def new_password(self):
"""Show form and send reset password instructions."""
form = NewPasswordForm()
if form.validate_on_submit():
user = self.user_query().filter_by(email=form.email.data).first()
if user:
# generate and save reset token
user.reset_password_token = self.generate_token()
self.user_query().session.commit()
# send password reset instructions
try:
self.send_reset_passwort_instructions(user)
except Exception as e:
self.logger.error(
"Could not send reset password instructions to "
"user '%s':\n%s" % (user.email, e))
flash("Failed to send reset password instructions")
return render_template('new_password.html',
title='Forgot your password?',
form=form)
# NOTE: show message anyway even if email not found
flash(
"You will receive an email with instructions on how to reset "
"your password in a few minutes.")
return redirect(url_for('login'))
return render_template('new_password.html',
title='Forgot your password?',
form=form)
def ResetPasswordConfirmation(token):
user = User.verify_reset_password_token(
token) # This statement returns the id inside the token in the url.
if not user:
flash('Sorry, your verification token expired!', category='danger')
return redirect(url_for('ResetPasswordFail'))
form = NewPasswordForm()
if form.validate_on_submit():
salt = bcrypt.gensalt()
password = bcrypt.hashpw(form.password.data.encode(),
salt) # Hashing the new password
conn = cs.get_conn()
cursor = conn.cursor()
cursor.execute(
f"update chess.users set password = '******' where username = '******';"
)
conn.commit()
flash('Your password was successfully changed!', category='info')
return redirect(url_for('Reset_Password_Confirmation_Response'))
return render_template("ResetPasswordConfirmation.html", form=form)
def change_password():
"""Update password for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get_or_404(g.user.id)
form = NewPasswordForm()
if form.validate_on_submit():
"""handles password submission"""
password = User.authenticate(user.username, form.cur_password.data)
if password:
if form.new_password.data != form.conf_password.data:
form.conf_password.errors.append("Passwords do not match")
return render_template("users/change_password.html", form=form)
"""changes the password"""
User.change_password(user.username, form.new_password.data)
db.session.commit()
flash("Password Changed", "success")
return redirect(f"/users/{user.id}")
else:
"""shows for invalid password"""
flash("Invalid Password", "danger")
return redirect("/users/change_password")
else:
return render_template("users/change_password.html",
user=user,
form=form)
def new_password():
error = ''
token = request.args.get('token', None)
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
if not user:
flash('Invalid or expired password reset token.')
return redirect(url_for('index'))
form = NewPasswordForm()
if form.validate_on_submit():
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
user.password=md5.md5(form.password.data).hexdigest()
user.password_reset_token=''
db.session.commit()
flash('Password has been changed.')
return redirect(url_for('login'))
return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password():
error = ''
token = request.args.get('token', None)
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
if not user:
flash('Invalid or expired password reset token.')
return redirect(url_for('index'))
form = NewPasswordForm()
if form.validate_on_submit():
chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
salt = ''.join(random.choice(chars) for x in range(5))
password = '******'+salt+'$'+hashlib.sha1(salt + form.password.data).hexdigest()
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
user.password=password
user.password_reset_token=None
db.session.commit()
flash('Password has been changed.')
return redirect(url_for('login'))
return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(self):
"""Show form and send reset password instructions."""
form = NewPasswordForm(meta=wft_locales())
if form.validate_on_submit():
# create session for ConfigDB
db_session = self.db_session()
user = self.find_user(db_session, email=form.email.data)
if user:
# generate and save reset token
user.reset_password_token = self.generate_token()
db_session.commit()
# send password reset instructions
try:
self.send_reset_passwort_instructions(user)
except Exception as e:
self.logger.error(
"Could not send reset password instructions to "
"user '%s':\n%s" % (user.email, e)
)
flash(i18n.t("auth.reset_mail_failed"))
return self.response(
render_template(
'new_password.html', form=form, i18n=i18n,
title=i18n.t("auth.new_password_page_title")
),
db_session
)
# NOTE: show message anyway even if email not found
flash(i18n.t("auth.reset_message"))
return self.response(
redirect(url_for('login')),
db_session
)
return render_template(
'new_password.html', form=form, i18n=i18n,
title=i18n.t("auth.new_password_page_title")
)
