def password_request_reset():
logging_prefix = logger_prefix + "password_request_reset() - "
log.info(logging_prefix + "Starting")
try:
form = forms.userEmailForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
if form.validate():
email = form.user_email.data
#make sure the email exists in the system
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT id FROM users WHERE email = %s", (email,))
user = conn.fetchone()
conn.close()
if user:
expiration_ts = int(time.time()) + 3600
password_reset_hash = sha256(SALTS['user'],str(user['id']) + str(expiration_ts))
#set this value in the database, so it can be expired after the password is changed
conn=get_mysql().cursor(DictCursor)
conn.execute("INSERT INTO password_reset_hashes (user_id,hash) VALUES (%s,%s)", (user['id'],password_reset_hash))
get_mysql().commit()
conn.close()
password_reset_link = "/user/password/reset/{}/{}/{}/".format(user['id'],expiration_ts,password_reset_hash)
sendPasswordResetEmail(email, password_reset_link)
flash("An email has been sent to '{}' with a link to reset your password. This link expires in 1 hour.".format(email),'success')
else:
flash("The email you entered was not found", "danger")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("password_reset.html",
page_title="Reset Your Password",
page_type="REQUEST",
form=form,
search_form=search_form
)
def reverify():
logging_prefix = logger_prefix + "reverify() - "
log.info(logging_prefix + "Starting")
try:
form = forms.userEmailForm(request.form)
search_form = forms.searchForm()
if request.method == 'POST':
if form.validate():
email = form.user_email.data
#make sure the email exists in the system
conn=get_mysql().cursor(DictCursor)
conn.execute("SELECT verification_hash FROM users WHERE email = %s", (email,))
user = conn.fetchone()
conn.close()
if user:
sendAccountVerificationEmail(email, user['verification_hash'])
flash("A verification email has been sent to '{}' with a link to verify your account.".format(email),'success')
else:
flash("The email you entered was not found", "danger")
else:
print(form.errors)
except Exception as e:
error = "There was an error completing your request. Details: {}".format(e)
flash(error,'danger')
log.exception(logging_prefix + error)
return render_template("account_reverify.html",
page_title="Verify Account",
form=form,
search_form=search_form
)
