def post_register():
template = "user_mgmt/register.html"
username = request.form.get("username") or ""
password1 = request.form.get("password1")
password2 = request.form.get("password2")
email = request.form.get("email") or ""
if not (pres(username) and pres(password1) and pres(password2) and pres(email)):
return render_template(template, error="All fields are required.",
username=username, email=email)
if not (password1 == password2):
return render_template(template, error="Passwords don't match.",
username=username, email=email)
if models.User.get_by_username(username=username) is not None:
return render_template(template, error="That username is taken.",
username=username, email=email)
if models.User.get_by_email(email) is not None:
return render_template(template, error="That email address is already registered.",
username=username, email=email)
user = models.User.add(username=username, email=email, password=password1)
session.permanent = True
session["login_token"] = user.generate_auth_token()
next_url = request.args.get("next", url_for("review.get_videos"))
return redirect(next_url)
def post_change_password():
current_password = request.form.get("current_password")
new_password1 = request.form.get("new_password1")
new_password2 = request.form.get("new_password2")
if g.user.verify_password(current_password):
if pres(new_password1) and new_password2 and new_password1 == new_password2:
g.user.hash_password(new_password1)
db.session.commit()
msg = "Password changed!"
else:
msg = "New passwords don't match."
else:
msg = "Current password doesn't match."
return render_template("user_mgmt/change_password.html", msg=msg, user=g.user)
def post_do_password_reset(token):
new_password1 = request.form.get("new_password1")
new_password2 = request.form.get("new_password2")
user = models.User.verify_auth_token(token)
if user:
if pres(new_password1) and new_password1 == new_password2:
user.hash_password(new_password1)
db.session.commit()
flash("Password was reset.")
return redirect(url_for('user_mgmt.get_login'))
else:
msg = "Please type the new password twice."
return render_template("user_mgmt/do_password_reset.html", token=token, msg=msg)
else:
flash("That seems to be an invalid password recovery link. Perhaps it expired?")
return redirect(url_for('user_mgmt.get_reset_password'))
def post_change_email():
current_password = request.form.get("current_password")
new_email = request.form.get("new_email")
if g.user.verify_password(current_password):
if pres(new_email):
if models.User.get_by_email(new_email) is not None:
msg = "That email is already registered."
else:
g.user.email = new_email
db.session.commit()
msg = "Email address changed!"
else:
msg = "Please provide a new email address."
else:
msg = "Current password doesn't match."
return render_template("user_mgmt/change_email.html", msg=msg, user=g.user)
def post_reset_password():
def send_recovery_email(user):
recovery_token = user.generate_auth_token(expiration=120)
link = url_for("user_mgmt.get_do_password_reset", _external=True, token=recovery_token)
body = render_template("user_mgmt/recovery_email.html", link=link, user=user)
subject = "Grubgreat password recovery."
send_email(body=body, subject=subject, email_address=user.email)
email = request.form.get("email")
if pres(email):
user = models.User.get_by_email(email)
if user:
send_recovery_email(user)
msg = "Password recovery email sent."
else:
msg = "I don't know that email."
else:
msg = "Please provide an email address."
return render_template("user_mgmt/password_recovery.html", msg=msg)
