def load_user(user_id): user_data = db.child("users").child(user_id).get() if user_data.val() is None: return None user = User() user.id = user_data.val()["id"] user.email = user_data.val()["email"] return user
def profile_edit_add(): status = User().update_user(request.form) if status == "Success": return redirect('/profile') else: id = request.form.get('id', None) user, _ = User().get_user(db, id) context = {"parameters": User().get_parameters(), "user": user} return render_template('profile_edit.html', **context)
def login(): login_form = LoginForm(request.form) if request.method == 'POST' and login_form.validate(): user = User() user.email = login_form.email.data user.password = login_form.password.data login_result = login_form.login(user) if login_result >= 0: user.id = login_result login_user(user) return redirect(url_for('router.search')) if login_result == -1: flash("Incorrect email or password") if login_result == -3: return redirect(url_for('router.reset_password')) return render_template('index.html', login_form=LoginForm(), signup_form=SignUpForm())
def search(): search = searchBar() if search.validate_on_submit(): user = User() name, score = closest_match(search.ta_name.data)[0] num_views = user.number_views() if num_views is not None: if num_views <= 0 and not user.ta_viewable(name): return redirect('/purchase_credits') # if match score less than 90, don't redirect and waste a view if score < 90: return render_template('search.html', form=search) else: user.handle_viewlist(name) return redirect('/TA/' + name) return render_template('search.html', form=search)
def reset_with_token(token): try: password_reset_serializer = URLSafeTimedSerializer( current_app.config['SECRET_KEY']) email = password_reset_serializer.loads(token, salt='password-reset-salt', max_age=3600) except: flash('The password reset link is invalid or has expired.', 'error') return redirect(url_for('router.home')) form = PasswordForm() if form.validate_on_submit(): found = False users = db.child("users").get() for u in users.each(): data = u.val() if data['email'] == email: curr_user = User() found = True id = data['id'] curr_pass = data['password'] if curr_user.decrypt(curr_pass, form.password.data): flash('new password cannot be a previous password') return render_template('reset_password_with_token.html', form=form, token=token) payload = {} payload['password'] = curr_user.encrypt(form.password.data) db.child("users").child(id).update(payload) curr_user.update_password_reset(id) break flash('Your password has been updated!', 'success') return redirect(url_for('router.home')) return render_template('reset_password_with_token.html', form=form, token=token)
def create_unauthenticated_user(self, db, signup_form): # SEND AN EMAIL CONFIRMATION self.send_confirmation_email(signup_form.email_addr.data) # CREATES A USER AND PUSHES IT INTO DB new_user = User() new_user.id = len(db.child("users").get().val()) new_user.email = signup_form.email_addr.data new_user.first_name = signup_form.first_name.data new_user.last_name = signup_form.last_name.data new_user.password = new_user.encrypt( signup_form.password.data) # encrypt the password new_user.authenticated = False reset_date = datetime.datetime.now() + datetime.timedelta(6 * 365 / 12) new_user.password_reset = reset_date.isoformat() new_user.credits = 0 new_user.num_lockouts = 0 last_lockout = datetime.datetime.now() new_user.last_lockout = last_lockout.isoformat() new_user.viewable_ta = "" new_user.remaining_views = 3 db.child("users").child(new_user.id).set(json.loads(new_user.toJSON())) db.child("users").child(new_user.id).child('viewable_ta').push({ 'name': "placeholder", 'rated': False })
def profile_edit(): id = request.args.get('id', None) parameters = User().get_parameters() user, _ = User().get_user(db, id) context = {"parameters": parameters, "user": user} return render_template('profile_edit.html', **context)
def profile(): current_session_user = db.child("users").child(current_user.id).get().val() id = int(current_session_user['id']) user, ta_list = User().get_user(db, id) context = {"user": user, "ta_list": ta_list} return render_template('profile.html', **context)
def login(self, user): decrypter = User() # we need the decrypt function from the user users = db.child("users").get() for u in users.each(): data = u.val() if data['email'] == user.email and decrypter.decrypt( data["password"], user.password): #data["password"] == user.password: last_lockout = data['last_lockout'] last_lockout = datetime.datetime.strptime( last_lockout, '%Y-%m-%dT%H:%M:%S.%f') if last_lockout > datetime.datetime.now(): flash( "Too many login attempts. Please try again in 5 minutes" ) return -4 if data['authenticated'] is False: flash("Account not authenticated. Please reauthenticate.") return -2 reset_date = data['password_reset'] reset_date_obj = datetime.datetime.strptime( reset_date, '%Y-%m-%dT%H:%M:%S.%f') if reset_date_obj < datetime.datetime.now(): flash("Password has expired. Please reset your password") return -3 id = data['id'] db.child('users').child(id).update({"num_lockouts": 0}) return int(data['id']) #incorrect password elif data['email'] == user.email: id = data['id'] num_lockouts = data['num_lockouts'] last_lockout = data['last_lockout'] last_lockout = datetime.datetime.strptime( last_lockout, '%Y-%m-%dT%H:%M:%S.%f') num_lockouts += 1 if last_lockout < datetime.datetime.now(): if num_lockouts % 5 == 0: last_lockout = datetime.datetime.now() + timedelta( minutes=5) last_lockout = last_lockout.isoformat() flash( "Too many login attempts. Please try again in 5 minutes" ) db.child('users').child(id).update({ "num_lockouts": num_lockouts, "last_lockout": last_lockout }) return -4 else: db.child('users').child(id).update( {"num_lockouts": num_lockouts}) return -1 else: flash( "Too many login attempts. Please try again in 5 minutes" ) return -2 return -1