def Get(self, data):
data["resetcode"] = resetcode.as_long(data["code"])
print data["resetcode"]
self.execute(
"""SELECT *
FROM resetcodes
WHERE code = %(resetcode)s
AND user_email = %(email)s
AND expires > NOW()""",
data,
)
if self.rowcount() != 1:
print data
error("404 reset code not found")
self.execute(
"""SELECT user_username, user_id
FROM users
WHERE user_email = %(email)s""",
data,
)
row = self.fetchone()
if row is None:
error("404 Email not found or bad code")
# could give them a session token at this point, but let's make them choose a new password first
return JSON(row)
def Post(self, data):
row = None
if data["code"] is None:
self.execute(
"""SELECT user_password
FROM users
WHERE user_id = %(user_id)s""",
data,
)
if self.rowcount() != 1:
error("401 Incorrect user_id")
row = self.fetchone()
checkPassword(row["user_password"], data["oldpassword"])
if data["oldpassword"] is None:
data["resetcode"] = resetcode.as_long(data["code"])
self.execute(
"""SELECT COUNT(*)
FROM resetcodes
WHERE user_id = %(user_id)s
AND code = %(resetcode)s
AND expires > NOW()""",
data,
)
if self.rowcount() != 1:
error("401 Reset code expired")
row = self.fetchone()
self.execute(
"""DELETE
FROM resetcodes
WHERE user_id = %(user_id)s""",
data,
)
if self.rowcount() != 1:
error("500 can't remove reset code!?")
if row is None:
error("401 need password or reset code!")
# new password?
if data["password"] is not None:
data["hashed"] = bcrypt.hashpw(data["password"], bcrypt.gensalt(12))
else:
data["hashed"] = row["user_password"] # no, keep the old one
# update user record with new details
self.execute(
"""UPDATE users
SET user_email = %(email)s,
user_password = %(hashed)s,
user_username = %(username)s
WHERE user_id = %(user_id)s""",
data,
)
if self.rowcount() == 1:
email(data["username"], data["email"], details_changed_template, data)
return JSON(
{
"changed": self.rowcount() == 1,
"token": create_token({"user_id": data["user_id"]}),
"user_id": data["user_id"],
"user_username": data["username"],
"user_email": data["email"],
}
)