def lost_passwd(self, data):
""" Send a reset link to user to recover its password """
error = False
msg = ""
# Check input format
email_re = re.compile(
r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom
r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string
r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$',
re.IGNORECASE) # domain
if email_re.match(data["recovery_email"]) is None:
error = True
msg = _("Invalid email format.")
if not error:
reset_hash = hashlib.sha512(
str(random.getrandbits(256)).encode("utf-8")).hexdigest()
user = self.database.users.find_one_and_update(
{"email": data["recovery_email"]},
{"$set": {
"reset": reset_hash
}})
if user is None:
error = True
msg = _("This email address was not found in database.")
else:
try:
subject = _("INGInious password recovery")
body = _("""Dear {realname},
Someone (probably you) asked to reset your INGInious password. If this was you, please click on the following link :
""").format(realname=user["realname"]
) + flask.request.url_root + "register?reset=" + reset_hash
message = Message(recipients=[(user["realname"],
data["recovery_email"])],
subject=subject,
body=body)
mail.send(message)
msg = _(
"An email has been sent to you to reset your password."
)
except Exception as ex:
error = True
msg = _(
"Something went wrong while sending you reset email. Please contact the administrator."
)
self._logger.error("Couldn't send email : {}".format(
str(ex)))
return msg, error
def register_user(self, data):
""" Parses input and register user """
error = False
msg = ""
email_re = re.compile(
r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom
r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string
r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$', re.IGNORECASE) # domain
# Check input format
if re.match(r"^[-_|~0-9A-Z]{4,}$", data["username"], re.IGNORECASE) is None:
error = True
msg = _("Invalid username format.")
elif email_re.match(data["email"]) is None:
error = True
msg = _("Invalid email format.")
elif len(data["passwd"]) < 6:
error = True
msg = _("Password too short.")
elif data["passwd"] != data["passwd2"]:
error = True
msg = _("Passwords don't match !")
elif self.app.terms_page is not None and self.app.privacy_page is not None and "term_policy_check" not in data:
error = True
msg = _("Please accept the Terms of Service and Data Privacy")
if not error:
existing_user = self.database.users.find_one(
{"$or": [{"username": data["username"]}, {"email": data["email"]}]})
if existing_user is not None:
error = True
if existing_user["username"] == data["username"]:
msg = _("This username is already taken !")
else:
msg = _("This email address is already in use !")
else:
passwd_hash = hashlib.sha512(data["passwd"].encode("utf-8")).hexdigest()
activate_hash = hashlib.sha512(str(random.getrandbits(256)).encode("utf-8")).hexdigest()
self.database.users.insert({"username": data["username"],
"realname": data["realname"],
"email": data["email"],
"password": passwd_hash,
"activate": activate_hash,
"bindings": {},
"language": self.user_manager._session.get("language", "en"),
"tos_accepted": True
})
try:
subject = _("Welcome on INGInious")
body = _("""Welcome on INGInious !
To activate your account, please click on the following link :
""") + flask.request.url_root + "register?activate=" + activate_hash
message = Message(recipients=[(data["realname"], data["email"])],
subject=subject,
body=body)
mail.send(message)
msg = _("You are succesfully registered. An email has been sent to you for activation.")
except Exception as ex:
# Remove newly inserted user (do not add after to prevent email sending in case of failure)
self.database.users.remove({"username": data["username"]})
error = True
msg = _("Something went wrong while sending you activation email. Please contact the administrator.")
self._logger.error("Couldn't send email : {}".format(str(ex)))
return msg, error