def new_password(request): """Create a new password for a user.""" try: token = request.GET["token"] except KeyError: return redirect(reverse("zds.pages.views.home")) token = get_object_or_404(TokenForgotPassword, token=token) if request.method == "POST": form = NewPasswordForm(token.user.username, request.POST) if form.is_valid(): data = form.data password = data["password"] # User can't confirm his request if it is too late. if datetime.now() > token.date_end: return render_template("member/new_password/failed.html") token.user.set_password(password) token.user.save() token.delete() return render_template("member/new_password/success.html") else: return render_template("member/new_password.html", {"form": form}) form = NewPasswordForm(identifier=token.user.username) return render_template("member/new_password/index.html", {"form": form})
def ResetPasswordConfirmation(token): user = User.verify_reset_password_token( token) # This statement returns the id inside the token in the url. if not user: flash('Sorry, your verification token expired!', category='danger') return redirect(url_for('ResetPasswordFail')) form = NewPasswordForm() if form.validate_on_submit(): salt = bcrypt.gensalt() password = bcrypt.hashpw(form.password.data.encode(), salt) # Hashing the new password conn = cs.get_conn() cursor = conn.cursor() cursor.execute( f"update chess.users set password = '******' where username = '******';" ) conn.commit() flash('Your password was successfully changed!', category='info') return redirect(url_for('Reset_Password_Confirmation_Response')) return render_template("ResetPasswordConfirmation.html", form=form)
def new_password(self): """Show form and send reset password instructions.""" form = NewPasswordForm() if form.validate_on_submit(): user = self.user_query().filter_by(email=form.email.data).first() if user: # generate and save reset token user.reset_password_token = self.generate_token() self.user_query().session.commit() # send password reset instructions try: self.send_reset_passwort_instructions(user) except Exception as e: self.logger.error( "Could not send reset password instructions to " "user '%s':\n%s" % (user.email, e)) flash("Failed to send reset password instructions") return render_template('new_password.html', title='Forgot your password?', form=form) # NOTE: show message anyway even if email not found flash( "You will receive an email with instructions on how to reset " "your password in a few minutes.") return redirect(url_for('login')) return render_template('new_password.html', title='Forgot your password?', form=form)
def change_password(): """Update password for current user.""" # IMPLEMENT THIS if not g.user: flash("Access unauthorized.", "danger") return redirect("/") user = User.query.get_or_404(g.user.id) form = NewPasswordForm() if form.validate_on_submit(): """handles password submission""" password = User.authenticate(user.username, form.cur_password.data) if password: if form.new_password.data != form.conf_password.data: form.conf_password.errors.append("Passwords do not match") return render_template("users/change_password.html", form=form) """changes the password""" User.change_password(user.username, form.new_password.data) db.session.commit() flash("Password Changed", "success") return redirect(f"/users/{user.id}") else: """shows for invalid password""" flash("Invalid Password", "danger") return redirect("/users/change_password") else: return render_template("users/change_password.html", user=user, form=form)
def do_reset_password( user_id, password_reset_token): user = User.objects( password_reset_token=password_reset_token).first() if( not user): flash( "Invalid request parameters. Please try resetting again.", "error") return redirect( "/accounts/password/reset") if request.method == "POST": form = NewPasswordForm( request.form) if( form.validate()): user.set_password( form.password1.data) login_user( user) flash( "Your password was changed successfully.", "success") return redirect( "/") form = NewPasswordForm() return render_template( "auth/new_password.html", **locals())
def reset_password(request, key): profile = RegistrationProfile.objects\ .get_user(key, only_activated=False) user = profile.user if request.method == "POST": form = NewPasswordForm(request.POST, request.FILES) if form.is_valid(): user = authenticate(username=user.email) login(request, user) user.set_password(form.cleaned_data['password1']) user.save() return redirect(reverse('home')) else: form = NewPasswordForm() return locals()
def new_password(): error = '' token = request.args.get('token', None) user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() if not user: flash('Invalid or expired password reset token.') return redirect(url_for('index')) form = NewPasswordForm() if form.validate_on_submit(): user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() user.password=md5.md5(form.password.data).hexdigest() user.password_reset_token='' db.session.commit() flash('Password has been changed.') return redirect(url_for('login')) return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(): error = '' token = request.args.get('token', None) user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() if not user: flash('Invalid or expired password reset token.') return redirect(url_for('index')) form = NewPasswordForm() if form.validate_on_submit(): chars = string.ascii_uppercase + string.ascii_lowercase + string.digits salt = ''.join(random.choice(chars) for x in range(5)) password = '******'+salt+'$'+hashlib.sha1(salt + form.password.data).hexdigest() user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first() user.password=password user.password_reset_token=None db.session.commit() flash('Password has been changed.') return redirect(url_for('login')) return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(self): """Show form and send reset password instructions.""" form = NewPasswordForm(meta=wft_locales()) if form.validate_on_submit(): # create session for ConfigDB db_session = self.db_session() user = self.find_user(db_session, email=form.email.data) if user: # generate and save reset token user.reset_password_token = self.generate_token() db_session.commit() # send password reset instructions try: self.send_reset_passwort_instructions(user) except Exception as e: self.logger.error( "Could not send reset password instructions to " "user '%s':\n%s" % (user.email, e) ) flash(i18n.t("auth.reset_mail_failed")) return self.response( render_template( 'new_password.html', form=form, i18n=i18n, title=i18n.t("auth.new_password_page_title") ), db_session ) # NOTE: show message anyway even if email not found flash(i18n.t("auth.reset_message")) return self.response( redirect(url_for('login')), db_session ) return render_template( 'new_password.html', form=form, i18n=i18n, title=i18n.t("auth.new_password_page_title") )