def reset_token(token):
now = datetime.now()
app.logger.info(
str(now.strftime("%H:%M %Y-%m-%d")) + ' ' + __file__ + ' ' +
inspect.stack()[0][3])
if current_user.is_authenticated:
return redirect(url_for('home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
now = datetime.now()
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
conn = sl.connect('logs.db')
conn.execute("INSERT INTO ACTIVITY VALUES (?,?,?,?)",
(now.strftime("%H:%M %Y-%m-%d"), user.username + " (" +
user.email + ")", "Admin Re-set the password password",
"Update Password Page"))
conn.commit()
flash('Your password has been Updated!', 'success')
return redirect(url_for('home'))
return render_template(r'reset_token.html',
title='Reset Password',
form=form)
def register():
now = datetime.now()
app.logger.info(
str(now.strftime("%H:%M %Y-%m-%d")) + ' ' + __file__ + ' ' +
inspect.stack()[0][3])
if current_user.is_authenticated and current_user.admin:
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
user = User.query.filter_by(email=form.email.data).first()
conn = sl.connect('logs.db')
conn.execute("INSERT INTO ACTIVITY VALUES (?,?,?,?)",
(now.strftime("%H:%M %Y-%m-%d"), current_user.username,
"Created: " + user.username+ " ("+current_user.email+")" + " User in the system."\
, "Register Page."))
conn.commit()
flash('Your account has been created!', 'success')
sendMail.user_register(user)
return redirect(url_for('login'))
return render_template(r'register.html', title='Register', form=form)
else:
flash('you do not have permission to register new users!', 'danger')
return redirect(url_for('account'))
def register():
if(current_user.is_authenticated):
return redirect(url_for('main.home'))
form = RegistrationForm()
if(form.validate_on_submit()):
hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user = User(username=form.username.data, email=form.email.data, password=hashed_pw)
db.session.add(user)
db.session.commit()
flash('Your account has been created!', 'success')
return redirect(url_for('users.login'))
flash('Do not use a real email or password!', 'warning')
return render_template('register.html', title="Register", form=form)
def google_login():
res = {}
if not request.json:
res['msg'] = 'post body is required, email,first_name, last_name', 400
#print(request.json)
email = request.json.get('email')
first_name = request.json.get('first_name')
last_name = request.json.get('last_name')
if not email:
res['msg'] = 'missing email'
return jsonify(res), 400
if not first_name:
res['msg'] = 'missing first_name'
return jsonify(res), 400
if not last_name:
res['msg'] = 'missing last_name'
return jsonify(res), 400
possible_user = User.query.filter_by(email=email).first()
if possible_user:
res['msg'] = 'this email already exists in our database, we will login this account,save the token'
res['token'] = possible_user.generate_token(60)
res['token expiry time'] = 60 * 60
res['refresh_token'] = possible_user.generate_token(120)
res['refresh_token expiry time'] = 120 * 60
return jsonify(res), 200
else:
random_password = generate_random_password(8)
hashed_password = bcrypt.generate_password_hash(random_password)
new_user = User(email=email,
first_name=first_name,
last_name=last_name,
status='ACTIVATED',
password=hashed_password)
db.session.add(new_user)
db.session.commit()
send_random_password_email(new_user, random_password)
res['msg'] = 'a new account based on your google account is created, an email has been sent to you with your initial password, you can change it later'
res['token'] = new_user.generate_token(60)
res['token expiry time'] = 60 * 60
res['refresh_token'] = new_user.generate_token(120)
res['refresh_token expiry time'] = 60 * 60
return jsonify(res), 200
res['msg'] = 'test google login'
return jsonify(res), 200
def reset_token(token):
if(current_user.is_authenticated):
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if(user is None):
flash('This link is either invalid or has expired, please request a new password reset', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if(form.validate_on_submit()):
hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_pw
db.session.commit()
flash('Your password has been changed!', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html', title='Reset Password', form=form)
from modules.models import User
from modules import bcrypt,db
print("-------------------Admin Account Creation---------------------------------------------------------------")
username = input('Enter username: '******'Enter email ID: ')
while True:
password = input('Password: '******'Confirm Password: '******'utf-8')
user = User(username=username ,email=email, password=hashed_password, admin=1)
db.session.add(user)
db.session.commit()
print("Your Username is: "+ username + " Your emailID is: "+email)
break
else:
print('Please enter the password again!!!')
def reset_password(token):
#token=request.args.get('token')
res = {}
res['fields required'] = ['password', 'confirm_password']
user = get_current_user()
if user:
res['msg'] = 'you already logged in'
res['links'] = [{
'rel': 'user home page',
'href': f'{url_for("user.home")}',
'type': ['GET']
}]
return jsonify(res), 400
try:
data = jwt.decode(token, application.config['SECRET_KEY'])
user = User.query.get(data['user_id'])
if request.method == 'GET':
res['msg'] = 'send POST request with new password'
return jsonify(res), 200
elif request.method == 'POST':
#print(request.json)
if not request.json or not request.json.get(
'password') or not request.json.get('confirm_password'):
res['msg'] = 'Missing post body, password or confirm password'
return jsonify(res), 400
password = request.json.get('password')
confirm_password = request.json.get('confirm_password')
if not password:
res['password'] = '******'
return jsonify(res), 400
if not confirm_password:
res['confirm_password'] = '******'
return jsonify(res), 400
if password != confirm_password:
res['msg'] = 'password and confirm_password does not match!'
return jsonify(res), 400
if bcrypt.check_password_hash(user.password, password):
res['msg'] = 'new password cannot be the same as old password'
return jsonify(res), 400
user.password = bcrypt.generate_password_hash(password)
db.session.commit()
res['msg'] = 'password updated'
res['links'] = [{
'rel': 'login',
'href': f'{url_for("user.login")}',
'type': ['GET', 'POST']
}]
return jsonify(res), 200
except:
return jsonify({
'msg':
'link expired, please request another rest link',
'links': [{
'rel': 'request rest email',
'href':
f'{url_for("user.request_reset_email",_external=True)}',
'type': ['GET', 'POST']
}]
}), 440
def register():
res = {}
res['fields required'] = [
'first_name', 'last_name', 'email', 'password', 'address'
]
res['links'] = [{
'rel': 'login',
'href': f'{url_for("user.login")}',
'type': ['GET', 'POST']
}, {
'rel': 'user home page',
'href': f'{url_for("user.home")}',
'type': ['GET']
}]
if request.method == 'GET' or request.json == None:
return jsonify(res), 200
else:
#res={}
res['fields required'] = [
'first_name', 'last_name', 'email', 'password'
]
first_name = request.json.get('first_name')
last_name = request.json.get('last_name')
email = request.json.get('email')
password = request.json.get('password')
address = request.json.get('address')
if not first_name:
res['msg'] = 'Missing first_name'
return jsonify(res), 400
if not last_name:
res['msg'] = 'Missing last_name'
return jsonify(res), 400
if not password:
res['msg'] = 'Missing password'
return jsonify(res), 400
if not email:
res['msg'] = 'Missing email'
return jsonify(res), 400
if not address:
res['msg'] = 'Missing address'
return jsonify(res), 400
else:
user = User.query.filter_by(email=email).first()
if user:
res['msg'] = 'This email has already been taken, please choose another one'
return jsonify(res), 400
hashed_password = bcrypt.generate_password_hash(password)
user = User(first_name=first_name,
last_name=last_name,
email=email,
password=hashed_password,
address=address)
if validate_email(email):
db.session.add(user)
db.session.commit()
msg, code = send_activation_email(user)
res['msg'] = msg
return jsonify(res), code
else:
res['msg'] = 'invalid email'
return jsonify(res), 400