def get(self):
if self.user:
# Prompt user to logout
self.session.add_flash('message_reset_password_1',
key='homepage_flashes')
self.redirect("/")
else:
# Get token from URL
input_token = self.request.get('token')
# Check if format of token is valid
TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
if not TOKEN_RE.match(input_token):
# Set invalid reset_id so that a normal error message is sent
reset_id = 1
else:
# Split token to obtain reset_id and temp_pw.
reset_id = int(input_token.split('-')[0])
temp_pw = input_token.split('-')[1]
# Use reset_id to find entry in ResetPasswordRequest DB.
self.r = ResetPasswordRequest.by_id(reset_id)
# Check if entry exists
if not self.r:
# Show message that link is not valid.
self.session.add_flash('message_reset_password_2',
key='homepage_flashes')
self.redirect("/")
# Check if entry is not older than one hour.
elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.r.created:
# Show message that too much time has passed.
self.session.add_flash('message_reset_password_3',
key='homepage_flashes')
self.redirect("/")
# Check if temp_pw is valid
elif not ResetPasswordRequest.check_for_valid_request(self.r.email, temp_pw):
# Show message that the link is not valid.
self.session.add_flash('message_reset_password_4',
key='homepage_flashes')
self.redirect("/")
# If no error, get user by_email,
# log in and render reset_password.html
else:
email = self.r.email
self.user = User.by_email(email)
self.login(self.user)
state = self.make_state()
self.render('reset_password.html',
user = self.user,
token = input_token,
state = state)
def post(self):
if self.user:
# Prompt user to log out.
self.render('message.html',
user = self.user,
message_forgot_password_1 = True)
else:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Receive input from web-page: eamil
input_email = self.request.get('email').lower()
error = ''
self.user = User.by_email(input_email)
if not self.user:
state = self.make_state()
# Render page with error-message.
self.render('forgot_password.html',
form_email = input_email,
error = True,
state = state)
else:
# Generate new temporary random password
length = 10
temp_pw = ''.join(random.choice(ascii_letters)for x in xrange(length))
# Create entry in ResetPasswordRequest DB
u = ResetPasswordRequest.create_request(input_email, temp_pw)
u.put()
# Send email with a link to the ResetPassword page.
# The link includes email and temporary password to
# authenticate the user.
# ADAPT LINK TO GAE URL
resetToken = str(u.key().id())+"-"+temp_pw
link = "http://PROJECT_ID.appspot.com/reset_pw/?token=%s" %(resetToken)
self.send_email(self.user.email,
'email_subject.html',
'email_forgot_password.html',
subject_type = 'forgot_password',
username = self.user.name,
link = link)
# Render message-page with message that email was sent
self.render('message.html',
input_email = input_email,
message_forgot_password_2 = True)
def post(self):
if self.user:
if not self.check_state():
self.redirect("/")
return
# Get user input: password and verify_password
input_password = self.request.get('password')
input_verify_password = self.request.get('verify_password')
# Get token from web page
input_token = self.request.get('token')
# Check if token is valid
TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
if not TOKEN_RE.match(input_token):
# Set invalid reset_id so that a normal error message is sent
reset_id = 1
else:
reset_id = int(input_token.split('-')[0])
temp_pw = input_token.split('-')[1]
# Use reset_id to find entry in ResetPasswordRequest DB.
self.r = ResetPasswordRequest.by_id(reset_id)
# Check if entry exists
if not self.r:
# Show message to contact via email
self.session.add_flash('message_reset_password_5',
key='homepage_flashes')
self.redirect("/")
#Check if entry is not older than one hour.
elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.r.created:
# Show message that too much time has passed.
self.session.add_flash('message_reset_password_3',
key='homepage_flashes')
self.redirect("/")
#Check if temp_pw is valid
elif not ResetPasswordRequest.check_for_valid_request(self.r.email, temp_pw):
# Show message to contact via email
self.session.add_flash('message_reset_password_5',
key='homepage_flashes')
self.redirect("/")
else:
# Check if password and verify_password are valid.
# Set error-messages.
error_password=""
error_verify_password=""
have_error = False
if not valid_password(input_password):
# Show the error-message: not a valid password.
error_password = True
have_error = True
if not valid_verify(input_password, input_verify_password):
# Show the error-message: passwords do not match.
error_verify_password = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('reset_password.html',
user = self.user,
token = input_token,
error_password = error_password,
error_verify_password = error_verify_password,
state = state)
else:
# Update user object in DB and memcache
User.update(self.user, pw=input_password)
# Invalidate entity in ResetPasswordRequest db
ResetPasswordRequest.update(self.r, temp_pw_hash = "deactivated")
# Show message that the password has been changed.
self.session.add_flash('message_reset_password_7',
key='homepage_flashes')
self.redirect("/")
else:
# Show message to use the link in the email.
self.session.add_flash('message_reset_password_6',
key='homepage_flashes')
self.redirect("/")
def post(self):
if self.user:
# Prompt user to log out.
self.session.add_flash('message_forgot_password_1',
key='homepage_flashes')
self.redirect("/")
else:
if not self.check_state():
self.redirect("/")
return
# Receive input from web-page: eamil
input_email = self.request.get('email').lower()
have_error = False
if not valid_email(input_email):
# Show the error-message: not a valid email.
have_error = True
if have_error:
state = self.make_state()
# Render page with error-message.
self.render('forgot_password.html',
form_email = input_email,
error = True,
state = state)
return
self.user = User.by_email(input_email)
if not self.user:
logging.warning('Unknown email from forgot password page received!')
# Redirect to "/". Flash message that email was sent.
self.session.add_flash('message_forgot_password_2',
key='homepage_flashes')
self.session.add_flash(input_email, key='input_email')
self.redirect("/")
else:
# Generate new temporary random password
length = 10
temp_pw = ''.join(random.choice(ascii_letters)for x in xrange(length))
# Create entry in ResetPasswordRequest DB
r = ResetPasswordRequest.create(input_email, temp_pw)
# Send email with a link to the ResetPassword page.
# The link includes email and temporary password to
# authenticate the user.
# ADAPT LINK TO GAE URL
resetToken = str(r.key().id())+"-"+temp_pw
link = "http://YOUR_APP_ID.appspot.com/reset_pw/?token=%s" %(resetToken)
self.send_email(self.user.email,
'email_subject.html',
'email_forgot_password.html',
subject_type = 'forgot_password',
username = self.user.name,
link = link)
# Redirect to "/". Flash message that email was sent.
self.session.add_flash('message_forgot_password_2',
key='homepage_flashes')
self.session.add_flash(input_email, key='input_email')
self.redirect("/")
def post(self):
if self.user:
if not self.check_state():
logging.warning("Possible CSRF attack detected!")
self.redirect("/")
return
# Get user input: password and verify_password
input_password = self.request.get('password')
input_verify_password = self.request.get('verify_password')
# Get token from web page
input_token = self.request.get('token')
# Check if token is valid
TOKEN_RE = re.compile(r"^([0-9]{1,30})\-.{3,20}$")
if not TOKEN_RE.match(input_token):
# Set invalid reset_id so that a normal error message is sent
reset_id = 1
else:
reset_id = int(input_token.split('-')[0])
temp_pw = input_token.split('-')[1]
# Use reset_id to find entry in ResetPasswordRequest DB.
self.p = ResetPasswordRequest.by_id(reset_id)
# Check if entry exists
if not self.p:
# Show message to contact via email
self.render('message.html',
user = self.user,
message_reset_password_5 = True)
#Check if entry is not older than one hour.
elif datetime.datetime.now() - datetime.timedelta(hours = 1) > self.p.created:
# Show message that too much time has passed.
self.render('message.html',
user = self.user,
message_reset_password_3 = True)
#Check if temp_pw is valid
elif not ResetPasswordRequest.check_for_valid_request(self.p.email, temp_pw):
# Show message to contact via email
self.render('message.html',
user = self.user,
message_reset_password_5 = True)
else:
# Check if password and verify_password are valid.
# Set error-messages.
error_password=""
error_verify_password=""
have_error = False
if not valid_password(input_password):
# Show the error-message: not a valid password.
error_password = True
have_error = True
if not valid_verify(input_password, input_verify_password):
# Show the error-message: passwords do not match.
error_verify_password = True
have_error = True
if have_error:
state = self.make_state()
# Render page with error-messages.
self.render('reset_password.html',
user = self.user,
token = input_token,
error_password = error_password,
error_verify_password = error_verify_password,
state = state)
else:
# Generate password-hash and store in DB
pw_hash = make_pw_hash(self.user.email, input_password)
self.user.pw_hash = pw_hash
self.user.put()
# Update memcache
User.update_user_cache(self.user)
# Invalidate entity in ResetPasswordRequest db
self.p = ResetPasswordRequest.by_email(self.user.email)
self.p.temp_pw_hash = "deactivated"
self.p.put()
# Show message that the password has been changed.
self.render('message.html',
user = self.user,
message_reset_password_7 = True)
else:
# Show message to use the linke in the email.
self.render('message.html',
user = self.user,
message_reset_password_6 = True)
