def handle_password_reset(username, new_password, new_password2):
"""
Handles the submitted password reset request. Returns True if successful,
False otherwise. Also handles all messages displayed to the user.
"""
if not validation_utils.validate_password(new_password, new_password2):
return False
auth_utils.set_password(username, new_password)
# Clean up the password reset key, so that it cannot be used again.
query = """
UPDATE users
SET password_reset_key = NULL, password_reset_expiration = NULL
WHERE email = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [username])
# Get the user's email.
query = """
SELECT first_name, email
FROM members
NATURAL JOIN users
WHERE email = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [username])
result = cursor.fetchone()
# Send confirmation email to user.
email = result['email']
name = result['first_name']
msg = email_templates.ResetPasswordSuccessfulEmail.format(name)
subject = "Password reset successful"
email_utils.send_email(email, msg, subject, gmail=True)
return True
def handle_forgotten_password(email):
"""
Handles a forgotten password request. Takes a submitted (username, email)
pair and checks that the email is associated with that username in the
database. If successful, the user is emailed a reset key. Returns True on
success, False if the (username, email) pair is not valid.
"""
# Check username, email pair.
query = """SELECT user_id, first_name, email
FROM members NATURAL JOIN users WHERE email = %s"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [email])
result = cursor.fetchone()
if result is not None and email.lower() == result['email'].lower():
name = result['first_name']
user_id = result['user_id']
# Generate a reset key for the user.
reset_key = auth_utils.generate_reset_key()
query = """
UPDATE users
SET password_reset_key = %s,
password_reset_expiration = NOW() + INTERVAL %s MINUTE
WHERE email = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
values = [reset_key, constants.PWD_RESET_KEY_EXPIRATION, email]
cursor.execute(query, values)
# Determine if we want to say "your link expires in _ minutes" or
# "your link expires in _ hours".
if constants.PWD_RESET_KEY_EXPIRATION < 60:
expiration_time_str = "{} minutes".format(
constants.PWD_RESET_KEY_EXPIRATION)
else:
expiration_time_str = "{} hours".format(
constants.PWD_RESET_KEY_EXPIRATION // 60)
# Send email to user.
msg = email_templates.ResetPasswordEmail.format(
name,
flask.url_for('auth.reset_password',
reset_key=reset_key,
_external=True), expiration_time_str)
subject = "Password reset request"
email_utils.send_email(email, msg, subject, gmail=True)
def update_status(user_id, new_status, reimbursement_amount, decider_id=None):
"""
Given a user_id and a status, update the status in the status
table.
"""
if reimbursement_amount == "None":
reimbursement_amount = None
if decider_id is None:
query = """
UPDATE status SET status = %s, reimbursement_amt = %s WHERE user_id = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [new_status, reimbursement_amount, user_id])
else:
query = """
UPDATE status SET status = %s, reimbursement_amt = %s, decider_user_id = %s WHERE user_id = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(
query, [new_status, reimbursement_amount, decider_id, user_id])
first_name = get_name(user_id)
email = get_email(user_id)
if reimbursement_amount is not None and new_status == "Accepted":
subject = "Reimbursement Information"
msg = email_templates.ReimbursementEmail.format(
first_name, reimbursement_amount)
email_utils.send_email(email, msg, subject, gmail=True)
elif new_status == "Accepted":
subject = "Congratulations! You've Been Accepted!"
msg = email_templates.AcceptedEmail.format(first_name)
email_utils.send_email(email, msg, subject, gmail=True)
elif new_status == "Rejected":
subject = "Hacktech Application Update"
msg = email_templates.RejectedEmail.format(first_name)
email_utils.send_email(email, msg, subject, gmail=True)
def handle_create_account(email, password, password2, first_name, middle_name,
preferred_name, last_name, dob):
query = """
SELECT email
FROM users
WHERE email = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [email])
result = cursor.fetchone()
if result is not None:
return (False, "You already have an account. Try recovering it?")
if not validation_utils.validate_password(password, password2):
return (False, "")
flask.g.pymysql_db.begin()
try:
confirm_account_key = auth_utils.generate_confirm_account_key()
# Insert the new row into users.
query = """
INSERT INTO users (email, password_hash, confirm_account_key)
VALUES (%s, %s, %s)
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [email, "", confirm_account_key])
# Set the password.
auth_utils.set_password(email, password)
query = """
SELECT user_id FROM users WHERE email = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [email])
result = cursor.fetchone()
user_id = result["user_id"]
# Set rest of the info...
query = """
INSERT INTO members (user_id, first_name, preferred_name, middle_name,
last_name, date_of_birth)
VALUES(%s, %s, %s, %s, %s, %s)
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [
user_id, first_name, preferred_name, middle_name, last_name,
dob
])
query = """
INSERT INTO applications (user_id, application_year)
VALUES(%s, %s)
"""
## TODO: Make sure to select it only from the current application year
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [user_id, app_year.year + "0000"])
query = """
SELECT application_id FROM applications
WHERE user_id = %s
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [user_id])
application_id = cursor.fetchone()
application_id = application_id['application_id']
query = """
INSERT INTO status (user_id, application_id, status)
VALUES(%s, %s, %s)
"""
with flask.g.pymysql_db.cursor() as cursor:
cursor.execute(query, [user_id, application_id, 'Not Started'])
flask.g.pymysql_db.commit()
subject = "Thanks for creating an account!"
msg = email_templates.CreateAccountSuccessfulEmail.format(first_name)
email_utils.send_email(email, msg, subject)
except Exception as e:
print(e)
flask.g.pymysql_db.rollback()
return (
False,
"An unexpected error occurred. Make sure that you entered a valid email! If the error persists, please contact the hacktech organizers"
)
return (True, "")
