def verifyotp(request):
email = getEmail(request.session['session_key'])
if request.method == "GET":
table = Table('otp')
response = table.scan(FilterExpression={'email': email}).values()
if response['Count'] == 0:
sendOtp(email, 1)
else:
for x in response['Items']:
date_time = datetime.strptime(x['timestamp'], "%Y%m%d%H%M%S")
is4verify = 1 if 'isRegister' in x else 0
if datetime.now() > date_time + timedelta(minutes=15):
sendOtp(email, 1)
table.delete(FilterExpression={'otp': x['otp']})
break
if is4verify == 0:
sendOtp(email, 1)
return render(request, 'accounts/verification.html')
if request.method == "POST":
form = OTPVerificationForm(request.POST)
if form.is_valid():
generatedotp = form.cleaned_data['o1'] + form.cleaned_data[
'o2'] + form.cleaned_data['o3'] + form.cleaned_data[
'o4'] + form.cleaned_data['o5'] + form.cleaned_data['o6']
generatedotp = hashlib.sha256(
(generatedotp + SECRET_KEY).encode()).hexdigest()
table = Table('otp')
response = table.scan(FilterExpression={
'otp': generatedotp
}).values()
if response['Count'] == 1:
if response['Items'][0]['otp'] == generatedotp:
table.delete(FilterExpression={
'otp': generatedotp,
})
table0 = Table('users')
print("has Updated")
table0.update(
FilterExpression={
'email': email,
},
UpdateExpression={
"isVerified": 1,
},
)
del request.session['session_key']
return HttpResponseRedirect('/accounts/login/')
return render(request, 'accounts/verification.html',
{'err': 'OTP not match'})
return HttpResponseRedirect('/accounts/login/')
def changePassword(request):
if request.method == "GET":
if 'tk' in request.GET:
tk = request.GET['tk']
tk = tk.encode('utf-8')
jdata = jwt.decode(tk, SECRET_KEY, algorithms=['HS256'])
if 'timestamp' not in jdata or 'email' not in jdata or 'signature' not in jdata:
return render(request, 'global/400.html')
if datetime.strptime(
jdata['timestamp'],
"%Y%m%d%H%M%S") + timedelta(minutes=5) < datetime.now():
return render(request, 'global/400.html')
email = jdata['email']
timestamp0 = jdata['timestamp']
signature = jdata['signature']
genSignature = hashlib.sha256(
(email + timestamp0 + SECRET_KEY).encode()).hexdigest()
if signature != genSignature:
return render(request, 'global/400.html')
table = Table('forgototpsignatures')
resp = table.scan(FilterExpression={
'signature': signature
}).values()
if resp['Count'] != 1:
return render(request, 'global/400.html')
return render(request, 'accounts/change_password.html',
{'tk': tk.decode('utf-8')})
return render(request, 'global/400.html')
if request.method == "POST":
form = ChangePasswordForm(request.POST)
err = ""
if form.is_valid():
tk = form.cleaned_data['tk']
paswd = form.cleaned_data['new_paswd']
cpaswd = form.cleaned_data['cnfrm_paswd']
if isvalidPassword(paswd) == False or isvalidPassword(
cpaswd) == False:
err += "password should contain one Capital letter on small letter and one Number"
if cpaswd != paswd:
err += "password not matched"
if err == "":
tk = tk.encode('utf-8')
jdata = jwt.decode(tk, SECRET_KEY, algorithms=['HS256'])
if 'timestamp' not in jdata or 'email' not in jdata or 'signature' not in jdata:
return render(request, 'global/400.html')
if datetime.strptime(jdata['timestamp'], "%Y%m%d%H%M%S"
) + timedelta(minutes=5) < datetime.now():
return render(request, 'global/400.html')
email = jdata['email']
timestamp0 = jdata['timestamp']
signature = jdata['signature']
genSignature = hashlib.sha256(
(email + timestamp0 + SECRET_KEY).encode()).hexdigest()
if signature != genSignature:
return render(request, 'global/400.html')
table = Table('forgototpsignatures')
resp = table.scan(FilterExpression={
'signature': signature
}).values()
if resp['Count'] != 1:
return render(request, 'global/400.html')
table.delete(FilterExpression={'signature': signature})
hasedpassword = hashlib.sha256(
(paswd + SECRET_KEY).encode()).hexdigest()
table = Table('users')
table.update(
FilterExpression={'email': email},
UpdateExpression={'password': hasedpassword},
)
return HttpResponse("Password Changed Successfully")
return render(request, 'accounts/change_password.html', {
'err': err,
'tk': tk
})
return render(request, 'accounts/change_password.html', {'err': err})
