def reset_with_token(token):
try:
password_reset_serializer = URLSafeTimedSerializer(
app.config['SECRET_KEY'])
email = password_reset_serializer.loads(token,
salt='password-reset-salt',
max_age=3600)
except:
flash('The password reset link is invalid or has expired.', 'error')
return redirect(url_for('login'))
form = PasswordForm()
if form.validate_on_submit():
try:
user = User.query.filter_by(email=email).first_or_404()
except:
flash('Invalid email address!', 'error')
return redirect(url_for('login'))
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('login'))
return render_template('reset_password_with_token.html',
form=form,
token=token)
def edit(self, request, pk):
obj = self.Model.objects.get(id=pk)
form = self.Form(request.POST or None, instance=obj)
user_form = UserForm(request.POST or None, instance=obj.user)
if request.method == "GET":
return render(
request, "shared/editor.html", {
"sidebar": self.name,
"forms": [form, user_form, PasswordForm],
"index_link": self.Model.list_link()
})
elif request.method == "POST":
password_form = PasswordForm(request.POST or None)
if user_form.is_valid() and form.is_valid(
) and password_form.is_valid():
user, partner = user_form.save(commit=False), form.save(
commit=False)
user.set_password(password_form.cleaned_data.get("password"))
user.save()
form.user = user
form.save()
return redirect(self.Model.list_link())
return render(
request, "shared/editor.html", {
"sidebar": self.name,
"forms": [form, user_form, PasswordForm],
"index_link": self.Model.list_link()
})
def add(self, request):
forms = [self.Form, UserForm, PasswordForm]
if request.method == "GET":
return render(
request, "shared/editor.html", {
"sidebar": self.name,
"forms": forms,
"index_link": self.Model.list_link(),
})
elif request.method == "POST":
user_form = UserForm(request.POST)
password_form = PasswordForm(request.POST)
form = self.Form(request.POST)
if user_form.is_valid() and password_form.is_valid(
) and form.is_valid():
user, account = user_form.save(commit=False), form.save(
commit=False)
user.role = self.role
user.set_password(password_form.cleaned_data.get("password"))
user.save()
account.user = user
account.save()
return redirect(self.Model.list_link())
return render(
request, "shared/editor.html", {
"sidebar": self.name,
"form": [form, user_form, password_form],
"index_link": self.Model.list_link()
})
def delete():
"""Allows an authenticated user to delete their account."""
# Initialize the form and heading text.
form = PasswordForm()
heading = "Delete Account"
# If the form is valid, try to delete the user.
if form.validate_on_submit():
u = (db.session.query(User).filter(
User.email == current_user.email).first())
# Delete the user if they provided the proper password.
if u and checkpw(form.pw.data.encode("utf-8"), u.pw_hash):
logout_user()
db.session.delete(u)
db.session.commit()
flash(
f'Your account, "{u.email}", has been removed',
category="secondary",
)
app.logger.info(f"Removed account : {u.email}")
return redirect(url_for("base.index"))
else:
flash("Invalid Password", category="danger")
app.logger.warning(f"Attempted account removal: {u.email}")
return render_template("user/form.html", form=form, heading=heading)
def login2():
user_hash = str(request.args.get('user_hash'))
user = User.query.filter_by(user_hash=user_hash).first()
css = user.css
short_pass = str(request.args.get('short_pass'))
count = int(request.args.get('count'))
form = PasswordForm()
flash('Enter password characters ' + short_pass +
" together with no spaces.")
if form.validate_on_submit():
if not user.checkPPassword(form.password.data, short_pass):
count += 1
if count == 3:
flash('Out of attempts. New OTP required.')
return redirect(url_for('login'))
else:
flash('Incorrect characters')
flash('You have ' + str(3 - count) +
' attempts left before process reset')
return redirect(
url_for('login2',
user_hash=user_hash,
short_pass=short_pass,
count=count))
login_user(user)
return redirect(url_for('index'))
return render_template('login2.html', title='Sign In', form=form, css=css)
def profile():
form1 = ProfileForm()
form2 = PasswordForm()
user = User.query.filter_by(UserAccountId=current_user.get_id()).first()
if form1.submit.data and form1.validate_on_submit():
if user.Profile == None:
user_profile = UserProfile(FirstName=form1.first_name.data, LastName=form1.last_name.data, DOB=form1.dob.data, \
Phone=form1.phone.data, Address=form1.address.data, Country=form1.country.data, owner=user)
db.session.add(user_profile)
db.session.commit()
else:
user.Profile.FirstName = form1.first_name.data
user.Profile.LastName = form1.last_name.data
user.Profile.DOB = form1.dob.data
user.Profile.Phone = form1.phone.data
user.Profile.Address = form1.address.data
user.Profile.Country = form1.country.data
db.session.commit()
flash('Changes succesfully saved!')
return redirect(url_for('profile'))
if form2.update.data and form2.validate_on_submit():
if user is None or not user.check_password(form2.password.data):
flash('Invalid current password')
return redirect(url_for('profile'))
user.set_password(form2.new_password.data)
db.session.commit()
flash('Password succesfully updated!')
return redirect(url_for('profile'))
return render_template('account-profile.html',
title='Profile',
form1=form1,
form2=form2)
def password():
form = PasswordForm()
if form.validate_on_submit():
new_password = form.password.data
g.user.password = generate_password_hash(new_password)
db.session.commit()
return redirect(url_for('index'))
return render_template('password.html', form=form)
def reset():
"""Allows the user to reset their password.
This is secured using an expiring token which is sent to the user
via email. This endpoint will redirect the user elsewhere if the
token is missing, invalid, or expired.
"""
# Redirect users who are already logged in.
if current_user.is_authenticated:
flash("You are already logged in", category="danger")
app.logger.info(
f'Attempted reset from logged in user : {current_user.email} from"'
f' {request.environ["REMOTE_ADDR"]}')
return redirect(url_for("base.index"))
# Get the token from the URL.
token = request.args.get("token", None)
# Ensure a token is provided.
if not token:
app.logger.warning(f'No token sent to the "reset" page from "'
f'{request.environ["REMOTE_ADDR"]}')
flash("Your request is not valid", category="danger")
return redirect(url_for("base.index"))
# Ensure the provided token is valid
token_data = load_pw_token(token)
if token_data:
# Store the user's email
email = token_data["email"].lower()
# Initialize the form and the heading text.
form = PasswordForm()
heading = "Reset Password"
# If the form is valid, reset the user's password.
if form.validate_on_submit():
result = change_pw(email, form.pw.data)
if result.success:
flash(
result.message,
category="secondary",
)
return redirect(url_for("user.login"))
else:
flash(result.message)
return redirect(url_for("user.register"))
return render_template("user/form.html", form=form, heading=heading)
else:
app.logger.warning(f'Invalid token passed to the "reset" page from "'
f'{request.environ["REMOTE_ADDR"]}')
flash("Your request is no longer valid", category="danger")
return redirect(url_for("user.recover"))
def password_edit():
form = PasswordForm()
if request.method == 'POST' and form.validate():
user = User.objects(id=current_user.id).first()
user.reset_password(form.password.data).save()
flash('Your password account has been updated sucessfully!')
return redirect(url_for('index'))
flash_form_errors(form)
return redirect(url_for('index'))
def profil_edit():
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(id=current_user.id).first()
user.set_password(form.password.data)
db.session.bulk_save_objects([user])
db.session.commit()
flash('Votre mot de passe a bien été modifié!')
return redirect(url_for('index'))
return render_template('profil.html', form=form)
def changepw():
form = PasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.password1.data):
current_user.password = form.password2.data
db.session.add(current_user)
flash('密码修改成功')
else:
flash('原密码错误')
return render_template('user/changepw.html', form=form)
def setnewpassword(uid):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.query.filter_by(id=uid).first()
form = PasswordForm()
if 'password' in request.form:
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('login'))
return render_template('setnewpassword.html', form=form)
def password():
"""
Return the change password page and redirect to the home page
if password change is successful.
"""
password_form = PasswordForm()
if password_form.validate_on_submit():
current_user.update_password(password_form.current_password.data,
password_form.new_password.data)
return redirect('/')
return render_template('change_password.html', password_form=password_form)
def change_password():
form = PasswordForm()
if form.validate_on_submit():
user = User().change_password(current_user.id, form.current_password.data, form.new_password.data)
if user is None:
flash('Invalid password.', 'danger')
return redirect(url_for('change_password'))
flash('Your password has been changed', 'success')
return redirect(url_for('get_user'))
return render_template('change_password.html', title='Change password', form=form)
def change_password():
form = PasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.pre_password.data):
# 首先要验证旧密码的正确性,如果错误要有处理
current_user.password = form.new_password.data
db.session.add(current_user)
flash('修改密码成功')
return redirect(url_for('main.index'))
else:
flash('修改密码失败,请重新尝试')
return render_template('user/change_password.html', form=form)
def change_password():
form = PasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_pwd.data):
current_user.password = form.new_pwd.data
db.session.add(current_user)
flash('密码修改成功,下次请使用新密码登录')
return redirect(url_for('main.index'))
else:
flash('无效的原始密码')
return redirect(url_for('user.change_password'))
return render_template('user/change_password.html', form=form)
def edit(request):
forms = []
if request.user.role.name == "client":
client = Client.objects.get(user=request.user)
forms.append(ClientForm(request.POST or None, instance=client))
elif request.user.role.name == "partner":
partner = Partner.objects.get(user=request.user)
forms.append(PartnerForm(request.POST or None, instance=partner))
user_form = UserForm(request.POST or None, instance=request.user)
forms += [user_form, PasswordForm]
if request.method == "GET":
return render(request, "shared/editor.html", {
"forms": forms,
"index_link": reverse("index")
})
elif request.method == "POST":
password_form = PasswordForm(request.POST)
additional = True
if request.user.role.name == "client":
client = Client.objects.get(user=request.user)
form = ClientForm(request.POST or None, instance=client)
forms.append(form)
additional = form.is_valid()
elif request.user.role.name == "partner":
partner = Partner.objects.get(user=request.user)
form = PartnerForm(request.POST or None, instance=partner)
forms.append(form)
additional = form.is_valid()
if user_form.is_valid() and password_form.is_valid() and additional:
if request.user.role.name in ("client", "partner"):
form.save()
user = user_form.save(commit=False)
password = password_form.cleaned_data.get("password")
if password and not user.check_password(password):
user.set_password(password)
user.save()
return redirect("auth:logout")
user.save()
return redirect("index")
else:
return render(request, "shared/editor.html", {
"forms": forms,
"index_link": reverse("index")
})
def user_password_reset(username):
from app import user_manager
password_form = PasswordForm()
success = False
if password_form.validate_on_submit():
user = User.query.filter_by(username=username).first()
user.password = user_manager.hash_password(password_form.password.data)
db.session.add(user)
db.session.commit()
success = True
return render_template('user_password_reset.html', form=password_form, success=success)
def change_password():
form = PasswordForm()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
if form.password1.data == form.password2.data:
current_user.password = form.password1.data
current_user.password_expires = None
db.session.commit()
flash('Password changed!')
return redirect(url_for('index'))
else:
flash("Passwords don't match!")
else:
flash('Incorrect password.')
return render_template('change_password.html', form=form)
def update_password(self):
form = PasswordForm(request.form)
if not form.validate_on_submit():
save_form_to_session(request.form)
return redirect(url_for("UserView:edit"))
self.user.set_password_hash(form.password.data)
self.user.password_version = application.config["PASSWORD_VERSION"]
if self.user.edit():
flash("Heslo bylo změněno", "success")
else:
flash("Nepovedlo se změnit heslo", "error")
return redirect(url_for("UserView:show"))
def password(email=''):
if current_user.is_authenticated:
return redirect(url_for('index'))
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
if user is None or not user.check_password(form.password.data):
flash('Credentials are incorrect')
return redirect(url_for('login'))
login_user(user, remember=form.remember_me.data)
flash('You are now logged in.')
return redirect(url_for('index', name=user.name))
return render_template('password.html', form=form, page='password', email=email)
def settings_password():
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(id=int(current_user.id)).first()
if user is None:
flash('Error! We could not update your password.', 'error')
return redirect(url_for('settings_password'))
if not user.check_password(form.currentpassword.data):
flash('Error! Your current password appears to be incorrect.',
'error')
return redirect(url_for('settings_password'))
user.set_password(form.newpassword.data)
db.session.commit()
flash('Your password was updated!', 'info')
return redirect(url_for('settings_password'))
return render_template('settings_password.html',
title='Settings',
form=form)
def pwd_post(request):
request.session['tab'] = 'tab2'
form = PasswordForm(request.POST)
print request.POST.get('oldpassword', '')
print request.user
print form.is_valid()
if form.is_valid():
oldpassword = request.POST.get('oldpassword', '')
print request.user.check_password(oldpassword)
if request.user.check_password(oldpassword):
newpassword = request.POST.get('newpassword1', '')
request.user.set_password(newpassword)
request.user.save()
else:
form.errors['oldpassword'] = ErrorList([u'原密码不正确啊'])
return profile(request, error_pwd_form=form)
else:
return profile(request, error_pwd_form=form)
return redirect(to='profile')
def password_page():
"""Handle password authentication for admins
"""
if not 'email' in request.form or not request.form['email']:
return redirect(url_for('login_page'))
if current_user.is_authenticated:
return redirect(url_for('index_page'))
form = PasswordForm()
if 'password_submit' in request.form and form.validate_on_submit():
next_page = request.args.get('next')
user = User.query.filter_by(email=request.form['email']).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password.')
return redirect(url_for('login_page'))
login_user(user)
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index_page')
return redirect(next_page)
return render_template('password.html', title='Sign In', form=form)
def reset_with_token(token):
try:
email = confirm_token(token)
except Exception:
flash('The reset link is invalid or has expired.', 'danger')
form = PasswordForm()
if form.validate_on_submit():
user = models.User.query.filter_by(email=email).first_or_404()
user.set_password(form.password.data)
user.is_email_authenticated = True
db.session.add(user)
db.session.commit()
flash('Password reset.', 'success')
return redirect(url_for('login'))
return render_template('reset_with_token.html',
title='Reset Password',
form=form,
token=token)
def password(nickname):
PasForm = PasswordForm()
if PasForm.validate_on_submit():
password = PasForm.password.data
remember_me = False
if 'remember_me' in session:
remember_me = session['remember_me']
session.pop('remember_me', None)
user = initUser(nickname, password)
if user == False:
return render_template('password.html', form=PasForm, nickname=nickname, errorPass = '******')
login_user(user, remember = remember_me)
return redirect(url_for('index'))
if checkNickname(nickname):
return render_template('password.html', form=PasForm, nickname=nickname)
else:
return redirect(url_for('registry', nickname=nickname))