def new_password(self): """Show form and send reset password instructions.""" form = NewPasswordForm() if form.validate_on_submit(): user = self.user_query().filter_by(email=form.email.data).first() if user: # generate and save reset token user.reset_password_token = self.generate_token() self.user_query().session.commit() # send password reset instructions try: self.send_reset_passwort_instructions(user) except Exception as e: self.logger.error( "Could not send reset password instructions to " "user '%s':\n%s" % (user.email, e)) flash("Failed to send reset password instructions") return render_template('new_password.html', title='Forgot your password?', form=form) # NOTE: show message anyway even if email not found flash( "You will receive an email with instructions on how to reset " "your password in a few minutes.") return redirect(url_for('login')) return render_template('new_password.html', title='Forgot your password?', form=form)
def ResetPasswordConfirmation(token): user = User.verify_reset_password_token( token) # This statement returns the id inside the token in the url. if not user: flash('Sorry, your verification token expired!', category='danger') return redirect(url_for('ResetPasswordFail')) form = NewPasswordForm() if form.validate_on_submit(): salt = bcrypt.gensalt() password = bcrypt.hashpw(form.password.data.encode(), salt) # Hashing the new password conn = cs.get_conn() cursor = conn.cursor() cursor.execute( f"update chess.users set password = '******' where username = '******';" ) conn.commit() flash('Your password was successfully changed!', category='info') return redirect(url_for('Reset_Password_Confirmation_Response')) return render_template("ResetPasswordConfirmation.html", form=form)
def change_password(): """Update password for current user.""" # IMPLEMENT THIS if not g.user: flash("Access unauthorized.", "danger") return redirect("/") user = User.query.get_or_404(g.user.id) form = NewPasswordForm() if form.validate_on_submit(): """handles password submission""" password = User.authenticate(user.username, form.cur_password.data) if password: if form.new_password.data != form.conf_password.data: form.conf_password.errors.append("Passwords do not match") return render_template("users/change_password.html", form=form) """changes the password""" User.change_password(user.username, form.new_password.data) db.session.commit() flash("Password Changed", "success") return redirect(f"/users/{user.id}") else: """shows for invalid password""" flash("Invalid Password", "danger") return redirect("/users/change_password") else: return render_template("users/change_password.html", user=user, form=form)
def new_password(): error = '' token = request.args.get('token', None) user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() if not user: flash('Invalid or expired password reset token.') return redirect(url_for('index')) form = NewPasswordForm() if form.validate_on_submit(): user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() user.password=md5.md5(form.password.data).hexdigest() user.password_reset_token='' db.session.commit() flash('Password has been changed.') return redirect(url_for('login')) return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(): error = '' token = request.args.get('token', None) user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() if not user: flash('Invalid or expired password reset token.') return redirect(url_for('index')) form = NewPasswordForm() if form.validate_on_submit(): chars = string.ascii_uppercase + string.ascii_lowercase + string.digits salt = ''.join(random.choice(chars) for x in range(5)) password = '******'+salt+'$'+hashlib.sha1(salt + form.password.data).hexdigest() user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() user.password=password user.password_reset_token=None db.session.commit() flash('Password has been changed.') return redirect(url_for('login')) return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(self): """Show form and send reset password instructions.""" form = NewPasswordForm(meta=wft_locales()) if form.validate_on_submit(): # create session for ConfigDB db_session = self.db_session() user = self.find_user(db_session, email=form.email.data) if user: # generate and save reset token user.reset_password_token = self.generate_token() db_session.commit() # send password reset instructions try: self.send_reset_passwort_instructions(user) except Exception as e: self.logger.error( "Could not send reset password instructions to " "user '%s':\n%s" % (user.email, e) ) flash(i18n.t("auth.reset_mail_failed")) return self.response( render_template( 'new_password.html', form=form, i18n=i18n, title=i18n.t("auth.new_password_page_title") ), db_session ) # NOTE: show message anyway even if email not found flash(i18n.t("auth.reset_message")) return self.response( redirect(url_for('login')), db_session ) return render_template( 'new_password.html', form=form, i18n=i18n, title=i18n.t("auth.new_password_page_title") )