def send_verification_email(email, mail_manager):
token = Token.generate_confirmation_token(email)
confirm_url = url_for('confirm_email', token=token, _external=True)
html = render_template('confirmation.html', confirm_url=confirm_url)
subject = "Please confirm your email"
mail_manager.send_email(email, subject, html)
flash('A confirmation email has been sent via email.', 'success')
def send_verification_email(email, mail_manager):
token = Token.generate_confirmation_token(email)
confirm_url = url_for('confirm_email', token=token, _external=True)
html = render_template('confirmation.html', confirm_url=confirm_url)
subject = "Please confirm your email"
mail_manager.send_email(email, subject, html)
flash('A confirmation email has been sent via email.', 'success')
def test_password_is_updated(self):
with self.app as c:
c.post('/reset-password', data=dict(
token = Token.generate_confirmation_token(test_email),
password = new_test_password
), follow_redirects=True)
user = DB.get_user_by_email(test_email)
self.assertEqual(decrypt(user.password), new_test_password)
def test_reset_password_get(self):
with self.app as c:
resp = c.get('/reset-password', data=dict(
token = Token.generate_confirmation_token(test_email)
), follow_redirects=True)
assert resp.status_code is 200
page_data = resp.get_data()
assert reset_password_success in page_data
def test_password_is_updated(self):
with self.app as c:
c.post('/reset-password',
data=dict(
token=Token.generate_confirmation_token(test_email),
password=new_test_password),
follow_redirects=True)
user = DB.get_user_by_email(test_email)
self.assertEqual(decrypt(user.password), new_test_password)
def test_reset_password_get(self):
with self.app as c:
resp = c.get(
'/reset-password',
data=dict(token=Token.generate_confirmation_token(test_email)),
follow_redirects=True)
assert resp.status_code is 200
page_data = resp.get_data()
assert reset_password_success in page_data
def test_weak_password_rejected(self):
with self.app as c:
resp = c.post('/reset-password', data=dict(
token = Token.generate_confirmation_token(test_email),
password = new_weak_password
), follow_redirects=True)
assert resp.status_code is 200
page_data = resp.get_data()
assert weak_password_message in page_data
def test_weak_password_rejected(self):
with self.app as c:
resp = c.post(
'/reset-password',
data=dict(token=Token.generate_confirmation_token(test_email),
password=new_weak_password),
follow_redirects=True)
assert resp.status_code is 200
page_data = resp.get_data()
assert weak_password_message in page_data
def send_contact_seller_email(email, sender_email, mail_manager, message, textbook_title):
token = Token.generate_confirmation_token(email)
confirm_url = url_for('contact_seller', token=token, _external=True)
email_header = "Message from " + sender_email + " - They are interested in buying your book: " + textbook_title + "\n\n"
if message == '':
message = email_header + "Hello! I am interested in buying your textbook!"
else:
message = email_header + message
html = render_template('contact_seller_confirmation.html', message=message, sender_email=sender_email)
subject = "Interest in your textbook: " + textbook_title
mail_manager.send_email(email, subject, html)
flash('Your message has been sent!', 'success')
def send_contact_seller_email(email, sender_email, mail_manager, message,
textbook_title):
token = Token.generate_confirmation_token(email)
confirm_url = url_for('contact_seller', token=token, _external=True)
email_header = "Message from " + sender_email + " - They are interested in buying your book: " + textbook_title + "\n\n"
if message == '':
message = email_header + "Hello! I am interested in buying your textbook!"
else:
message = email_header + message
html = render_template('contact_seller_confirmation.html',
message=message,
sender_email=sender_email)
subject = "Interest in your textbook: " + textbook_title
mail_manager.send_email(email, subject, html)
flash('Your message has been sent!', 'success')
def forgot_password():
if request.method == 'GET':
return render_template('forgot_password.html')
elif request.method == 'POST':
email = request.form['email']
if dbOps.get_user_by_email(email) is None:
flash('The email you entered is not associated with any account. Please verify the email address.', 'danger')
return redirect(url_for('forgot_password'))
else:
token = Token.generate_confirmation_token(email)
recover_password_url = url_for('reset_password', token=token, _external=True)
html = render_template('reset_password.html', recover_password_url=recover_password_url)
subject = "BookSwap - Password Recovery"
mail_manager.send_email(email, subject, html)
flash("An email has been sent to your account, please follow the link to reset your password.", 'success')
return redirect(url_for('index'))
def confirm_email(token):
email = None
try:
email = Token.confirm_token(token)
except:
flash('The confirmation link is invalid or has expired.', 'danger')
return redirect(url_for('index'))
try:
user = User.objects.get(email=email)
if user.activated:
flash('Account already confirmed. Please login.', 'success')
else:
user.activated = True
DBOperations.activate_user(email)
flash('You have confirmed your account. Thanks!', 'success')
except:
flash('The account activation URL specified is not associated to any account', 'danger')
return redirect(url_for('index'))
def confirm_email(token):
email = None
try:
email = Token.confirm_token(token)
except:
flash('The confirmation link is invalid or has expired.', 'danger')
return redirect(url_for('index'))
try:
user = User.objects.get(email=email)
if user.activated:
flash('Account already confirmed. Please login.', 'success')
else:
user.activated = True
DBOperations.activate_user(email)
flash('You have confirmed your account. Thanks!', 'success')
except:
flash(
'The account activation URL specified is not associated to any account',
'danger')
return redirect(url_for('index'))
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [error for errorSublist in errors for error in errorSublist]
if(len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def forgot_password():
if request.method == 'GET':
return render_template('forgot_password.html')
elif request.method == 'POST':
email = request.form['email']
if dbOps.get_user_by_email(email) is None:
flash(
'The email you entered is not associated with any account. Please verify the email address.',
'danger')
return redirect(url_for('forgot_password'))
else:
token = Token.generate_confirmation_token(email)
recover_password_url = url_for('reset_password',
token=token,
_external=True)
html = render_template('reset_password.html',
recover_password_url=recover_password_url)
subject = "BookSwap - Password Recovery"
mail_manager.send_email(email, subject, html)
flash(
"An email has been sent to your account, please follow the link to reset your password.",
'success')
return redirect(url_for('index'))
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [
error for errorSublist in errors for error in errorSublist
]
if (len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(
str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)