def forgot_authentication():
# Handle POST
error_message = None
if request.method == 'POST':
# Get email
email = request.form.get('email', '')
if '@illinois.edu' not in email:
if email == '' or '@' in email:
error_message = 'Invalid email address. (Did you forget the @illinois.edu?)'
else:
# Accept netIDs too
email = email + "@illinois.edu"
# Do password/authcode reset
if error_message is None:
pw_query = PasswordUser.select().where(PasswordUser.email == email)
authcode_query = AuthcodeUser.select().where(AuthcodeUser.email == email)
if pw_query.exists() or authcode_query.exists():
# Initialize mail object
mail = Mail()
mail.subject = "[CS242 Discussion Sections]"
# Generate secure token
token = secure_token()
# Get user/email type
if pw_query.exists():
mail.subject += 'Password Reset'
mail.message = 'Click the link below to reset your password.\n\n' + ROOT_DOMAIN + '/auth/reset/confirm?token=' + token
else:
mail.subject += 'Authcode Link'
mail.message = 'Click the link below to authenticate.\n\n' + ROOT_DOMAIN + '/auth/code?token=' + token + '\n\nIf you have questions, please contact a TA.\n\nThanks,\nCS242 staff.'
# Send mail
mail.send([email])
# If mail sent successfully, update user models
if pw_query.exists():
user = pw_query.get()
user.password_reset_token = token
else:
user = authcode_query.get()
user.authcode = token
user.save()
# Redirect to success page
return render_template('reset-thanks.html')
else:
error_message = 'Your email isn\'t on our list. Ask a TA to add you to the site.'
# Default/GET case
return render_template('reset-form.html', error_message=error_message)
