def updatePassword(self, authUserId, password): account = self._accountDB.getAccount(authUserId) # Convert and store new password password = auth.convertPasswordForStorage(password) self._accountDB.updatePassword(authUserId, password) # Remove refresh / access tokens self._refreshTokenDB.removeRefreshTokensForUser(authUserId) self._accessTokenDB.removeAccessTokensForUser(authUserId) # If there is no email address associated with the account, we're done if account.email is None: return True # Send confirmation email msg = {} msg['to'] = account.email msg['from'] = 'Stamped <*****@*****.**>' msg['subject'] = 'Stamped: Your Password Has Been Reset' try: base = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) path = os.path.join(base, 'alerts', 'templates', 'email_password_reset.html.j2') template = open(path, 'r') except Exception: ### TODO: Add error logging? raise params = { 'screen_name': account.screen_name, 'email_address': account.email, } msg['body'] = utils.parseTemplate(template, params) utils.sendEmail(msg, format='html') return True
def forgotPassword(self, email): email = str(email).lower().strip() if not utils.validate_email(email): msg = "Invalid format for email address" logs.warning(msg) raise StampedInputError(msg) # Verify user exists account = self._accountDB.getAccountByEmail(email) if not account or not account.user_id: msg = "User does not exist" logs.warning(msg) raise StampedInputError(msg) attempt = 1 max_attempts = 5 expire = 1800 # 30 minutes while True: try: rightNow = datetime.utcnow() resetToken = PasswordResetToken() resetToken.token_id = auth.generateToken(36) resetToken.user_id = account.user_id resetToken.expires = rightNow + timedelta(seconds=expire) timestamp = BasicTimestamp() timestamp.created = rightNow resetToken.timestamp = timestamp self._passwordResetDB.addResetToken(resetToken) break except Exception: if attempt >= max_attempts: ## Add logging raise attempt += 1 # TODO: switch this back to https after resolving the issue where assets # aren't loaded over SSL url = 'http://www.stamped.com/pw/%s' % resetToken.token_id prettyurl = 'http://stamped.com/pw/%s' % resetToken.token_id # Email user msg = {} msg['to'] = email msg['from'] = 'Stamped <*****@*****.**>' msg['subject'] = 'Stamped: Forgot Password' try: base = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) path = os.path.join(base, 'alerts', 'templates', 'email_password_forgot.html.j2') template = open(path, 'r') except Exception: ### TODO: Add error logging? raise params = {'url': url, 'prettyurl': prettyurl} msg['body'] = utils.parseTemplate(template, params) utils.sendEmail(msg, format='html') return True