def ban_user(user): """Bans a user if it was not already banned. This also sends the user an email that he was banned. """ if user.is_banned: return user.is_banned = True send_email(_(u'User account banned'), render_template('mails/user_banned.txt', user=user), user.email) session.commit()
def reset_password(self, request, user): if settings.REGISTRATION_REQUIRES_ACTIVATION: user.is_active = False confirmation_url = url_for('core.activate_user', email=user.email, key=user.activation_key, _external=True) send_email(_(u'Registration Confirmation'), render_template('mails/activate_user.txt', user=user, confirmation_url=confirmation_url), user.email) request.flash(_(u'A mail was sent to %s with a link to finish the ' u'registration.') % user.email) else: request.flash(_(u'You\'re registered. You can login now.'))
def reset_password(request, email=None, key=None): """Resets the password if possible.""" auth = get_auth_system() if not auth.can_reset_password: raise NotFound() form = ResetPasswordForm() new_password = None # if the user is logged in, he goes straight back to the overview # page. Why would a user that is logged in (and does not anywhere # see a link to that page) reset the password? Of course that does # not give us anything security wise because he just has to logout. if request.is_logged_in: return redirect(url_for('kb.overview')) # we came back from the link in the mail, try to reset the password if email is not None: for user in User.query.filter_by(email=email).all(): if user.password_reset_key == key: break else: request.flash(_(u'The password-reset key expired or the link ' u'was invalid.'), error=True) return redirect(url_for('core.reset_password')) new_password = user.set_random_password() session.commit() # otherwise validate the form elif request.method == 'POST' and form.validate(request.form): user = form.user reset_url = url_for('core.reset_password', email=user.email, key=user.password_reset_key, _external=True) send_email( _(u'Reset Password'), render_template('mails/reset_password.txt', user=user, reset_url=reset_url), user.email) request.flash( _(u'A mail with a link to reset the password ' u'was sent to ā%sā') % user.email) return redirect(url_for('kb.overview')) return render_template('core/reset_password.html', form=form.as_widget(), new_password=new_password)
def reset_password(self, request, user): if settings.REGISTRATION_REQUIRES_ACTIVATION: user.is_active = False confirmation_url = url_for('core.activate_user', email=user.email, key=user.activation_key, _external=True) send_email( _(u'Registration Confirmation'), render_template('mails/activate_user.txt', user=user, confirmation_url=confirmation_url), user.email) request.flash( _(u'A mail was sent to %s with a link to finish the ' u'registration.') % user.email) else: request.flash(_(u'You\'re registered. You can login now.'))
def unban_user(user): """Unbans the user. What this actually does is sending the user an email with a link to reactivate his account. For reactivation he has to give himself a new password. """ if not user.is_banned: return if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN: user.is_active = False user.is_banned = False reset_url = url_for('core.reset_password', email=user.email, key=user.password_reset_key, _external=True) send_email(_(u'Your ban was lifted'), render_template('mails/user_unbanned.txt', user=user, reset_url=reset_url), user.email) session.commit()
def reset_password(request, email=None, key=None): """Resets the password if possible.""" auth = get_auth_system() if not auth.can_reset_password: raise NotFound() form = ResetPasswordForm() new_password = None # if the user is logged in, he goes straight back to the overview # page. Why would a user that is logged in (and does not anywhere # see a link to that page) reset the password? Of course that does # not give us anything security wise because he just has to logout. if request.is_logged_in: return redirect(url_for('kb.overview')) # we came back from the link in the mail, try to reset the password if email is not None: for user in User.query.filter_by(email=email).all(): if user.password_reset_key == key: break else: request.flash(_(u'The password-reset key expired or the link ' u'was invalid.'), error=True) return redirect(url_for('core.reset_password')) new_password = user.set_random_password() session.commit() # otherwise validate the form elif request.method == 'POST' and form.validate(request.form): user = form.user reset_url = url_for('core.reset_password', email=user.email, key=user.password_reset_key, _external=True) send_email(_(u'Reset Password'), render_template('mails/reset_password.txt', user=user, reset_url=reset_url), user.email) request.flash(_(u'A mail with a link to reset the password ' u'was sent to ā%sā') % user.email) return redirect(url_for('kb.overview')) return render_template('core/reset_password.html', form=form.as_widget(), new_password=new_password)