def invite_user():
"""Invites a new user to create an account and set their own password."""
form = InviteUserForm()
if form.validate_on_submit():
user = User(
role=form.role.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data)
user.save()
token = user.generate_confirmation_token()
invite_link = url_for(
'account.join_from_invite',
user_id=user.id,
token=token,
_external=True)
send_email.queue(
recipient=user.email,
subject='You Are Invited To Join',
template='account/email/invite',
user=user,
invite_link=invite_link,
)
flash('User {} successfully invited'.format(user.full_name()),
'form-success')
return render_template('admin/new_user.html', form=form)
def validate_email(self, field):
user = User.objects(email=field.data).first()
if not user:
return True
if user.confirmed:
raise ValidationError('Email already registered.')
else:
# user is invited but not confirmed
from app.jobs.send_email import send_email
token = user.generate_confirmation_token()
invite_link = url_for(
'account.join_from_invite',
user_id=user.id,
token=token,
_external=True)
send_email.queue(
recipient=user.email,
subject='You Are Invited To Join',
template='account/email/invite',
user=user,
invite_link=invite_link,
)
raise ValidationError(
'Email is not confirmed, verification will resend to user.')
def confirm_request():
"""Respond to new user's request to confirm their account."""
token = current_user.generate_confirmation_token()
confirm_link = url_for('account.confirm', token=token, _external=True)
send_email.queue(
recipient=current_user.email,
subject='Confirm Your Account',
template='account/email/confirm',
# current_user is a LocalProxy, we want the underlying user object
user=current_user._get_current_object(),
confirm_link=confirm_link)
flash(
'A new confirmation link has been sent to {}.'.format(
current_user.email), 'warning')
return redirect(url_for('main.index'))
def register():
"""Register a new user, and send them a confirmation email."""
form = RegistrationForm()
if form.validate_on_submit():
user = User(first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
password=form.password.data)
user.save()
token = user.generate_confirmation_token()
confirm_link = url_for('account.confirm', token=token, _external=True)
send_email.queue(recipient=user.email,
subject='Confirm Your Account',
template='account/email/confirm',
user=user,
confirm_link=confirm_link)
flash(f'A confirmation link has been sent to {user.email}.', 'warning')
return redirect(url_for('main.index'))
return render_template('account/register.html', form=form)
def join_from_invite(user_id, token):
"""
Confirm new user's account with provided token and prompt them to set
a password.
"""
if current_user is not None and current_user.is_authenticated:
flash('You are already logged in.', 'error')
return redirect(url_for('main.index'))
new_user = User.objects.get_or_404(id=user_id)
if new_user.password is not None:
flash('You have already joined.', 'error')
return redirect(url_for('main.index'))
if new_user.confirm_account(token):
form = CreatePasswordForm()
if form.validate_on_submit():
new_user.password = form.password.data
new_user.save()
flash(
'Your password has been set. After you log in, you can '
'go to the "Your Account" page to review your account '
'information and settings.', 'success')
return redirect(url_for('account.login'))
return render_template('account/join_invite.html', form=form)
else:
flash(
'The confirmation link is invalid or has expired. Another '
'invite email with a new link has been sent to you.', 'error')
token = new_user.generate_confirmation_token()
invite_link = url_for('account.join_from_invite',
user_id=user_id,
token=token,
_external=True)
send_email.queue(recipient=new_user.email,
subject='You Are Invited To Join',
template='account/email/invite',
user=new_user,
invite_link=invite_link)
return redirect(url_for('main.index'))
def reset_password_request():
"""Respond to existing user's request to reset their password."""
if current_user.is_anonymous:
return redirect(url_for('main.index'))
form = RequestResetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user:
token = user.generate_password_reset_token()
reset_link = url_for('account.reset_password',
token=token,
_external=True)
send_email.queue(recipient=user.email,
subject='Reset Your Password',
template='account/email/reset_password',
user=user,
reset_link=reset_link,
next=request.args.get('next'))
flash(
'A password reset link has been sent to {}.'.format(
form.email.data), 'warning')
return redirect(url_for('account.login'))
return render_template('account/reset_password.html', form=form)
def change_email_request():
"""Respond to existing user's request to change their email."""
form = ChangeEmailForm()
if form.validate_on_submit():
if current_user.verify_password(form.password.data):
new_email = form.email.data
token = current_user.generate_email_change_token(new_email)
change_email_link = url_for('account.change_email',
token=token,
_external=True)
send_email.queue(
recipient=new_email,
subject='Confirm Your New Email',
template='account/email/change_email',
# current_user is a LocalProxy, we want the underlying user
# object
user=current_user._get_current_object(),
change_email_link=change_email_link)
flash(f'A confirmation link has been sent to {new_email}.',
'warning')
return redirect(url_for('main.index'))
else:
flash('Invalid email or password.', 'form-error')
return render_template('account/manage.html', form=form)