def register(): form = RegisterForm() if form.validate_on_submit(): logout_session_clear() user = User(email=form.email.data) user.hash_password(form.password.data) user.activity.created = utc_now() verification_code = uuid.uuid4() user.activity.payment_reference = user.uid user.activity.email_verification = EmailVerification( verification_code=str(verification_code)) user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), code="USER CREATED", text="User created", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() user_registered_email(user.email, user.uid, verification_code) return render_template('auth/user_registered.html') return render_template('auth/register.html', form=form)
def registration_confirm(uid, verification_code): user = User.objects.filter(uid=uid).first() if user and user.activity and \ user.activity.email_verification and \ user.activity.email_verification.email_verified == None: if verification_code == str( user.activity.email_verification.verification_code): user.activity.email_verification.email_verified = utc_now() user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01002 - EMAIL CONFIRM", text="Email verified", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() return render_template('auth/email_confirmed.html') else: abort(401)
def forgot(): form = ForgotForm() if form.validate_on_submit(): user = User.objects.filter(email=form.email.data.lower()).first() if user: verification_code = str(uuid.uuid4()) user.activity.password_reset.requested_at = utc_now() user.activity.password_reset.verification_code = verification_code user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01004 - PASSWORD RESET REQUESTED", text="Password reset requested", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() # email the user forgot_password_email(user.uid, verification_code) return render_template('auth/password_forgot_confirmed.html') return render_template('auth/forgot.html', form=form)
def password_reset(uid, verification_code): message = None require_current = None form = PasswordResetForm() user = User.objects.filter(uid=uid).first() if not user and verification_code != user.activity.password_reset.verification_code: abort(401) if request.method == 'POST': del form.current_password if form.validate_on_submit(): user.hash_password(form.password.data) user.activity.password_reset.changed_at = utc_now() user.activity.user_restricted = False user.activity.failed_logins = 0 user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01004 - FORGOT PASSWORD CHANGED", text="Forgot password changed", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() logout_session_clear() return render_template('auth/password_change_confirmed.html') return render_template('auth/password_reset.html', form=form, message=message, require_current=require_current, uid=user.uid, verification_code=verification_code)
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.objects.filter(uid=session.get('uid')).first() if not user: abort(404) if form.validate_on_submit(): if user.verify_password(form.current_password.data): user.hash_password(form.password.data) user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01004 - PASSWORD CHANGE", text="Password changed", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) # save the new password user.save() # log the user out for re-login logout_session_clear() return render_template('auth/password_change_confirmed.html') else: error = "Incorrect password" return render_template('auth/password_reset.html', form=form, require_current=require_current, error=error)
def profile(updated): error = None user = User.objects.filter(uid=session.get('uid')).first() form_avatar = AvatarForm() form_profile = ProfileForm() if form_avatar.upload.data and form_avatar.validate_on_submit(): print("Avatar form submitted") if 'file' not in request.files: error = 'No file part in the request' file = request.files['file'] # if user does not select file, browser also # submit a empty part without filename if file.filename == '': error = 'No selected file' if file and allowed_file(file.filename): filename = secure_filename(file.filename) file.seek(0) pprint(user.profile) user.profile.avatar.replace(file) user.profile.updated = utc_now_int() user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01006 - AVATAR UPLOADED", text="User avatar added", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() session['updated'] = user.profile.updated #if form_profile.save.data and form_profile.validate_on_submit(): if form_profile.save.data: print("Profile form submitted") user.profile = UserProfile( updated=utc_now_int(), first_name=form_profile.first_name.data.strip(), last_name=form_profile.last_name.data.strip(), gender=form_profile.gender.data, date_of_birth=form_profile.date_of_birth.data, avatar=user.profile.avatar #interests = form_profile.interests.data.strip().split(), ) user.profile.addresses.append( Address( created=utc_now(), address_type='main', door_no_name=form_profile.address_door_no_name.data.strip(), street=form_profile.address_street.data.strip(), line_2=form_profile.address_line2.data.strip(), city=form_profile.address_city.data.strip(), county=form_profile.address_county.data.strip(), postcode=form_profile.address_postcode.data.strip(), country=form_profile.address_country.data.strip(), )) user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='INFO', code="01006 - PROFILE UPDATED", text="User profile updated", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"], }).save()) user.save() if form_profile.first_name.data.strip(): session['first_name'] = form_profile.first_name.data.strip() else: session.pop('first_name', None) return render_template('profile/profile_saved.html') # Populate the form when when user loads his profile and then render the template if user: form_profile.first_name.data = user.profile.first_name form_profile.last_name.data = user.profile.last_name form_profile.gender.data = user.profile.gender form_profile.date_of_birth.data = user.profile.date_of_birth if user.profile.addresses: user_address = user.profile.addresses[len(user.profile.addresses) - 1] form_profile.address_door_no_name.data = user_address.door_no_name form_profile.address_street.data = user_address.street form_profile.address_line2.data = user_address.line_2 form_profile.address_city.data = user_address.city form_profile.address_county.data = user_address.county form_profile.address_postcode.data = user_address.postcode form_profile.address_country.data = user_address.country return render_template('profile/user_profile.html', form_profile=form_profile, form_avatar=form_avatar)
def login(): form = LoginForm() error = None if request.method == 'POST': # set the login form email default if user ticked remember me if form.remember_me.data == True: session['form_email'] = form.email.data else: # and remove if he unticked remember me session.pop('form_email', None) if request.method == 'GET' and request.args.get('next'): session['next'] = request.args.get('next') if form.validate_on_submit(): next = session.get('next') #session.pop('uid', none) user = User.objects.filter(email=form.email.data).first() if user: if user.activity.user_restricted == False: if user.verify_password(form.password.data): if user.activity.email_verification.email_verified and user.activity.email_verification.email_verified < utc_now( ): user.activity.failed_logins = 0 user.activity.activity_audit.append( ActivityAudit( uid=user.uid, created=utc_now(), type='INFO', code="01003 - USER LOGON", text="User logged in", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"] }).save()) user.save() session['uid'] = user.uid session['email'] = user.email session['updated'] = user.profile.updated # First check if user profile is populated, if not prompt them to complete it first if (user.profile and user.profile.first_name and user.profile.date_of_birth and user.profile.addresses): session['first_name'] = user.profile.first_name if next: return redirect(next) else: return redirect(url_for('auth_web.home')) else: # User profile is not populated, send user to profile page return redirect( url_for('auth_web.profile', updated=session.get('updated'))) else: user.activity.activity_audit.append( ActivityAudit( uid=user.uid, created=utc_now(), type='WARN', code="11003 - EMAIL NOT CONFIRM", text="Login succeed but email not verified", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"] }).save()) error = 'Email not verified' user.save() user = None else: user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='ERROR', code="11003 - LOGIN FAILURE", text="Login failed", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"] }).save()) error = 'Incorrect credentials' user.activity.failed_logins += 1 if user.activity.failed_logins > 5: # Too many wrong password attempts, restrict login, resetting password will remove this restriction user.activity.user_restricted = True error = "Too many failed attempts, account locked, please reset password" user.save() user = None else: user.activity.activity_audit.append( ActivityAudit(uid=user.uid, created=utc_now(), type='WARN', code="11003 - ACCOUNT LOCKED", text="Account locked", headers={ "REMOTE_ADDR": request.environ["REMOTE_ADDR"], "HTTP_USER_AGENT": request.environ["HTTP_USER_AGENT"], "REMOTE_PORT": request.environ["REMOTE_PORT"] }).save()) error = 'Account locked, please reset password' user.save() user = None else: error = 'Incorrect credentials' return render_template('auth/login.html', form=form, error=error)