Ejemplo n.º 1
0
def forgot_password():
	form = ForgotPasswordForm(request.form)
	if form.validate_on_submit():
		email = form.email.data
		user = User.query.filter_by(email=email).first()
		if user:
			token = randomString(32)

			addAuditLog(AuditSeverity.USER, user, "(Anonymous) requested a password reset",
					url_for("users.profile", username=user.username), None)

			ver = UserEmailVerification()
			ver.user = user
			ver.token = token
			ver.email = email
			ver.is_password_reset = True
			db.session.add(ver)
			db.session.commit()

			send_verify_email.delay(form.email.data, token)
		else:
			send_anon_email.delay(email, "Unable to find account", """
					<p>
						We were unable to perform the password reset as we could not find an account
						associated with this email.
					</p>
					<p>
						If you weren't expecting to receive this email, then you can safely ignore it.
					</p>
			""")

		flash("Check your email address to continue the reset", "success")
		return redirect(url_for("homepage.home"))

	return render_template("users/forgot_password.html", form=form)
Ejemplo n.º 2
0
def handle_register(form):
    user_by_name = User.query.filter(
        or_(User.username == form.username.data,
            User.username == form.display_name.data,
            User.display_name == form.display_name.data,
            User.forums_username == form.username.data,
            User.github_username == form.username.data)).first()
    if user_by_name:
        if user_by_name.rank == UserRank.NOT_JOINED and user_by_name.forums_username:
            flash(
                "An account already exists for that username but hasn't been claimed yet.",
                "danger")
            return redirect(
                url_for("users.claim_forums",
                        username=user_by_name.forums_username))
        else:
            flash(
                "That username/display name is already in use, please choose another.",
                "danger")
            return

    user_by_email = User.query.filter_by(email=form.email.data).first()
    if user_by_email:
        send_anon_email.delay(
            form.email.data, "Email already in use",
            "We were unable to create the account as the email is already in use by {}. Try a different email address."
            .format(user_by_email.display_name))
        flash("Check your email address to verify your account", "success")
        return redirect(url_for("homepage.home"))
    elif EmailSubscription.query.filter_by(email=form.email.data,
                                           blacklisted=True).count() > 0:
        flash(
            "That email address has been unsubscribed/blacklisted, and cannot be used",
            "danger")
        return

    user = User(form.username.data, False, form.email.data,
                make_flask_login_password(form.password.data))
    user.notification_preferences = UserNotificationPreferences(user)
    if form.display_name.data:
        user.display_name = form.display_name.data
    db.session.add(user)

    addAuditLog(AuditSeverity.USER, user,
                "Registered with email, display name=" + user.display_name,
                url_for("users.profile", username=user.username))

    token = randomString(32)

    ver = UserEmailVerification()
    ver.user = user
    ver.token = token
    ver.email = form.email.data
    db.session.add(ver)
    db.session.commit()

    send_verify_email.delay(form.email.data, token)

    flash("Check your email address to verify your account", "success")
    return redirect(url_for("homepage.home"))
Ejemplo n.º 3
0
def handle_email_notifications(user, prefs: UserNotificationPreferences,
                               is_new, form):
    for notificationType in NotificationType:
        field_email = getattr(form, "pref_" + notificationType.toName()).data
        field_digest = getattr(form, "pref_" + notificationType.toName() +
                               "_digest").data or field_email
        prefs.set_can_email(notificationType, field_email)
        prefs.set_can_digest(notificationType, field_digest)

    if is_new:
        db.session.add(prefs)

    if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
        newEmail = form.email.data
        if newEmail and newEmail != user.email and newEmail.strip() != "":
            if EmailSubscription.query.filter_by(email=form.email.data,
                                                 blacklisted=True).count() > 0:
                flash(
                    "That email address has been unsubscribed/blacklisted, and cannot be used",
                    "danger")
                return

            token = randomString(32)

            severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION

            msg = "Changed email of {}".format(user.display_name)
            addAuditLog(severity, current_user, msg,
                        url_for("users.profile", username=user.username))

            ver = UserEmailVerification()
            ver.user = user
            ver.token = token
            ver.email = newEmail
            db.session.add(ver)
            db.session.commit()

            flash("Check your email to confirm it", "success")

            send_verify_email.delay(newEmail, token)
            return redirect(
                url_for("users.email_notifications", username=user.username))

    db.session.commit()
    return redirect(
        url_for("users.email_notifications", username=user.username))