def requestpswd():
if request.method == 'GET':
return render_template('request-pswd.html',
header_title='Request password')
if request.method == 'POST':
username = request.form.get('username')
user = User.query.filter_by(username=username).first()
if not user:
flash(username + " is not a registered user", 'error')
return redirect('/requestpswd')
email = user.email
temp = create_temp_pswd()
temp_hashed = make_pw_hash(temp)
user.pw_hash = temp_hashed
db.session.add(user)
db.session.commit()
msg = Message('Important Message from Blogz',
sender='*****@*****.**',
recipients=[email])
msg.body = 'Hi There, ' + username + '!/n/nYour temporary Blogz password is: \n\t\t' + temp + '\nIf you did not initiate this request, you might want to call your mom.'
mail.send(msg)
flash(
'A temporary password has been sent to the email you have on file',
'success')
flash('Development alert: temp password is ' + temp, 'error')
session['temp-pswd'] = 'yes'
return redirect('/')
def login():
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
# VAILDATION #
if email == '' or password == '':
flash('Error: One or more fields left blank',
category="is-warning")
return redirect('/login')
users = User.query.filter_by(email=email)
if users.count() != 1:
flash('Error: Email not in our system.', category="is-warning")
return redirect("/login")
user = users.first()
pw_hash, salt = user.pw_hash.split(',')
test_pw_hash, salt = make_pw_hash(password, salt).split(',')
if test_pw_hash != pw_hash:
flash('Error: Incorrect password', category="is-warning")
return redirect("/login")
# SUCCESS #
session['user'] = user.email
flash('Welcome Back, ' + user.email, category="is-primary")
return redirect("/")
def post(self):
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
email = self.request.get('email')
params = {}
has_error = False
if not self.validate_username(username):
has_error = True
elif self.get_user_by_name(username):
params['user_error'] = "That username already exists"
has_error = True
if not self.validate_pw(password):
has_error = True
elif password != verify:
params['pw_error'] = "Your passwords do not match"
has_error = True
if not self.validate_email(email):
has_error = True
if has_error:
self.render('signup.html',
sign_up_active="active",
page_title="Sign Up",
**params)
else:
pw_hash = hashutils.make_pw_hash(username, password)
u = User(username=username, pw_hash=pw_hash, email=email, sets=[])
u.put()
self.login_user(u)
self.redirect('/')
def post(self):
"""
Validate submitted data, creating a new user if all fields are valid.
If data doesn't validate, render the form again with an error.
This code is essentially identical to the solution to the Signup portion
of the Formation assignment. The main modification is that we are now
able to create a new user object and store it when we have valid data.
"""
submitted_username = self.request.get("username")
submitted_password = self.request.get("password")
submitted_verify = self.request.get("verify")
submitted_email = self.request.get("email")
username = self.validate_username(submitted_username)
password = self.validate_password(submitted_password)
verify = self.validate_verify(submitted_password, submitted_verify)
email = self.validate_email(submitted_email)
errors = {}
existing_user = self.get_user_by_name(username)
has_error = False
if existing_user:
errors[
'username_error'] = "A user with that username already exists"
has_error = True
elif (username and password and verify and (email is not None)):
# create new user object and store it in the database
pw_hash = hashutils.make_pw_hash(username, password)
user = User(username=username, pw_hash=pw_hash)
user.put()
# login our new user
self.login_user(user)
else:
has_error = True
if not username:
errors['username_error'] = "That's not a valid username"
if not password:
errors['password_error'] = "That's not a valid password"
if not verify:
errors['verify_error'] = "Passwords don't match"
if email is None:
errors['email_error'] = "That's not a valid email"
if has_error:
t = jinja_env.get_template("signup.html")
response = t.render(username=username,
email=submitted_email,
errors=errors)
self.response.out.write(response)
else:
self.redirect('/blog/newpost')
def register():
email = ""
email_error = ""
password_error = ""
verify_error = ""
if request.method == "POST":
email = request.form["email"]
password = request.form["password"]
verify = request.form["verify"]
email_error = ""
password_error = ""
verify_error = ""
if password == "":
password_error = "Password cannot be blank. "
elif len(password) < 3 or len(password) > 20:
password = ""
verify = ""
password_error = password_error + \
"Password must be between 3 and 20 characters in length. "
if verify == "":
verify_error = "Password cannot be blank. "
if " " in email:
email_error = email_error + "Username cannot contain spaces. "
if " " in password:
password = ""
verify = ""
password_error = password_error + "Password cannot contain spaces. "
if password != verify:
password = ""
verify = ""
verify_error = verify_error + "Does not match password. "
# TODO: Validate user data
if not email_error and not password_error and not verify_error:
existing_user = User.query.filter_by(email=email).first()
if not existing_user:
new_user = User(email, make_pw_hash(password))
db.session.add(new_user)
db.session.commit()
session["email"] = email
return redirect("/add-post")
else:
# TODO: use a better message here
return "<h1>Duplicate user</h1>"
return render_template("register.html",
email_error=email_error,
password_error=password_error,
verify_error=verify_error,
email=email)
def post(self):
submitted_username = self.request.get("username")
submitted_password = self.request.get("password")
submitted_verify = self.request.get("verify")
submitted_email = self.request.get("email")
username = self.validate_username(submitted_username)
password = self.validate_password(submitted_password)
verify = self.validate_verify(submitted_password, submitted_verify)
email = self.validate_email(submitted_email)
errors = {}
existing_user = self.get_user_by_name(username)
has_error = False
if existing_user:
errors['username_error'] = "Sorry, that username already exists."
has_error = True
elif (username and password and verify and (email is not None)):
# create new user object and store it in the database
pw_hash = hashutils.make_pw_hash(username, password)
user = User(username=username, email=email, pw_hash=pw_hash)
user.put()
# login our new user
self.login_user(user)
else:
has_error = True
if not username:
errors['username_error'] = "That's not a valid username"
if not password:
errors['password_error'] = "That's not a valid password"
if not verify:
errors['verify_error'] = "Passwords don't match"
if email is None:
errors['email_error'] = "That's not a valid email"
if has_error:
try:
thisUser = str(self.user.username)
except:
thisUser = ""
t = jinja_env.get_template("signup.html")
response = t.render(username=username,
email=email,
errors=errors,
thisUser=thisUser)
self.response.out.write(response)
else:
self.redirect('/blog/newpost')
def signup():
noerrors = True
if request.method == 'POST': #submitted form
#get form variables
username = request.form['email']
password = request.form['password']
verify = request.form['verify']
#set error variables
_error = ""
usererror = ""
passerror = ""
#validate username
_error = validate_(username)
if _error != "":
noerrors = False
usererror = "Username " + _error
flash(
"Username <strong>{0}</strong> is not valid. {1}".format(
username, usererror), 'danger')
#validate password
_error = password_verify_same(password, verify)
if _error == "": #matching passwords
_error = validate_(
password) #check password meets required validation rules
if _error != "":
noerrors = False
passerror = "Password" + _error
flash("{0}".format(passerror), 'danger')
else: #non matching passwords
noerrors = False
passerror = "Password" + _error
flash("{0}".format(passerror), 'danger')
if noerrors:
existing_user = User.query.filter_by(username=username).first()
if not existing_user: #not existing
#add new user to db is all validation passed
password = make_pw_hash(password)
new_user = User(username, password)
db.session.add(new_user)
db.session.commit()
session['email'] = username
return redirect('/newpost')
else: #here if is existing user
flash(
"The email <strong>{0}</strong> is already registered".
format(username), 'danger')
#return render_template('signup.html')
#GET request
return render_template('signup.html')
def __init__(self, username, password, email, company, catchphrase, state, dustmask): self.username=username self.hashpass=make_pw_hash(password) self.email=email self.company=company self.catchphrase=catchphrase self.state=state self.dustmask=dustmask self.benefactor=0 self.lastsink=0 self.memberlevel=0
def post(self):
""" User is trying to register """
submitted_teamname = self.request.get("teamname")
submitted_password = self.request.get("password")
submitted_verify = self.request.get("verify")
submitted_members = self.request.get("members")
submitted_discords = self.request.get("discords")
teamname = self.validate_teamname(submitted_teamname)
password = self.validate_password(submitted_password)
verify = self.validate_verify(submitted_password, submitted_verify)
members = self.validate_members(submitted_members)
discords = self.validate_discords(submitted_discords)
errors = {}
existing_team = self.get_team_by_name(teamname)
has_error = False
if existing_team:
errors['teamname_error'] = "A team with that name already exists"
has_error = True
elif (teamname and password and verify and members and discords):
# create new user object
pw_hash = hashutils.make_pw_hash(teamname, password)
team = Team(teamname=teamname, pw_hash=pw_hash)
team.put()
self.login_user(team)
else:
has_error = True
if not teamname:
errors['teamname_error'] = "That's not a valid teamname"
if not password:
errors['password_error'] = "That's not a valid password"
if not verify:
errors['verify_error'] = "Passwords don't match"
if not members:
errors['members_error'] = "That's not a valid list of members"
if not discords:
errors['discords_error'] = "That's not a valid discord tag"
if has_error:
t = jinja_env.get_template("register.html")
response = t.render(teamname=teamname, errors=errors)
self.response.out.write(response)
else:
self.redirect('/teampage')
def add_user():
# add a new user to the User Table in DB
new_user = User()
new_user.username = request.json["username"]
plain_text_password = request.json["password"]
salt = make_salt()
# save unique salts in the db with each user
new_user.salt = salt
# salt and hash all passwords being entered into db
new_user.password = make_pw_hash(salt, plain_text_password)
db.session.add(new_user)
db.session.commit()
# add the user to session
session['user'] = new_user.username
return jsonify({"username": new_user.username})
def register():
if request.method == 'POST':
email = str(request.json['email'])
password = str(request.json['password'])
verify = str(request.json['verify'])
if password != verify:
return "Passwords do not match", 401
user = get_user(email)
if len(user) != 0:
return "Account with this email already exists", 409
try:
create_user(email, make_pw_hash(password))
return "Account added successfully", 200
except:
return "Something went wrong, account not added", 400
def post(self):
""" User is trying to register """
submitted_username = self.request.get("username")
submitted_password = self.request.get("password")
submitted_verify = self.request.get("verify")
username = self.validate_username(submitted_username)
password = self.validate_password(submitted_password)
verify = self.validate_verify(submitted_password, submitted_verify)
errors = {}
existing_user = self.get_user_by_name(username)
has_error = False
if existing_user:
errors[
'username_error'] = "A user with that username already exists"
has_error = True
elif (username and password and verify):
# create new user object
pw_hash = hashutils.make_pw_hash(username, password)
user = User(username=username, pw_hash=pw_hash)
user.put()
self.login_user(user)
else:
has_error = True
if not username:
errors['username_error'] = "That's not a valid username"
if not password:
errors['password_error'] = "That's not a valid password"
if not verify:
errors['verify_error'] = "Passwords don't match"
if has_error:
t = jinja_env.get_template("register.html")
content = t.render(username=username, errors=errors)
self.response.out.write(content)
else:
self.redirect('/')
def edit_profile():
curr_username = session['username']
if request.method == 'GET':
return render_template('profile.html', curr_username=curr_username)
if request.method == 'POST':
user = User.query.filter_by(username=session['username']).first()
original = request.form.get('old_password')
if check_pw_hash(original, user.pw_hash):
new = request.form.get('password')
name = request.form.get('username')
if name != '':
# validate user name
if len(name) < 3:
flash('Valid username must be at least 3 characters',
'error')
return redirect('/editprofile?curr_username='******'The username ' + name + ' is already in use',
'error')
return redirect('/editprofile?curr_username='******'You changed your username!', 'success')
if new != '':
verify = request.form.get('verify')
if new != verify:
flash('The passwords do not match', 'error')
return redirect('/editprofile?curr_username='******'&username='******'temp-pswd' in session:
del session['temp-pswd']
flash('You changed your password!', 'success')
db.session.add(user)
db.session.commit()
session['username'] = user.username
return redirect('/')
else:
flash('incorrect password', 'error')
return redirect('/editprofile?curr_username=' + curr_username)
def register():
if request.method == 'GET':
return render_template('register.html')
if request.method == 'POST':
email = request.form['email']
username = request.form['username']
password = request.form['password']
verify = request.form['verify']
# VALIDATION #
if email == '' or username == '' or password == '' or verify == '':
flash('Error: One or more fields left blank',
category="is-warning")
return render_template("register.html",
email=email,
username=username)
if not is_email(email):
flash(
'Error: Entered email is not formatted like an email address',
category="is-warning")
return render_template("register.html",
email=email,
username=username)
if not is_valid_username(username):
flash(
'Error: Usernames can only include: hyphens, underscores, letters and numbers',
category="is-warning")
return render_template("register.html",
email=email,
username=username)
email_db_count = User.query.filter_by(email=email).count()
if email_db_count > 0:
flash('Error: Email is already taken.', category="is-warning")
return render_template("register.html",
email=email,
username=username)
username_db_count = User.query.filter_by(username=username).count()
if username_db_count > 0:
flash('Error: Username is already taken.', category="is-warning")
return render_template("register.html",
email=email,
username=username)
if len(email) < 3 or len(username) < 3 or len(password) < 3:
flash(
'Error: Email, username or password has fewer than three characters',
category="is-warning")
return render_template("register.html",
email=email,
username=username)
if password != verify:
flash('Error: Passwords entered do not match.',
category="is-warning")
return render_template("register.html",
email=email,
username=username)
# SUCCESS #
pw_hash = make_pw_hash(password)
user = User(email=email, username=username, pw_hash=pw_hash)
db.session.add(user)
db.session.commit()
session['user'] = user.email
flash('Successfully registered, ' + user.email, category="is-primary")
return redirect("/")
def __init__(self, username, password, first_name, last_name, user_level):
self.username = username
self.password_hash = make_pw_hash(password)
self.first_name = first_name
self.last_name = last_name
self.user_level = user_level
def __init__(self, email, password):
self.email = email
self.pw_hash = make_pw_hash(password)
def __init__(self, email, password, nickname):
self.db_email = email
self.db_password = make_pw_hash(password)
self.db_nickname = nickname
self.db_postcount = 0
def __init__(self, email, password, username):
self.email = email
self.username = username
self.password = make_pw_hash(password)
def __init__(self, first_name, last_name, email, password):
self.first_name = first_name
self.last_name = last_name
self.email = email
self.pw_hash = make_pw_hash(password)
def __init__(self, name, password):
self.name = name
self.pw_hash = make_pw_hash(password)
def post(self):
"""
Validate submitted data, creating a new user if all fields are valid.
If data doesn't validate, render the form again with an error.
This code is essentially identical to the solution to the Signup portion
of the Formation assignment. The main modification is that we are now
able to create a new user object and store it when we have valid data.
"""
submitted_username = self.request.get(
"username"
) #request user submitted data from the browser's post request
submitted_password = self.request.get("password")
submitted_verify = self.request.get("verify")
submitted_email = self.request.get("email")
username = self.validate_username(
submitted_username
) #run the validation fuc created at beginning of this class
password = self.validate_password(submitted_password)
verify = self.validate_verify(submitted_password, submitted_verify)
email = self.validate_email(submitted_email)
errors = {} #Create empty dictionary for potential errors
existing_user = self.get_user_by_name(
username) #Check to see if the submitted username already exists
has_error = False
if existing_user: #1st verification step: if a user by that name exists, create an error
errors[
'username_error'] = "A user with that username already exists"
has_error = True
elif (username and password and verify
and (email is not None)): #If all user inputs check out...
# create new user object and store it in the database, including username and hashed pw
pw_hash = hashutils.make_pw_hash(username, password)
user = User(username=username, pw_hash=pw_hash)
user.put()
# login our new user using the generic method from the BlogHandler
self.login_user(user)
else:
has_error = True #if there are errors, add them to errors dict
if not username:
errors['username_error'] = "That's not a valid username"
if not password:
errors['password_error'] = "That's not a valid password"
if not verify:
errors['verify_error'] = "Passwords don't match"
if email is None:
errors['email_error'] = "That's not a valid email"
if has_error:
t = jinja_env.get_template(
"signup.html") #render signup with error messages
response = t.render(username=username, email=email, errors=errors)
self.response.out.write(response)
else:
self.redirect(
'/blog/newpost'
) #After successful and signup and login, redirect to newpost
def __init__(self, username, password):
self.username = username
self.pw_hash = make_pw_hash(password) #checking salted and hashed pass
def __init__(self, username, password):
self.username = username
self.pw_hash = make_pw_hash(password)
def __init__(self, username, password, email):
self.username = username
self.pw_hash = make_pw_hash(password)
self.email = email
def __init__(self, user, password):
self.user = user
self.pw_hash = make_pw_hash(password)
def __init__(self, email, password, store_num):
self.email = email
self.pw_hash = make_pw_hash(password)
self.store_num = store_num
def __init__(self, username, password):
self.username = username
self.pw_hash = make_pw_hash(password)
def __init__(self, username, password):
self.username = username
print(password)
pw_hash = make_pw_hash(password)
print(pw_hash)
self.pw_hash = pw_hash
