def put(self, uid):
'''Updates a user's password.'''
current_password = request.json.get('current_password')
token = request.json.get('token')
user = User.query.get_or_404(uid)
new_password = None
# process current password
if current_password:
if not g.user:
abort(401)
if user.id != g.user.id:
abort(403)
if not user.check_password(current_password):
abort(400, 'Invalid current password.')
new_password = request.json.get('new_password')
# process reset token
elif token:
payload = get_unverified_jwt_payload(token)
if payload['sub'] != user.id:
abort(400, 'Invalid token.')
new_password = request.json.get('new_password')
# handle password update
if not new_password:
abort(400, 'Invalid request.')
if not is_valid_password(new_password):
abort(400, 'Password does not meet complexity requirements.')
user.password = new_password
db.session.add(user)
db.session.commit()
return {'success': True}
def post(self):
'''Creates an account.'''
username = request.json.get('username')
if User.query.filter_by(username=username).first():
abort(400, 'Username already exists.')
email = request.json.get('email')
if User.query.filter_by(email=email).first():
abort(400, 'Email already exists.')
password = request.json.get('password')
if not is_valid_password(password):
abort(400, 'Password does not meet complexity requirements.')
user = User(**request.json)
db.session.add(user)
db.session.commit()
return {'success': True}, 201
def reset_password():
# validate flow control
if not session.get('reset_id'):
return reset_flow('Reset improperly initialized.')
if request.method == 'POST':
password = request.form['password']
if is_valid_password(password):
user = User.query.get(session.pop('reset_id'))
user.password = password
db.session.add(user)
db.session.commit()
flash('Password reset. Please log in.')
return redirect(url_for('auth.login'))
else:
flash('Password does not meet complexity requirements.')
return render_template('reset_password.html')
def profile_change():
user = g.user
password = request.values['password']
if password:
if is_valid_password(password):
user.password = password
else:
flash('Password does not meet complexity requirements.')
user.avatar = request.values['avatar']
user.signature = request.values['signature']
user.name = request.values['name']
user.question = request.values['question']
user.answer = request.values['answer']
db.session.add(user)
db.session.commit()
flash('Account information changed.')
return redirect(url_for('core.profile'))
def reset_password():
# enforce flow control
if not session.get('reset_id'):
flash('Reset improperly initialized.')
return redirect(url_for('auth.reset_init'))
if request.method == 'POST':
password = request.form['password']
if is_valid_password(password):
user = User.query.get(session.pop('reset_id'))
user.password = password
db.session.add(user)
db.session.commit()
flash('Password reset. Please log in.')
return redirect(url_for('auth.login'))
else:
flash('Invalid password. 6 or more characters required.')
return render_template('reset_password.html')
def profile():
user = g.user
if request.values:
password = request.values['password']
if password:
if is_valid_password(password):
user.password = password
else:
flash('Password does not meet complexity requirements.')
user.avatar = request.values['avatar']
user.signature = request.values['signature']
user.name = request.values['name']
user.question = request.values['question']
user.answer = request.values['answer']
db.session.add(user)
db.session.commit()
flash('Account information changed.')
return render_template('profile.html', user=user, questions=QUESTIONS)
def register():
if request.method == 'POST':
username = request.form['username']
if not User.query.filter_by(username=username).first():
email = request.form['email']
if not User.query.filter_by(email=email).first():
password = request.form['password']
if is_valid_password(password):
user = User(**request.form.to_dict())
db.session.add(user)
db.session.commit()
create_welcome_message(user)
flash('Account created. Please log in.')
return redirect(url_for('auth.login'))
else:
flash('Password does not meet complexity requirements.')
else:
flash('Email already exists.')
else:
flash('Username already exists.')
return render_template('register.html', questions=QUESTIONS)