def reset_token(token):
# check if user is logged in
if current_user.is_authenticated:
return redirect(url_for('users.account'))
user = User.verify_reset_token(token)
# if function does not return an user, flash an error message
# redirect to reset request again
if user is None:
flash('Invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
# Else if user is valid, present form to reset password
form = ResetPasswordForm()
# Handle if form is submitted
if form.validate_on_submit():
# Hash password
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
# Actually create an instance of user and add them to database
db.session.commit()
flash('Your password has been updated. You are now able to log in',
'success')
return redirect(url_for('users.login'))
return render_template('reset_password.html',
title='Reset password',
form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home_blueprint.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token!', 'warning')
return redirect(url_for('users_blueprint.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
password = request.form['password']
hashed_password = hashpw(password.encode('utf8'), gensalt())
user.password = hashed_password
try:
db.session.commit()
except Exception as e:
logger.debug("Attempted to update password for {}.".format(user))
logger.debug("ERROR {}.".format(e))
else:
flash('Your password has been updated!', 'success')
logger.debug("Updated password for user {}.".format(user))
return redirect(url_for('users_blueprint.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hash_pass = bcrypt.generate_password_hash(form.password.data)\
.decode('utf-8')
user.password = hash_pass
db.session.commit()
flash(
'''
Your password has been updated ! You are now able
to log in''', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_password():
token = request.args.get('token', '')
if token != '':
user = User.query.filter_by(password_token=token).first()
if user is not None:
new_password = utilities.generate_random_string(20)
user.password = generate_password_hash(new_password)
user.password_token = ''
db.session.commit()
email_content = Journal.query.filter(Journal.id==122).first().get_journal_content(session['locale'])
send_mail([user.email], email_content.title, render_template_string(email_content.content, new_password=new_password))
return render_template("users/reset_password_confirmed.html"), 200
form = ResetPasswordForm(request.form)
errors = []
# make sure data are valid, but doesn't validate password is right
if form.is_submitted():
is_validated = True
if form.email.data.strip() == '':
is_validated = False
errors.append(gettext('Email is required'))
#validate valid email
match = re.search(r'^.+@([^.@][^@]+)$', form.email.data.strip())
if not match:
is_validated = False
errors.append(gettext('Invalid email address'))
if is_validated:
user = User.query.filter_by(email=form.email.data).first() # @UndefinedVariable
if user is None:
errors.append(gettext('Account not found'))
return render_template("users/reset_password.html", form=form, errors=errors), 404
if user.banned == 1:
errors.append(gettext('The account was banned, please contact an admin for more information'))
return render_template("users/reset_password.html", form=form, errors=errors), 400
user.password_token = utilities.generate_random_string(50)
db.session.commit()
# we use werzeug to validate user's password
email_content = Journal.query.filter(Journal.id==121).first().get_journal_content(session['locale'])
send_mail([user.email], email_content.title, render_template_string(email_content.content, link=url_for('users.reset_password', token=user.password_token, _external=True)))
db.session.commit()
return render_template("users/reset_password_submited.html"), 200
else:
return render_template("users/reset_password.html", form=form, errors=errors), 200
return render_template("users/reset_password.html", form=form, errors=[])
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('main.index'), user='')
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash(_('Su contraseña ha sido reseteada'), 'info')
return redirect(url_for('users.login'))
return render_template('users/reset_password.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user= User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token','warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password=bcrypt.generate_password_hash(form.password.data).decode('utf-8') #decode method is used to represent it in a string rather than bytes.
user.password= hashed_password
db.session.commit()
flash('You password has been updated! You may now login.', 'success')
return redirect(url_for('main.login'))
return render_template('reset_token.html', title='Reset Password', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f'Password for {form.username.data} update susscessful. You can now login', 'success')
return redirect(url_for('main.login'))
return render_template('reset_token.html', title ='Reset Password', form = form)
def reset_password(token):
form = ResetPasswordForm()
user_id = User.verify_reset_token(token)
if not user_id:
flash('That is not a valid reset token or its has expired.')
if form.validate_on_submit():
user = User.query.get(user_id)
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash('Your password has been reset. You can now log in.')
login_user(user)
return redirect(url_for('users.login'))
return render_template('reset_password.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.logged_in', user=current_user.username))
user = User.verify_reset_token(token)
if user is None:
pass # invalid or expired token message
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
print('your account created ')
return redirect(url_for('users.login'))
return render_template('reset_token.html', form=form)
def reset_token(token):
if current_user.is_autheniticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if not user:
flash('That is an invalid token','warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(registerForm.password.data).decode('utf-8')
user = User(username = form.username.data, email = registerForm.email.data, password = hashed_password)
user.password = hashed_password
db.session.commit()
flash(f'Your password has been updated! You are now able to login!','success')
return redirect(url_for('main.home'))
return render_template('reset_token.html', title='Reset Password', form= form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = Blogger.verify_reset_token(token)
if user is None:
flash('Expired or invalid token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f'Password updated', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if not user:
flash('That is an invalid or expired password reset token!', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_pw
db.session.commit()
flash(f'Your password has been updated! Please login with your updated credentials', 'success')
return redirect(url_for('users.login'))
return render_template('reset_password.html', title='Reset Password', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home.homepage'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.password_hash = user.set_password(form.password.data)
db.session.commit()
gc.collect()
flash('Your password has been successfully updated', 'success')
return redirect(url_for('auth.login'))
return render_template('users/change-password.html',
title='Reset password',
form=form)
def reset_password():
""" Display a password reset form. Usual entry point is via a link sent
to the user after pressing 'forgot password'.
A `User` auth token is required for both 'GET' (via `?token=`) and 'POST'
(via hidden field on the form, which is populated from the 'GET')
If the token is missing or invalid in either case, we redirect back to
the login screen.
The token expires after `app.config['PASSWORD_RESET_SECONDS']` or once
the user successfully logs in.
"""
form = ResetPasswordForm(request.form)
token = request.args.get('token')
if token:
form.token.data = token
else:
token = request.form.get('token')
if not token:
flash(_('Bad token.'))
return redirect(url_for('users.login'))
user = User.from_auth_token(
token, max_age=app.config['PASSWORD_RESET_SECONDS']
)
if not user:
flash(_('Bad token.'))
return redirect(url_for('users.login'))
if form.validate_on_submit():
new_password = generate_password_hash(form.password.data)
user.password = new_password
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
flash(_('Your password has been changed.'))
return redirect(url_for('home'))
return render_template('users/reset_password.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('Invalid or expired token', 'danger')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('UTF-8')
user.password = hashed_password
db.session.commit()
login_user(user, duration=timedelta)
flash(f'Your password on {user.Email}, has been updated', 'success')
return redirect(url_for('main.home'))
return render_template('reset-token.html',
title='Reset Password',
form=form)
def reset_password():
""" Display a password reset form. Usual entry point is via a link sent
to the user after pressing 'forgot password'.
A `User` auth token is required for both 'GET' (via `?token=`) and 'POST'
(via hidden field on the form, which is populated from the 'GET')
If the token is missing or invalid in either case, we redirect back to
the login screen.
The token expires after `app.config['PASSWORD_RESET_SECONDS']` or once
the user successfully logs in.
"""
form = ResetPasswordForm(request.form)
token = request.args.get('token')
if token:
form.token.data = token
else:
token = request.form.get('token')
if not token:
flash(_('Bad token.'))
return redirect(url_for('users.login'))
user = User.from_auth_token(token,
max_age=app.config['PASSWORD_RESET_SECONDS'])
if not user:
flash(_('Bad token.'))
return redirect(url_for('users.login'))
if form.validate_on_submit():
new_password = generate_password_hash(form.password.data)
user.password = new_password
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
flash(_('Your password has been changed.'))
return redirect(url_for('home'))
return render_template('users/reset_password.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if user is None:
flash('The reset token has either expired or is invalid', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(
'Your password has been updated! You can now login to your account',
'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.rumah'))
user = User.verify_reset_token(token)
if user is None:
flash('Token sudah invalid atau kadaluarsa', 'warning')
return redirect(url_for('usrs.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(
f'Password Anda telah diubah, Anda sekarang dapat log in menggunakan password yang baru',
'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Ubah Password',
form=form)
def reset_token():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(
token) #calls the verify token function on models.py (class User)
if user is None:
flash('That is an invalid/expired token.', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f'Your password has been changed! You can now login.', 'success')
return redirect(url_for('users.login'))
return render_template('register.html', title='Register', form=form)
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for("main.home"))
user = User.verify_reset_token(token)
if not user:
flash("Token is invalid or has expired!", "danger")
return redirect(url_for("users.reset_request"))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data)
user.password = hashed_password
database.session.commit()
flash("Your password has been updated! Please sign in!", "success")
return redirect(url_for("users.login"))
return render_template("reset_token.html", form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for("main.home"))
user = User.verify_reset_token(token)
if user is None:
flash("That is an invalid or expired token!", "warning")
return redirect(url_for("users.reset_request"))
form = ResetPasswordForm()
if form.validate_on_submit():
hashedPass = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashedPass
db.session.commit()
flash('Your password has been changed', 'success')
# print("User added to database: {}".format(User.query.filter_by(username="******").first()))
print(User.query.all())
redirect(url_for("main.login"))
return render_template("reset_token.html",
title="Reset Password",
form=form)
def reset_token(token):
# verificar se eles estão logados
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if not user:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
# generando um senha segura
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
# f-string, o que define uma variável para conter numa string
flash('You password has been update. You are now able to log in',
'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for("main.home"))
form = RequestResetForm()
user = User.verify_reset_token(token=token)
if user is None:
flash(f"Token in invalid or expired", category="warning")
return redirect(url_for("users.reset_request"))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode("utf-8")
user.password = hashed_password
db.session.commit()
flash(f"Password updated successfully", category="success")
return redirect(url_for("users.login"))
return render_template("reset_token.html",
title="Reset Password",
form=form)
def reset_password():
token = request.args.get('token', '')
if token != '':
user = User.query.filter_by(password_token=token).first()
if user is not None:
new_password = utilities.generate_random_string(20)
user.password = generate_password_hash(new_password)
user.password_token = ''
db.session.commit()
email_content = Journal.query.filter(
Journal.id == 122).first().get_journal_content(
session['locale'])
send_mail([user.email], email_content.title,
render_template_string(email_content.content,
new_password=new_password))
return render_template("users/reset_password_confirmed.html"), 200
form = ResetPasswordForm(request.form)
errors = []
# make sure data are valid, but doesn't validate password is right
if form.is_submitted():
is_validated = True
if form.email.data.strip() == '':
is_validated = False
errors.append(gettext('Email is required'))
#validate valid email
match = re.search(r'^.+@([^.@][^@]+)$', form.email.data.strip())
if not match:
is_validated = False
errors.append(gettext('Invalid email address'))
if is_validated:
user = User.query.filter_by(
email=form.email.data).first() # @UndefinedVariable
if user is None:
errors.append(gettext('Account not found'))
return render_template("users/reset_password.html",
form=form,
errors=errors), 404
if user.banned == 1:
errors.append(
gettext(
'The account was banned, please contact an admin for more information'
))
return render_template("users/reset_password.html",
form=form,
errors=errors), 400
user.password_token = utilities.generate_random_string(50)
db.session.commit()
# we use werzeug to validate user's password
email_content = Journal.query.filter(
Journal.id == 121).first().get_journal_content(
session['locale'])
send_mail([user.email], email_content.title,
render_template_string(email_content.content,
link=url_for(
'users.reset_password',
token=user.password_token,
_external=True)))
db.session.commit()
return render_template("users/reset_password_submited.html"), 200
else:
return render_template("users/reset_password.html",
form=form,
errors=errors), 200
return render_template("users/reset_password.html", form=form, errors=[])
