def _check_valid_pw_reset_key(self, key): reset_token = db.query(PasswordResets).filter(PasswordResets.key == key).first() if not reset_token: return None elif reset_token.created < now() - datetime.timedelta(hours=2): db.delete(reset_token) return None return reset_token
def _check_valid_pw_reset_key(self, key): reset_token = db.query(PasswordResets).filter( PasswordResets.key == key).first() if not reset_token: return None elif reset_token.created < now() - datetime.timedelta(hours=2): db.delete(reset_token) return None return reset_token
def reset_password(self): c.page = 'pw reset' c.key = request.params.get('key') c.redirect_url = url(controller='account', action='login') if request.environ['REQUEST_METHOD'] == 'GET': if not c.key: return render('/pw_reset/request.mako') else: reset_token = self._check_valid_pw_reset_key(c.key) if not reset_token: h.add_message('Invalid reset token', 'error') return render('/blank.mako') return render('/pw_reset/set.mako') elif request.environ['REQUEST_METHOD'] == 'POST': if not c.key: # create a password request key email = request.params['email'] user = db.query(User).filter(User.email == email).first() if not user: h.add_message('Invalid email address provided.', 'error') return render('/pw_reset/request.mako') already_requested = db.query(PasswordResets).filter(PasswordResets.user_id == user.id).first() if already_requested: if already_requested.created < now() - datetime.timedelta(hours=2): db.delete(already_requested) else: h.add_message('A password reset has already been requested for this user.', 'error') return render('/blank.mako') pw_reset_key = PasswordResets() pw_reset_key.user_id = user.id pw_reset_key.key = self._generate_pw_reset_key() db.add(pw_reset_key) db.commit() send_reset_password_email(user.email, pw_reset_key.key) h.add_message('Password reset email sent!', 'success') return render('/blank.mako') else: # reset the user's password to what they've submitted reset_token = self._check_valid_pw_reset_key(c.key) if not reset_token: h.add_message('Invalid reset token', 'error') return render('/blank.mako') password = request.params['password'] password_confirm = request.params['password_confirm'] valid_password = validate_password(password, password_confirm) if not valid_password['status']: h.add_message(valid_password['msg'], 'error') return render('/pw_reset/set.mako') user = db.query(User).filter(User.id == reset_token.user_id).first() hashed_pass = h.hash_password(password) user.password = hashed_pass db.delete(reset_token) db.commit() h.add_message('Password successfully set. You should now be able to login.', 'success') return render('/blank.mako')
def _has_made_too_many_reports(self): # TODO: # This filtering / counting should be done by SQLAlchemy. # # This is a quick hack to get around problems with between() and filter/filter_by, # possibly caused by the fact that ReportedQuotes is a Table() obj and not a class # reports = db.query(ReportedQuotes).filter_by(user_id=c.user.id).all() limit = 5 limit_time = now() - datetime.timedelta(hours=1) i = 0 found = [] for report in reports: if limit_time < report.time: found.append(report) if i == limit: break i += 1 return len(found) >= limit
def reset_password(self): c.page = 'pw reset' c.key = request.params.get('key') c.redirect_url = url(controller='account', action='login') if request.environ['REQUEST_METHOD'] == 'GET': if not c.key: return render('/pw_reset/request.mako') else: reset_token = self._check_valid_pw_reset_key(c.key) if not reset_token: h.add_message('Invalid reset token', 'error') return render('/blank.mako') return render('/pw_reset/set.mako') elif request.environ['REQUEST_METHOD'] == 'POST': if not c.key: # create a password request key email = request.params['email'] user = db.query(User).filter(User.email == email).first() if not user: h.add_message('Invalid email address provided.', 'error') return render('/pw_reset/request.mako') already_requested = db.query(PasswordResets).filter( PasswordResets.user_id == user.id).first() if already_requested: if already_requested.created < now() - datetime.timedelta( hours=2): db.delete(already_requested) else: h.add_message( 'A password reset has already been requested for this user.', 'error') return render('/blank.mako') pw_reset_key = PasswordResets() pw_reset_key.user_id = user.id pw_reset_key.key = self._generate_pw_reset_key() db.add(pw_reset_key) db.commit() send_reset_password_email(user.email, pw_reset_key.key) h.add_message('Password reset email sent!', 'success') return render('/blank.mako') else: # reset the user's password to what they've submitted reset_token = self._check_valid_pw_reset_key(c.key) if not reset_token: h.add_message('Invalid reset token', 'error') return render('/blank.mako') password = request.params['password'] password_confirm = request.params['password_confirm'] valid_password = validate_password(password, password_confirm) if not valid_password['status']: h.add_message(valid_password['msg'], 'error') return render('/pw_reset/set.mako') user = db.query(User).filter( User.id == reset_token.user_id).first() hashed_pass = h.hash_password(password) user.password = hashed_pass db.delete(reset_token) db.commit() h.add_message( 'Password successfully set. You should now be able to login.', 'success') return render('/blank.mako')