+
+    @admin_only
+    async def get(self, user_name):
+        if not self.authenticator.user_exists(user_name):
+            raise web.HTTPError(404)
+        self._register_template_path()
+        html = self.render_template(
+            'change-password.html',
+            user_name=user_name,
+        )
+        self.finish(html)
+
+    @admin_only
+    async def post(self, user_name):
+        new_password = self.get_body_argument('password', strip=False)
+        self.authenticator.change_password(user_name, new_password)
+
+        message_template = 'The password for {} has been changed successfully'
+        html = self.render_template(
+            'change-password.html',
+            user_name=user_name,
+            result_message=message_template.format(user_name),
+        )
+        self.finish(html)
+
 class LoginHandler(LoginHandler, LocalBase):
 
     def _render(self, login_error=None, username=None):
diff --git a/nativeauthenticator/nativeauthenticator.py b/nativeauthenticator/nativeauthenticator.py
index b744f9f..f1bd923 100644
--- a/nativeauthenticator/nativeauthenticator.py
+++ b/nativeauthenticator/nativeauthenticator.py
@@ -9,8 +9,10 @@
 from tornado import gen
 from traitlets import Bool, Integer, Unicode
 
-from .handlers import (AuthorizationHandler, ChangeAuthorizationHandler,
-                       ChangePasswordHandler, LoginHandler, SignUpHandler)
+from .handlers import (
+    AuthorizationHandler, ChangeAuthorizationHandler, ChangePasswordHandler,
+    ChangePasswordAdminHandler, LoginHandler, SignUpHandler,
+)
 from .orm import UserInfo
 
 
@@ -224,6 +226,7 @@ def get_handlers(self, app):
             (r'/authorize', AuthorizationHandler),
             (r'/authorize/([^/]*)', ChangeAuthorizationHandler),
             (r'/change-password', ChangePasswordHandler),
+            (r'/change-password/([^/]+)', ChangePasswordAdminHandler),
         ]
         return native_handlers
 
diff --git a/nativeauthenticator/templates/change-password.html b/nativeauthenticator/templates/change-password.html
index 2684e01..3c863c0 100644
--- a/nativeauthenticator/templates/change-password.html
+++ b/nativeauthenticator/templates/change-password.html
@@ -20,7 +20,7 @@
   <div class="container">
     <form action="{{post_url}}" method="post" role="form">
       <h2>
-      Change Password
+      Change Password For {{user_name}}
       </h2>
       <div>
         <div class="form-group">