def complete_reset(uid, expires, mac):
"""
Complete process of account reset.
:param uid: user id
:type uid: int
:param expires: integer representing time after which the link expires
:type expires: int
:param mac: message authentication code
:type mac: str
"""
from run import app
# Check if time expired
now = int(time.time())
if now <= expires:
user = User.query.filter_by(id=uid).first()
if user is not None:
# Validate HMAC
content_to_hash = "{id}|{expiry}|{passwd}".format(
id=uid, expiry=expires, passwd=user.password)
real_hash = generate_hmac_hash(app.config.get('HMAC_KEY', ''),
content_to_hash)
try:
authentic = hmac.compare_digest(real_hash, mac)
except AttributeError:
g.log.warning(f'falling back to direct comparison of hash...')
# Older python version? Fallback which is less safe
authentic = real_hash == mac
if authentic:
form = CompleteResetForm(request.form)
if form.validate_on_submit():
user.password = User.generate_hash(form.password.data)
g.db.commit()
template = app.jinja_env.get_or_select_template(
'email/password_reset.txt')
message = template.render(name=user.name)
g.mailer.send_simple_message({
"to": user.email,
"subject": "CCExtractor CI platform password reset",
"text": message
})
session['user_id'] = user.id
return redirect("/")
return {
'form': form,
'uid': uid,
'mac': mac,
'expires': expires
}
flash(
'The request to reset your password was invalid. Please enter your email again to start over.',
'error-message')
return redirect(url_for('.reset'))
def complete_reset(uid, expires, mac):
from run import app
# Check if time expired
now = int(time.time())
if now <= int(expires):
user = User.query.filter_by(id=uid).first()
if user is not None:
# Validate HMAC
real_hash = hmac.new(
app.config.get('HMAC_KEY', ''),
"%s|%s|%s" % (uid, expires, user.password)
).hexdigest()
try:
authentic = hmac.compare_digest(real_hash,
mac.encode('utf-8'))
except AttributeError:
# Older python version? Fallback which is less safe
authentic = real_hash == mac
if authentic:
form = CompleteResetForm(request.form)
if form.validate_on_submit():
user.password = User.generate_hash(form.password.data)
g.db.commit()
template = app.jinja_env.get_or_select_template(
'email/password_reset.txt')
message = template.render(name=user.name)
g.mailer.send_simple_message({
"to": user.email,
"subject": "CCExtractor CI platform password reset",
"text": message
})
session['user_id'] = user.id
return redirect("/")
return {
'form': form,
'uid': uid,
'mac': mac,
'expires': expires
}
flash('The request to reset your password was invalid. Please enter your '
'email again to start over.', 'error-message')
return redirect(url_for('.reset'))
def complete_reset(uid, expires, mac):
from run import app
# Check if time expired
now = int(time.time())
if now <= expires:
user = User.query.filter_by(id=uid).first()
if user is not None:
# Validate HMAC
content_to_hash = "{id}|{expiry}|{passwd}".format(id=uid, expiry=expires, passwd=user.password)
real_hash = generate_hmac_hash(app.config.get('HMAC_KEY', ''), content_to_hash)
try:
authentic = hmac.compare_digest(real_hash, mac)
except AttributeError:
# Older python version? Fallback which is less safe
authentic = real_hash == mac
if authentic:
form = CompleteResetForm(request.form)
if form.validate_on_submit():
user.password = User.generate_hash(form.password.data)
g.db.commit()
template = app.jinja_env.get_or_select_template('email/password_reset.txt')
message = template.render(name=user.name)
g.mailer.send_simple_message({
"to": user.email,
"subject": "CCExtractor CI platform password reset",
"text": message
})
session['user_id'] = user.id
return redirect("/")
return {
'form': form,
'uid': uid,
'mac': mac,
'expires': expires
}
flash('The request to reset your password was invalid. Please enter your email again to start over.',
'error-message')
return redirect(url_for('.reset'))