Ejemplo n.º 1
0
def forgot_authentication():

	# Handle POST
	error_message = None
	if request.method == 'POST':

		# Get email
		email = request.form.get('email', '')
		if '@illinois.edu' not in email:
			if email == '' or '@' in email:
				error_message = 'Invalid email address. (Did you forget the @illinois.edu?)'
			else:
				# Accept netIDs too
				email = email + "@illinois.edu"

		# Do password/authcode reset
		if error_message is None:

			pw_query = PasswordUser.select().where(PasswordUser.email == email)
			authcode_query = AuthcodeUser.select().where(AuthcodeUser.email == email)

			if pw_query.exists() or authcode_query.exists():

				# Initialize mail object
				mail = Mail()
				mail.subject = "[CS242 Discussion Sections]"

				# Generate secure token
				token = secure_token()

				# Get user/email type
				if pw_query.exists():
					mail.subject += 'Password Reset'
					mail.message = 'Click the link below to reset your password.\n\n' + ROOT_DOMAIN + '/auth/reset/confirm?token=' + token

				else:
					mail.subject += 'Authcode Link'
					mail.message = 'Click the link below to authenticate.\n\n' + ROOT_DOMAIN + '/auth/code?token=' + token + '\n\nIf you have questions, please contact a TA.\n\nThanks,\nCS242 staff.'

				# Send mail
				mail.send([email])

				# If mail sent successfully, update user models
				if pw_query.exists():
					user = pw_query.get()
					user.password_reset_token = token
				else:
					user = authcode_query.get()
					user.authcode = token
				user.save()

				# Redirect to success page
				return render_template('reset-thanks.html')

			else:
				error_message = 'Your email isn\'t on our list. Ask a TA to add you to the site.'

	# Default/GET case
	return render_template('reset-form.html', error_message=error_message)
Ejemplo n.º 2
0
def login_authcode():

	# Get authcode
	authcode = request.args.get('token', None)
	if not authcode:
		return redirect('/auth/reset')
	
	# Get associated user
	user_query = AuthcodeUser.select().where(AuthcodeUser.authcode == authcode)
	if not user_query.exists():
		return redirect('/auth/reset')
	user_obj = user_query.get()

	# Log them in
	session['user_id'] = user_obj.id
	session['is_passworded'] = False
	session['csrf_token'] = secure_token()

	# Go to homepage
	return redirect('/')