def login_email_passreset(code):
""" They've clicked on a password reset link.
Log them in (might as well) and send them to the password reset page."""
# This will also confirm their email if they haven't.
# Doesn't seem to be any harm in doing that
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
user = Users2.get_user(uid)
session['username'] = user['uname']
session['user_id'] = uid
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, uid, uid, "UserAuth",
"%s logged in using password reset email" % (session['username'], ))
flash("Please change your password")
return redirect(url_for("setup_change_pass"))
def login_email_passreset(code):
""" They've clicked on a password reset link.
Log them in (might as well) and send them to the password reset page."""
# This will also confirm their email if they haven't.
# Doesn't seem to be any harm in doing that
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
user = Users2.get_user(uid)
session['username'] = user['uname']
session['user_id'] = uid
session['user_givenname'] = user['givenname']
session['user_familyname'] = user['familyname']
session['user_fullname'] = user['fullname']
session['user_authtype'] = "local"
audit(1, uid, uid, "UserAuth",
"%s logged in using password reset email" % (session['username'],))
flash("Please change your password")
return redirect(url_for("setup_change_pass"))
def login_confirm(code):
""" They've clicked on a confirmation link."""
if not OaConfig.open_registration:
abort(404)
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
return render_template("login_signup_confirmed.html")
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"),
code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"),
code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def login_confirm(code):
""" They've clicked on a confirmation link."""
if not OaConfig.open_registration:
abort(404)
if len(code) > 20:
abort(404)
uid = Users.verify_confirm_code(code)
if not uid:
abort(404)
Users.set_confirm(uid)
Users.set_confirm_code(uid, "")
return render_template("login_signup_confirmed.html")
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
