def verify(): if request.method == 'GET': loginhash = request.args.get('login') if not loginhash: message = "Invalid URL. Please contact system administrator." return render_template('account/message.jade', message=message) account = Account.by_login_hash(loginhash) if not account: message = "This URL is no longer valid. If you have an account, you can reset your password at the " + \ " <a href='" + url_for('account.trigger_reset') + "'>password reset page</a>. Or you can register at \ <a href='" + url_for('account.login') + "'>login page</a>" return render_template('account/message.jade', message=message) #request.form.loginhash = {"data":loginhash} values = {'loginhash': loginhash, "csrf_token": generate_csrf_token()} return render_template('account/verify.jade', account=account, form_fill=values) else: loginhash = request.form.get('loginhash') if not loginhash: message = "We cannot find your unique URL" return render_template('account/message.jade', message=message) account = Account.by_login_hash(loginhash) if not account: message = "We could not find your account" return render_template('account/message.jade', message=message) password1 = request.form.get('password1') password2 = request.form.get('password2') # Check if passwords match, return error if not if password1 != password2: error = "Your passwords do not match" return render_template('account/verify.jade', loginhash=loginhash, account=account, error=error) account.password = generate_password_hash(password1) #reset that hash but don't send it. account.reset_loginhash() account.verified = True db.session.commit() flash_success("Password saved and you are now verified. Thank you.") login_user(account, remember=True) return redirect(url_for('home.index'))
def login_redirect(e): nextpath = request.environ.get("PATH_INFO", "/") if is_authenticated(current_user): flash_notice("This feature is only for administrators") return redirect(url_for('home.index')) else: flash_notice("You are not permitted to use this feature.") return redirect(url_for('account.login', next=nextpath))
def login_perform(): account = Account.by_email(request.form.get('login')) if account is not None and not account.verified: return redirect(url_for('account.email_message', id=account.id)) #if account is not None and account.verified == True: if account is not None: if check_password_hash(account.password, request.form.get('password')): logout_user() login_user(account, remember=True) flash_success("Welcome back, " + account.fullname + "!") if request.form.get("next", None): return redirect(request.form.get("next")) else: return redirect(url_for('home.index')) flash_error("Incorrect user name or password!") return login()
def email_message(): """ Redirect user to this to tell them to go check their email """ user_id = request.args.get('id') useraccount = Account.by_id(user_id) if not useraccount: message = "There is no user with this account" return render_template('account/email_message.jade', message=message) if useraccount.admin: message = "This operation is not possible for this user type" return render_template('account/email_message.jade', message=message) emailsplit = useraccount.email.split("@") email = emailsplit[0][:3] + "*****@" + emailsplit[1] flash_success("Your account is being set up. Please see note below.") message = """Thank you for your request. An email has been sent to %s with further instructions. If you have not recieved an email in next few minutes please try <a style='color:#337ab7' href='%s'>resetting your password</a>.""" % (email, url_for('account.trigger_reset')) # message_dict = sendhash(useraccount, gettext=True) # message = str(message_dict) + "<br/><br/><a href='" + message_dict['verifylink'] + "'><h3>Click to Verify</h3></a>" return render_template('account/email_message.jade', message=message)
def trigger_reset(): """ Allow user to trigger a reset of the password in case they forget it """ values = {"csrf_token": generate_csrf_token()} # If it's a simple GET method we return the form if request.method == 'GET': return render_template('account/trigger_reset.html', form_fill=values) # Get the email email = request.form.get('email') # Simple check to see if the email was provided. Flash error if not if email is None or not len(email): flash_error("Please enter an email address!") return render_template('account/trigger_reset.html', form_fill=values) # Get the account for this email account = Account.by_email(email) # If no account is found we let the user know that it's not registered if account is None: flash_error("No user is registered under this address!") return render_template('account/trigger_reset.html', form_fill=values) account.reset_loginhash() db.session.commit() # Send the reset link to the email of this account sendhash(account) # Redirect to the login page return redirect(url_for('account.email_message', id=account.id))
def get_reset_body(account): reset_link = url_for('account.do_reset', email=account.email, token=account.token) d = { 'reset_link': reset_link, 'site_title': current_app.config.get('SITE_TITLE') } return "reset link"
def login_perform(): account = Account.by_email(request.form.get('login')) #if account is not None and account.verified == True: if account is not None: if check_password_hash(account.password, request.form.get('password')): logout_user() login_user(account, remember=True) flash_success("Welcome back, " + account.fullname + "!") return redirect(url_for('home.index')) flash_error("Incorrect user name or password!") return login()
def edit_profile_post(account_id): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) account = Account.by_id(account_id) if not account: flash_error("This is not a valid account") abort(404) if account.id != current_user.id and not current_user.admin: flash_error("You cannot access this content") abort(403) try: # Grab the actual data and validate it data = AccountSettings().deserialize(values) if (data['website'].find('http://') == -1) and data['website'] != "": data['website'] = 'http://%s' % data['website'] account.fullname = data['fullname'] account.website = data['website'] db.session.commit() # TO DO redirect to email sent page return redirect(url_for('account.profile', account_id=account.id)) except colander.Invalid as i: errors = i.asdict() print errors if request.form.get("csrf_token", None): values['csrf_token'] = request.form.get('csrf_token') else: values["csrf_token"] = generate_csrf_token() return render_template('account/edit_profile.jade', form_fill=values, form_errors=errors, account_id=account_id)
def logout(): logout_user() flash_success("You have been logged out.") return redirect(url_for('home.index'))
def register(): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) try: # Grab the actual data and validate it data = AccountRegister().deserialize(values) #check if email is already registered # it is, then send the email hash for the login #check that email is real #get the domain if (data['email'].find('@') == -1 or data['email'].find('.') == -1): flash_error("You must use a valid USG email address") raise colander.Invalid(AccountRegister.email, "You must use a valid USG email address") domain = data['email'][data['email'].find('@') + 1:] if 'EMAIL_WHITELIST' not in current_app.config.keys(): flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "System not set correctly. Please contact the administrator.") domainvalid = False for domainemail in current_app.config['EMAIL_WHITELIST']: if domain.lower() == domainemail.lower(): domainvalid = True if not domainvalid: flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "Your email is not available for registration. Currently it is only available for US Government emails." ) # Check if the username already exists, return an error if so if Account.by_email(data['email']): flash_error( "Login Name already exists. Click request password reset to change your password." ) #resend the hash here to the email and notify the user raise colander.Invalid( AccountRegister.email, "Login Name already exists. Click request password reset to change your password." ) # Create the account account = Account() account.fullname = data['fullname'] account.email = data['email'] db.session.add(account) db.session.commit() # Perform a login for the user #login_user(account, remember=True) sendhash(account) # TO DO redirect to email sent page return redirect(url_for('account.email_message', id=account.id)) except colander.Invalid as i: errors = i.asdict() if request.form.get("csrf_token", None): values['csrf_token'] = request.form.get('csrf_token') else: values["csrf_token"] = generate_csrf_token() return render_template( 'account/login.jade', form_fill=values, form_errors=errors, form_fill_login={'csrf_token': values['csrf_token']})
def search_post(): if not g.search_form.validate_on_submit(): return redirect(url_for('home.index')) return redirect(url_for('search.search_results', query=g.search_form.search.data))
def generate_hashlink(account): return url_for('account.verify', login=account.login_hash, _external=True)
def register(): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) try: # Grab the actual data and validate it data = AccountRegister().deserialize(values) #check if email is already registered # it is, then send the email hash for the login #check that email is real #get the domain print data['email'] if (data['email'].find('@') == -1 or data['email'].find('.') == -1): raise colander.Invalid(AccountRegister.email, "You must use a valid USG email address") domain = data['email'][data['email'].find('@') + 1:] if 'EMAIL_WHITELIST' not in current_app.config.keys(): raise colander.Invalid(AccountRegister.email, "System not set correctly. Please contact the administrator.") domainvalid = False for domainemail in current_app.config['EMAIL_WHITELIST']: if domain.lower() == domainemail.lower(): domainvalid = True if not domainvalid: raise colander.Invalid(AccountRegister.email, "Your email is not available for registration. Currently it is only available for US Government emails.") # Check if the username already exists, return an error if so if Account.by_email(data['email']): #resend the hash here to the email and notify the user raise colander.Invalid( AccountRegister.email, "Login Name already exists. Click reset password.") # Create the account account = Account() account.fullname = data['fullname'] account.email = data['email'] db.session.add(account) db.session.commit() # Perform a login for the user #login_user(account, remember=True) sendhash(account) # TO DO redirect to email sent page return redirect(url_for('account.email_message', id=account.id)) except colander.Invalid as i: errors = i.asdict() values["csrf_token"] = generate_csrf_token() return render_template('account/login.jade', form_fill=values, form_errors=errors)