Beispiel #1
0
def change_password():
    if request.method == 'POST':
        old_password = request.form['oldPassword']
        new_password1 = request.form['newPassword1']
        new_password2 = request.form['newPassword2']
        if not login_validate(current_user.email_address, old_password):
            return Response('Original password invalid.')
        if new_password1 != new_password2:
            return Response('New passwords do not match.')
        if len(new_password1) < 8:
            return Response('Password is too short.')
        change_user_password(current_user.email_address, old_password,
                             new_password1)
        return redirect('/')
    return render_template('users/change-password.html')
Beispiel #2
0
def sign_in():
    if request.method == 'POST':
        email_address = request.form['email_address']
        password = request.form['password']
        remember_me = bool(int(request.form.get(
            'remember_me', '0')))  # fix(soon): safe convert
        user = login_validate(email_address, password)
        if not user:
            message = 'Invalid email address or user name or password.'
            return render_template(
                'users/sign-in.html', message=message,
                hide_loc_nav=True)  # display login form again
        login_user(user, remember=remember_me)
        return redirect('/')
        # return redirect(request.args.get("next") or "/") # need to use next_is_valid(next) - https://flask-login.readthedocs.org/en/latest/
    return render_template('users/sign-in.html', hide_loc_nav=True)
def _create_or_update_admin_user():
    """Add an admin user to the database if needed, or set the existing user's password."""
    admin_email = os.environ.get('TERRAWARE_ADMIN_EMAIL')
    admin_password = os.environ.get('TERRAWARE_ADMIN_PASSWORD')

    if admin_email and admin_password:
        if login_validate(admin_email, admin_password):
            # The admin already exists and has the right password.
            return

        try:
            create_admin_user(admin_email, admin_password)
            logger.info('Created admin user %s', admin_email)
        except IntegrityError:
            db.session.rollback()
            reset_user_password(admin_email, admin_password)
            logger.info('Updated admin password')
    else:
        logger.warning('No admin username/password configured')