def reset_password(token):
"""
Description
-----------
This function takes a token and returns the specific password
reset page for a particular user if they have forgotten or
lost their password.
Params
------
:token: str
The string representation of a JSON web token.
Return
------
Returns a rendered Jinja2 HTML template served
over the flask application under the
`/reset_password/<token>' path
"""
reroute = redirect(url_for('index'))
if current_user.is_authenticated:
return reroute
user = User.verify_password_reset_token(token)
if not user:
return reroute
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
user.last_modified_at = time()
db.session.commit()
flash('Your password has been successfully reset.')
return redirect(url_for('login'))
return render_template(
'reset_password.html',
form=form,
header='Pick a new password since you forgot the other one.',
footer='We all forget sometimes.')
def reset_password():
form = PasswordResetForm()
if form.validate_on_submit():
# reset password logic
flash(f'Password reset successful!', 'success')
return redirect(url_for('login'))
return render_template('web/auth/reset_password.html',
title='Reset Password',
form=form)
def user_reset_password():
form = PasswordResetForm()
if request.method == 'POST' and form.validate():
user = User.objects(id=current_user.id).first()
user.reset_password(form.password.data).save()
flash('Account successfully restored!')
return redirect(url_for('dashboard'))
return render_template('user_reset_password.html',
title='Forgot Password',
reset_password_form=form)
def password_reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home'))
user = User.verify_password_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('password_reset'))
form = PasswordResetForm()
if request.method == 'POST' and form.validate_on_submit():
pass
return render_template('password_reset_token.html', form=form)
def reset_password(token):
form = PasswordResetForm()
if form.validate_on_submit():
user = User.load_user_from_token(token)
if user is not None:
user.password = form.password.data
user.save()
flash('Your password has been updated.')
else:
flash('Failed to update your password: token expired or was incorrect, or account was deleted')
return redirect(url_for('main.index'))
return render_template('reset_password.html', form=form)
def password_reset_submit_password(request):
response = reply_object()
form = PasswordResetForm(request.POST, request=request)
if form.is_valid():
response = form.save_new_password()
response["code"] = settings.APP_CODE["CALLBACK"]
response["redirect"] = reverse('home')
else:
response["code"] = settings.APP_CODE["FORM ERROR"]
response["errors"] = form.errors
return HttpResponse(simplejson.dumps(response))
def password_reset_submit_password(request):
response = reply_object()
form = PasswordResetForm(request.POST, request=request)
if form.is_valid():
response = form.save_new_password()
response["code"] = settings.APP_CODE["CALLBACK"]
response["redirect"] = reverse('home')
else:
response["code"] = settings.APP_CODE["FORM ERROR"]
response["errors"] = form.errors
return HttpResponse(simplejson.dumps(response))
def reset_password(token=None):
# the user is trying to update the password and
# has submitted the passwords
s = Serializer(app.config['SECRET_KEY'])
# check if the token is a valid one and return a useful message
try:
data = s.loads(token)
except SignatureExpired:
# valid token, but expired
response = jsonify(
{
"error":
"Your link expired, request another and use that!"
})
response.status_code = 401
return response
except BadSignature:
# invalid token
response = jsonify({"error": "Nice try.."})
response.status_code = 401
return response
# if were here, we've fount that the token is valid
form = PasswordResetForm()
email = data['email']
# the passwords have been properly filled in the form
if form.validate_on_submit():
# ensure the user from the token exists
user = User.query.filter_by(email=email).first()
# user exists and we can update their password
user.password = user.hash_password(form.password.data)
db.session.commit()
# send a success message back
response = jsonify(
{
"success":
"Your password has been successfully reset,"
" you can use it to log in now"
})
response.status_code = 200
return response
# the form wasnt properly submitted, return error messages
else:
response = jsonify({"error": form.errors})
response.status_code = 422
return response
def password_reset(token):
form = PasswordResetForm()
if form.validate_on_submit():
email = ts.loads(token, salt='password-reset-key', max_age=86400)
user = User.query.filter_by(email=email).first_or_404()
user.set_password(form.new_password.data)
try:
database.session.commit()
except Exception as error:
return 'error: {}'.format(error)
flash('Hasło zostało zmienione.')
return redirect(url_for('index'))
return render_template('password_reset.html', form=form)
def password_reset():
"""
Route for url: server/password_reset/
"""
form = PasswordResetForm()
if request.method == 'GET':
return render_template('password_reset.html', form = form)
if request.method == 'POST':
if form.validate():
send_password_reset_email(form.email.data)
return render_template('password_reset_confirmation.html')
flash('Could not find that email. Please try again.')
return render_template('password_reset.html', form = form)
def password_reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home'))
user = User.verify_password_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('password_reset'))
form = PasswordResetForm()
if request.method == 'POST' and form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password was set. Try to lgin.', 'success')
return redirect(url_for('login'))
return render_template('password_reset_token.html', form=form)
def password_reset(token):
if not current_user.is_anonymous:
return redirect(url_for('index'))
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return redirect(url_for('index'))
if user.reset_password(token, form.password.data):
flash(u'您的密码已被更新')
return redirect(url_for('login'))
else:
return redirect(url_for('index'))
return render_template('reset_password0.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('profile'))
user = User.verify_reset_token(token)
if user is None:
flash('The link you followed is invalid or expired.', 'warning')
return redirect(url_for('login'))
form = PasswordResetForm()
if form.validate_on_submit():
hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_pw
db.session.commit()
flash('You have successfully changed your password. You may log in using your new password.', 'success')
return redirect(url_for('login'))
return render_template('setnewpassword.html', form=form)
def password_reset_form(request, verification_key):
"""
Password reset form
"""
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('home'))
user_profile = get_object_or_404(UserProfile,
verification_key=verification_key)
naive_date = user_profile.key_expires.replace(tzinfo=None)
if naive_date < datetime.datetime.today():
return render_to_response('expired.html',
context_instance=RequestContext(request))
user_account = user_profile.user
temp_password = create_key(user_account.username, 2)
user_account.set_password(temp_password)
user_account.save()
user = authenticate(username=user_account.username, password=temp_password)
if user is not None:
if user.is_active:
login(request, user)
else:
return HttpResponse("This account is inactive.")
#remove reset key
user_profile.verification_key = ""
user_profile.save()
reset_form = PasswordResetForm()
return render_to_response('password_reset_form.html',
context_instance=RequestContext(
request, {"reset_form": reset_form}))
def password_reset(token):
"""Render the password reset page."""
if current_user.is_authenticated:
return redirect(url_for('dashboard'))
user = Users.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('password reset successful.')
return redirect(url_for('login'))
return render_template('password_reset.html',
title='Password Reset',
form=form)
def reset_token(token):
ts = URLSafeTimedSerializer(app.config.get('SECRET_KEY'))
email = ts.loads(token, salt="recover-pw", max_age=86400)
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
user.set_pwd(form.password.data)
db.session.commit()
app.logger.info('Password reset completed for User ID {} at {}'.format(
current_user.id, datetime.now()))
return redirect(url_for('main_panel.login'))
return render_template('reset_token.html',
form=form,
token=token,
email=email)
def forgot_password():
if request.method == 'POST':
form = PasswordResetForm()
#if form.validate_on_submit():
if True:
if form.email.data != "":
user = User.query.filter_by(email=form.email.data).first()
else:
return render_template(
'forgot_password.html',
form=form,
message="Please enter a valid user name or email address",
passed="no")
if user:
new_mail = Email(user_id=user.id,
recipient=user.email,
message_type='Password reset',
link_followed=0,
created=db.func.now())
link_hash = new_mail.set_unique_hash()
#db.session.add(new_mail)
#db.session.commit()
send_password_reset_email(user.email, link_hash)
return render_template(
'forgot_password.html',
form=form,
message=
'We have sent your password reset email, from [email protected]. Please follow it\'s instructions to reset your password.',
passed="yes")
else:
return render_template(
'forgot_password.html',
form=form,
message=
"We cannot find a user matching either that user name or email address. Please check your spelling and try again."
)
if not current_user.is_authenticated:
form = PasswordResetForm()
return render_template('forgot_password.html',
form=form,
message="",
passed='no')
else:
return redirect('/userdata')
def reset_password():
msg = None
if current_user.is_authenticated:
return redirect(url_for('/'))
form = PasswordResetForm()
loginForm = LoginForm()
if form.validate_on_submit():
user = User.verify_reset_token(request.form.get('token'))
if user:
password = request.form.get('password')
user.password = bc.generate_password_hash(password)
db.session.commit()
msg = "Password changed. Now you can login."
else:
msg = "Sorry Invalid token."
return render_template('layouts/auth-default.html',
content=render_template('pages/login.html',
form=loginForm,
msg=msg))
def reset_password(token):
if current_user.is_authenticated:
return render_template('main.dashboard')
try:
user = User.verify_reset_password_token(token)
if user is None:
flash('The confirmation link is invalid or has expired.', 'danger')
return render_template('main/404.html'), 404
except:
flash('The confirmation link is invalid or has expired.', 'danger')
if not user:
flash('The confirmation link is invalid or has expired.', 'danger')
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset', 'success')
return redirect(url_for('main.login'))
return render_template('main/reset_password.html', form=form)
def password_reset_page():
"""Handle password reset
"""
if not 'email' in request.form or not request.form['email']:
return redirect(url_for('login_page'))
form = PasswordResetForm()
if 'password_submit' in request.form and form.validate_on_submit():
next_page = request.args.get('next')
user = User.query.filter_by(email=request.form['email']).first()
if user is None:
return redirect(url_for('login_page'))
user.set_password(request.form['password'])
user.force_password_reset = False
db.session.commit()
logout_user()
flash('Password reset successfully.')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index_page')
return redirect(next_page)
return render_template('password.html', title='Reset Password', form=form)
def passwordReset():
form = PasswordResetForm()
if form.validate_on_submit():
key = random.randrange(1, 100000000)
user = User.query.filter_by(email=form.email.data).first()
user.key = key
db.session.add(user)
db.session.commit()
print('USER ---key is ', user.key, ' ------- ', user.username)
msg = Message("Password Reset Link !",
sender="*****@*****.**",
recipients=[user.email],
html=render_template('verify.html',
email=user.email,
username=user.username,
key=key))
mail.send(msg)
return "Message sent!"
return render_template('password.html', form=form)
def login_from_email(email_hash):
email = Email.query.filter_by(unique_hash=email_hash).first()
if email.validate():
user = User.query.filter_by(id=email.user_id).first()
user.forgot_password = True
db.session.commit()
login_user(user, remember=False)
flash(
'Please reset your password. Feel free to igore the "Current Password" box and only input the new passwords.'
)
return redirect('/settings')
errormsg = 'This email link is either older than 24 hours or is not the one most recently sent. Please use the most recent password reset email or create a new request.'
form = PasswordResetForm()
return render_template('forgot_password.html', form=form, message=errormsg)
def password_reset_view(token):
token = token
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_token(token)
if user is None:
flash('That is inavlid or expired token', 'warning')
return redirect(url_for('login'))
form = PasswordResetForm()
return render_template('layouts/auth-default.html',
content=render_template('pages/reset_password.html',
title='Reset Password',
form=form,
token=token))
def reset_password(reset_token):
try:
email = decode_token(reset_token)
except SignatureExpired:
return "This token has expired."
except BadSignature:
return "Invalid token."
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter(User.email == email).one()
if email != form.email.data:
flash('Email not valid', 'danger')
else:
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash('Your password has been reset. Log in!', 'success')
return redirect(url_for('user.login'))
return render_template('user/reset_password.html',
form=form,
reset_token=reset_token)
def reset_password():
if 'email' in session:
return redirect(url_for('home'))
form = PasswordResetForm()
if request.method == 'GET':
return render_template('resetpassword.html', form=form)
elif request.method == 'POST':
if form.validte() is False:
flash('Please enter a valid email')
return render_template('resetpassword.html', form=form)
else:
user = User.query.filter_by(email=form.email.data).first()
if user is not None:
msg = Message(
'Password reset',
sender=mail_username,
recipients=[form.email.data])
msg.body = 'http://localhost:5000/changepassword'
mail.send(msg)
flash('Email sent to reset password')
return redirect('home.html')
else:
flash('Email not in database')
return render_template('resetpassword.html', form=form)
def dashboard():
title = "Dashboard"
#__________[ modal validation ]
reset_form = PasswordResetForm()
if request.method == 'POST' and reset_form.validate():
user = User.objects(id=current_user.id).first()
user.reset_password(form.password.data).save()
flash('Account successfully restored')
return redirect(url_for('dashboard'))
if request.method == 'POST': # and request.form.get('delete') == 'delete':
query_values = request.form.get("delete").split(",")
query_values = [i for i in query_values if i]
app.logger.debug(query_values)
name, project, seniority, client, city, age, date, sal, x = query_values
table = ScheduleInterview.objects(name=str(name),
project=str(project),
seniority=str(seniority),
client=str(client),
city=str(city),
age=str(age),
date=str(date),
salary=str(sal)).first()
app.logger.debug(table)
table.delete()
#app.logger.debug(request.data)
#app.logger.debug("delete")
app.logger.debug(query_values)
#__________________[ vars ]
schedule_interviews = list(ScheduleInterview.objects().aggregate(
{"$match": {
"username": current_user.email
}},
{"$group": {
"_id": {
"status": "$status"
},
"count": {
"$sum": 1
}
}},
))
#app.logger.debug("schedule_interviews: {}".format(schedule_interviews))
user = User.objects(id=current_user.id).first()
user_data = {
"email":
current_user.email,
"license":
current_user.profile,
"sucessfull":
sum([
i["count"] for i in schedule_interviews
if "done" in i["_id"]["status"]
]),
"pending":
sum([
i["count"] for i in schedule_interviews
if "pending" in i["_id"]["status"]
]),
"overall":
sum([i["count"] for i in schedule_interviews]),
"week":
0,
"month":
0,
"trial":
user.trial_percent(),
"avatar":
user.avatar(133)
}
#app.logger.debug("user_data: {}".format(user_data))
#__________________[ col1_data ]
#pie chart
pie_chart = list(ScheduleInterview.objects().aggregate(
{"$match": {
"username": current_user.email
}},
{"$group": {
"_id": {
"field": "$field"
},
"count": {
"$sum": 1
}
}},
))
#app.logger.debug("pie_chart: {}".format(pie_chart))
pie_chart_data = []
for i in pie_chart:
pie_chart_data.append({
"label": i["_id"]["field"],
"value": i["count"]
})
#app.logger.debug('pie_chart_data: {}'.format(pie_chart_data))
#_________________[ col2_data ]
table_pending_interviews = ScheduleInterview.objects(
username=current_user.email, status="pending")
return render_template(
"dashboard.html",
title=title,
user_data=user_data,
table_pending_interviews=table_pending_interviews,
pie_chart_data=pie_chart_data,
reset_password_form=reset_form,
)
