Beispiel #1
0
    def updatePassword(self, authUserId, password):
        
        account = self._accountDB.getAccount(authUserId)

        # Convert and store new password
        password = auth.convertPasswordForStorage(password)
        self._accountDB.updatePassword(authUserId, password)

        # Remove refresh / access tokens
        self._refreshTokenDB.removeRefreshTokensForUser(authUserId)
        self._accessTokenDB.removeAccessTokensForUser(authUserId)

        # If there is no email address associated with the account, we're done
        if account.email is None:
            return True

        # Send confirmation email
        msg = {}
        msg['to'] = account.email
        msg['from'] = 'Stamped <*****@*****.**>'
        msg['subject'] = 'Stamped: Your Password Has Been Reset'

        try:
            base = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
            path = os.path.join(base, 'alerts', 'templates', 'email_password_reset.html.j2')
            template = open(path, 'r')
        except Exception:
            ### TODO: Add error logging?
            raise
        
        params = {
            'screen_name': account.screen_name, 
            'email_address': account.email,
        }
        msg['body'] = utils.parseTemplate(template, params)

        utils.sendEmail(msg, format='html')

        return True
Beispiel #2
0
    def forgotPassword(self, email):
        email = str(email).lower().strip()
        if not utils.validate_email(email):
            msg = "Invalid format for email address"
            logs.warning(msg)
            raise StampedInputError(msg)
        
        # Verify user exists
        account = self._accountDB.getAccountByEmail(email)
        if not account or not account.user_id:
            msg = "User does not exist"
            logs.warning(msg)
            raise StampedInputError(msg)
        
        attempt = 1
        max_attempts = 5
        expire = 1800    # 30 minutes
        
        while True:
            try:
                rightNow = datetime.utcnow()

                resetToken = PasswordResetToken()
                resetToken.token_id = auth.generateToken(36)
                resetToken.user_id = account.user_id
                resetToken.expires = rightNow + timedelta(seconds=expire)
                
                timestamp = BasicTimestamp()
                timestamp.created = rightNow
                resetToken.timestamp = timestamp
                
                self._passwordResetDB.addResetToken(resetToken)
                break
            except Exception:
                if attempt >= max_attempts:
                    ## Add logging
                    raise 
                attempt += 1

        # TODO: switch this back to https after resolving the issue where assets 
        # aren't loaded over SSL
        url = 'http://www.stamped.com/pw/%s' % resetToken.token_id
        prettyurl = 'http://stamped.com/pw/%s' % resetToken.token_id
        
        # Email user
        msg = {}
        msg['to'] = email
        msg['from'] = 'Stamped <*****@*****.**>'
        msg['subject'] = 'Stamped: Forgot Password'
        
        try:
            base = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
            path = os.path.join(base, 'alerts', 'templates', 'email_password_forgot.html.j2')
            template = open(path, 'r')
        except Exception:
            ### TODO: Add error logging?
            raise
        
        params = {'url': url, 'prettyurl': prettyurl}
        msg['body'] = utils.parseTemplate(template, params)
        
        utils.sendEmail(msg, format='html')
        
        return True