def resetPass(): if current_user.is_authenticated: return redirect(url_for("home")) form = forms.PasswordResetForm(request.form) if request.method == "POST" and form.validate: print "RESET PASSWORD " given_email = form.email.data user = User.query.filter_by(email=given_email).first() if user: send_email(" Reset Password ", "*****@*****.**", given_email, user) flash(" Confirmation Link has been sent.") return render_template("forgot_pass.html", form=form)
def password_reset(token): if not current_user.is_anonymous(): return redirect(url_for('main.index')) form = forms.PasswordResetForm() if form.validate_on_submit(): user = User.user_by_email(form.email.data) if user is None: return redirect(url_for('main.index')) if user.reset_password(token, form.password.data): flash('Your password has been updated.') return redirect(url_for('auth.login')) else: return redirect(url_for('main.index')) return render_template('auth/reset_password.html', form=form)
def pw_reset_page(): """Process a password change request.""" ok_to_change = True form = forms.PasswordResetForm() if form.validate_on_submit(): # Make sure the old password is correct. if login.current_user.ValidatePassword(form.old_password.data): login.current_user.SetPassword(form.new_password.data) login.current_user.Persist() flask.flash('Password Updated.') return flask.redirect(flask.url_for('.user_profile')) else: flask.flash('Invalid Password', 'error') return flask.render_template('pw_reset.html', form=form)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('index')) form = forms.PasswordResetForm(request.form) secret_key = app.config['SECRET_KEY'] error = None id = User.User.verify_reset_password_token(token, secret_key) if id is None: error = 'Invalid Token, may be expired.' return url_for('index', error=error) if form.validate_on_submit(): username = User.User.find_username_with_id(DATABASE, id) user = User.User(username) new_password = form.password.data re_new_password = form.re_password.data if new_password != re_new_password: error = 'Passwords do not match' return url_for('index', error=error) if user.reset_password(new_password): return redirect(url_for('login')) error = 'New Password cannot be old password' return url_for('index', error=error) return render_template('reset_password.html', token=token, form=form)
def x_profile(request): profile = models.Profile.objects.get(user=request.user) if profile.email_code != '': return HttpResponseRedirect(reverse('thankyou')) plans = models.UserPlan.objects.all().order_by('fee') user = request.user form = forms.ProfileForm(initial={ 'username': user.username, 'email': user.email, 'first_name': user.first_name, 'last_name': user.last_name }) password_form = forms.PasswordResetForm() error = '' msg = '' msg_type = '' if request.method == 'POST': if request.POST.get('resetpassword'): old_pw = request.POST.get('old_password') new_pw = request.POST.get('password') user = authenticate(request, username=user.username, password=old_pw) if user is None: error = 'Password Incorrect' msg = 'Password Incorrect' msg_type = 'danger' else: user.set_password(new_pw) user.save() msg_type = 'success' msg = 'Password Changed.' else: username = request.POST.get('username') email = request.POST.get('email') firstname = request.POST.get('first_name') lastname = request.POST.get('last_name') user.username = username user.email = email user.first_name = firstname user.last_name = lastname user.save() msg_type = 'success' msg = 'Saved Successfully' login(request, user) return render(request, 'profile.html', { 'msg': msg, 'msg_type': msg_type, 'user': request.user, 'form': form, 'plans': plans, 'current_plan': profile.plan, 'password_form': password_form, 'error': error })
def account_reset(request): if request.user.is_authenticated(): pass else: if request.method == 'GET': # TODO: Error messages if key is not valid or email is wrong # Reset password for user who has forgotten it # Get user from request data user_email = request.GET.get('user') # Retrieve user from db try: user = User.objects.get(email=user_email) except User.DoesNotExist: return redirect('/accounts/forgot/?error=nouser') # Get reset key from request data reset_key_input = request.GET.get('key') # No reset key, throw to login page if reset_key_input is None: return redirect('/accounts/forgot/?error=nokey') # Match reset key algorithm, iterations, salt, hashed = user.password.split('$', 3) reset_key = make_password(user.email, salt, algorithm) algorithm, iterations, salt, reset_key = reset_key.split('$', 3) reset_key = reset_key[:-1] # Alternative char for + and / reset_key = reset_key.replace('+','-').replace('/','_') # Match keys if reset_key == reset_key_input: # Reset keys match, render page for user to reset # Store reset email in session request.session['reset_email'] = user_email form = forms.PasswordResetForm(initial={'email': user_email}) else: # Key expired! return redirect('/accounts/forgot/?error=keymismatch') elif request.method == 'POST': form = forms.PasswordResetForm(request.POST) if form.is_valid(): # Perform real resetting of account # Check if emails from form and session matches if form.cleaned_data['email'] == request.session['reset_email']: # Get user try: user = User.objects.get(email=request.session['reset_email']) except User.DoesNotExist: return redirect('/accounts/forgot/?error=nouser') # Update password of user in system user.set_password(form.cleaned_data['password']) user.save() # Success, login user and display success page user = authenticate(username=user.username, password=form.cleaned_data['password']) login(request, user) return render(request, 'account/account.reset.success.html') else: return redirect('/accounts/forgot/?error=email') return render(request, 'account/account.reset.form.html', {'form': form})
return send_confirmation_and_redirect(request, form.cleaned_data['email'], utils.RESET_TASK) else: form = forms.PasswordResetRequestForm() return eb_render(request, 'accounts/request_password_change_form.html', {'form': form}) def password_reset(request): try: email, email_hash = confirm_request_hash(request, utils.RESET_TASK) except BadHash, e: return e.response if request.method == 'POST': form = forms.PasswordResetForm(request.POST) if form.is_valid(): try: user = User.objects.get(is_active=True, email=email.lower()) except User.DoesNotExist: # If we reach this point, then somebody managed to submit a # hash for a user that's not registered yet. raise http.Http404() User.objects.set_password(user.id, form.cleaned_data['password1']) request.session[ 'login_message'] = 'Your password was changed successfully. Give it a shot by logging in below:' return http.HttpResponseRedirect('/accounts/login/') else: form = forms.PasswordResetForm(initial={'e': email, 'h': email_hash}) return eb_render(request, 'accounts/password_change_form.html', {'form': form})