def post_register(): template = "user_mgmt/register.html" username = request.form.get("username") or "" password1 = request.form.get("password1") password2 = request.form.get("password2") email = request.form.get("email") or "" if not (pres(username) and pres(password1) and pres(password2) and pres(email)): return render_template(template, error="All fields are required.", username=username, email=email) if not (password1 == password2): return render_template(template, error="Passwords don't match.", username=username, email=email) if models.User.get_by_username(username=username) is not None: return render_template(template, error="That username is taken.", username=username, email=email) if models.User.get_by_email(email) is not None: return render_template(template, error="That email address is already registered.", username=username, email=email) user = models.User.add(username=username, email=email, password=password1) session.permanent = True session["login_token"] = user.generate_auth_token() next_url = request.args.get("next", url_for("review.get_videos")) return redirect(next_url)
def post_change_password(): current_password = request.form.get("current_password") new_password1 = request.form.get("new_password1") new_password2 = request.form.get("new_password2") if g.user.verify_password(current_password): if pres(new_password1) and new_password2 and new_password1 == new_password2: g.user.hash_password(new_password1) db.session.commit() msg = "Password changed!" else: msg = "New passwords don't match." else: msg = "Current password doesn't match." return render_template("user_mgmt/change_password.html", msg=msg, user=g.user)
def post_do_password_reset(token): new_password1 = request.form.get("new_password1") new_password2 = request.form.get("new_password2") user = models.User.verify_auth_token(token) if user: if pres(new_password1) and new_password1 == new_password2: user.hash_password(new_password1) db.session.commit() flash("Password was reset.") return redirect(url_for('user_mgmt.get_login')) else: msg = "Please type the new password twice." return render_template("user_mgmt/do_password_reset.html", token=token, msg=msg) else: flash("That seems to be an invalid password recovery link. Perhaps it expired?") return redirect(url_for('user_mgmt.get_reset_password'))
def post_change_email(): current_password = request.form.get("current_password") new_email = request.form.get("new_email") if g.user.verify_password(current_password): if pres(new_email): if models.User.get_by_email(new_email) is not None: msg = "That email is already registered." else: g.user.email = new_email db.session.commit() msg = "Email address changed!" else: msg = "Please provide a new email address." else: msg = "Current password doesn't match." return render_template("user_mgmt/change_email.html", msg=msg, user=g.user)
def post_reset_password(): def send_recovery_email(user): recovery_token = user.generate_auth_token(expiration=120) link = url_for("user_mgmt.get_do_password_reset", _external=True, token=recovery_token) body = render_template("user_mgmt/recovery_email.html", link=link, user=user) subject = "Grubgreat password recovery." send_email(body=body, subject=subject, email_address=user.email) email = request.form.get("email") if pres(email): user = models.User.get_by_email(email) if user: send_recovery_email(user) msg = "Password recovery email sent." else: msg = "I don't know that email." else: msg = "Please provide an email address." return render_template("user_mgmt/password_recovery.html", msg=msg)