def reset_link():
searchForm = SearchForm()
error = ''
form = EmailForm()
if form.validate_on_submit():
if request.content_type != r'application/x-www-form-urlencoded':
log.logger.error('Incorrect content format sent detected in /reset route')
abort(404)
if Models.Customer.query.filter_by(email=str(escape(form.email.data))).first():
token = utils.generate_token(form.email.data)
password_reset_url = url_for('users.reset_password_link',token=token,_external=True)
html = render_template('reset_email.html',password_reset_url=password_reset_url)
if os.environ.get('IS_PROD',None):
utils.mailgun_send_message(form.email.data,'Password Recovery',html)
else:
utils.send_email(form.email.data,'Password Recovery',html)
flash('WE have emailed you the password link to reset!')
resp = make_response(redirect(url_for('reset_link')))
if resp.headers['Location'] == '/reset':
return resp
else:
abort(404)
else:
error = 'This email is not registered with us!'
return render_template('reset.html',form=form,errors=error,searchForm=searchForm)
def resend():
token = utils.generate_token(current_user.email)
confirm_url = url_for('users.confirm_email', token=token, _external=True)
html = render_template('activate.html', confirm_url=confirm_url)
subject = 'Please confirm your account'
utils.send_email(current_user.email, subject, html)
flash('Email sent!')
return redirect(url_for('users.unconfirmed'))
def resend():
token = utils.generate_token(current_user.email)
confirm_url = url_for('users.confirm_email', token=token, _external=True)
html = render_template('activate.html', confirm_url=confirm_url)
subject = 'Please confirm your account'
if os.environ.get('IS_PROD',None):
utils.mailgun_send_messageV2(current_user.email,subject,html,'*****@*****.**')
else:
utils.send_email(current_user.email,subject,html)
flash('Email sent!')
resp = make_response(redirect(url_for('users.unconfirmed')))
print(resp.headers['Location'])
if resp.headers['Location'] == '/unconfirmed':
return resp
else:
abort(404)
def reset_link():
searchForm = SearchForm()
error = ''
form = EmailForm()
if form.validate_on_submit():
if Models.Customer.query.filter_by(
email=str(escape(form.email.data))).first():
token = utils.generate_token(form.email.data)
password_reset_url = url_for('users.reset_password_link',
token=token,
_external=True)
html = render_template('reset_email.html',
password_reset_url=password_reset_url)
utils.send_email(form.email.data, 'Password Recovery', html)
errors = 'We have emailed youthe password link to reset!'
return redirect(url_for('reset_link', errors=errors))
else:
error = 'This email is not registered with us!'
return render_template('reset.html',
form=form,
errors=error,
searchForm=searchForm)
def register():
if current_user.is_authenticated:
abort(404)
searchForm = SearchForm()
form = RegisterForm()
if form.validate_on_submit():
print('fkffkfkfk')
if request.content_type != r'application/x-www-form-urlencoded':
log.logger.error('Incorrect content type format')
abort(404)
if utils.banned_characters(form.username.data) or utils.banned_characters(form.password.data) or utils.banned_characters(form.fname.data) or utils.banned_characters(form.lname.data) or utils.banned_characters(form.email.data):
print('d')
log.logger.critical('Malicious characters detected in register form',extra={'custom_dimensions': {'Source': request.remote_addr}})
abort(404)
if utils.banned_characters(form.confirm.data.upper(),matches='({0})'.format(str(escape(form.username.data.upper())))):
flash('Password should not contain anything related to your username. Please try again!')
resp = make_response(redirect(url_for('register')))
if resp.headers['Location'] == '/register':
return resp
if os.environ.get('IS_PROD',None):
if utils.banned_characters(form.confirm.data.upper(),matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(), matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(),matches='(ADMIN)') or utils.banned_characters(form.confirm.data.upper(),matches='(USERNAME)'):
flash('This password is either too common and subsceptiple to hackers or password contain words like \"username\" or \"password\" or \"admin\"')
resp = make_response(redirect(url_for('register')))
if resp.headers['Location'] == '/register':
return resp
else:
if utils.read_common_password(form.confirm.data) or utils.banned_characters(form.confirm.data.upper(),matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(),matches='(PASSWORD)') or utils.banned_characters(form.confirm.data.upper(),matches='(ADMIN)') or utils.banned_characters(form.confirm.data.upper(),matches='(USERNAME)'):
flash('This password is either too common and subsceptiple to hackers or password contain words like \"username\" or \"password\" or \"admin\"')
resp = make_response(redirect(url_for('register')))
if resp.headers['Location'] == '/register':
return resp
# du[;ication check
username = Models.Customer.query.filter_by(username=str(escape(form.username.data))).first()
email = Models.Customer.query.filter_by(email=str(escape(form.email.data))).first()
if email is None and username is None:
user = ''
eresponse=''
presponse=''
print('wtf')
if not os.environ.get('IS_PROD'):
wrap_key = classification.get_wrapped_key("seismic-helper-301408", "global", "ispj", "ISPJ_KEY")
#eresponse = classification.deidentify("seismic-helper-301408",form.email.data,"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;'<,>.?/\"",wrap_key,["EMAIL_ADDRESS"],"##")
presponse = classification.deidentify("seismic-helper-301408",form.fname.data,"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;'<,>.?/\"",wrap_key,["FIRST_NAME"],"##")
print(presponse)
print('dog')
try:
if not os.environ.get('IS_PROD'):
user = Models.Customer(str(escape(form.username.data)),presponse.item.value,form.lname.data,form.contact.data,str(escape(form.confirm.data)),0,form.email.data)
else:
user = Models.Customer(str(escape(form.username.data)),str(escape(form.fname.data)),str(escape(form.lname.data)),form.contact.data,str(escape(form.confirm.data)),0,form.email.data)
Models.database.session.add(user)
Models.database.session.commit()
except Exception as errors:
print('test')
log.logger.exception(errors)
Models.database.session.rollback()
token = utils.generate_token(user.email)
confirm_url = url_for('users.confirm_email',token=token, _external=True)
html = render_template('activate.html',confirm_url=confirm_url)
subject = 'Please confirm your account'
if os.environ.get('IS_PROD', None):
utils.mailgun_send_messageV2(current_user.email, subject, html, '*****@*****.**')
else:
utils.send_email(form.email.data, subject, html)
log.logger.info('A new user has sucessfully registered with username of {0}'.format(form.username.data),extra={'custom_dimensions':{'Source':request.remote_addr}})
resp = make_response(redirect(url_for('login')))
if resp.headers['Location'] == '/login':
return resp
else:
if email is not None and username is not None:
flash('Username and email exist')
elif email is not None:
flash('Email exist')
elif username is not None:
flash('Username exist')
return redirect(url_for('register'))
else:
print(form.username.data)
return render_template('register.html',form=form,searchForm=searchForm)
def register():
if current_user.is_authenticated:
abort(404)
searchForm = SearchForm()
form = RegisterForm()
if form.validate_on_submit():
username = Models.Customer.query.filter_by(
username=str(escape(form.username.data))).first()
email = Models.Customer.query.filter_by(
email=str(escape(form.email.data))).first()
if email is None and username is None:
user = ''
try:
user = Models.Customer(str(escape(form.username.data)),
str(escape(form.fname.data)),
str(escape(form.lname.data)),
form.contact.data,
str(escape(form.confirm.data)), 0,
str(escape(form.email.data)))
Models.database.session.add(user)
Models.database.session.commit()
except Exception as errors:
print('test')
log.logger.exception(errors)
Models.database.session.rollback()
token = utils.generate_token(user.email)
confirm_url = url_for('users.confirm_email',
token=token,
_external=True)
html = render_template('activate.html', confirm_url=confirm_url)
subject = 'Please confirm your account'
utils.send_email(form.email.data, subject, html)
log.logger.info(
'A new user has sucessfully registered with username of {0}'.
format(form.username.data),
extra={'custom_dimensions': {
'Source': request.remote_addr
}})
return redirect(url_for('login'))
else:
if email is not None and username is not None:
flash('Username and email exist')
elif email is not None:
flash('Email exist')
elif username is not None:
flash('Username exist')
return redirect(url_for('register'))
else:
print(form.username.data)
if utils.banned_characters(
form.username.data) or utils.banned_characters(
form.password.data) or utils.banned_characters(
form.fname.data) or utils.banned_characters(
form.lname.data) or utils.banned_characters(
form.email.data) or utils.banned_characters(
form.confirm.data):
print('d')
log.logger.critical(
'Malicious characters detected in register form',
extra={'custom_dimensions': {
'Source': request.remote_addr
}})
# ban ip addr for next step
return render_template('register.html', form=form, searchForm=searchForm)