def login_screen_submit():
"""handle the login form submit"""
# try to find user by username
user_details = site_user.get_by_username({
'username': request.form.get('username')}).get()
# not found so lets bail to the login screen
if not user_details:
flash('Failed to login with that username and password, please retry.')
return redirect('/login')
# now lets verify the users password, and bail if its wrong
pw_hash = generate_password_hash(request.form.get('password'))
if check_password_hash(pw_hash, user_details.get('password')):
flash('Failed to login with that username and password, please retry.')
return redirect('/login')
#login user and redirect to profile
login_user(
User(user_details.get('user_id'))
)
flash('You have successfully logged in !')
site_user.update_last_login().execute({'id': user_details.get('user_id')})
# logged in but no E-Mail so lets ask the user for there email.
if not user_details.get('email'):
return redirect('/profile/change_email')
return redirect('/profile')
def reset_password_submit():
user_details = site_user.get_by_username({
'email': request.form.get('email')}).get()
reset_code = hashlib.sha256(str(uuid.uuid4())).hexdigest()
if user_details:
site_user.create_password_reset() \
.on_duplicate() \
.execute({
'user_id': str(user_details.get('user_id')),
'reset_code': reset_code})
l=web.link.create(title='Change password', content='Click to change password',link="{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})).render()
body = "Please follow the link below to change your password.\n" + l
body += "{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})
sendmail().send(
from_address='*****@*****.**',
to_address='oly@leela',
subject="Reset password request",
body=body)
# display success page, dont give away anything about if the email is actually registered
web.template.create('Maidstone Hackspace - Password reset')
header('Password reset')
web.page.create('Password reset sent')
web.page.section(
web.paragraph.create('If this E-Mail is registered you will shortly be reciving an E-Mail with reset details').render()
)
web.template.body.append(web.page.render())
return make_response(footer())
def reset_password_submit():
user_details = site_user.get_by_username({
'email': request.form.get('email')}).get()
reset_code = hashlib.sha256(str(uuid.uuid4())).hexdigest()
if user_details:
site_user.create_password_reset() \
.on_duplicate() \
.execute({
'user_id': str(user_details.get('user_id')),
'reset_code': reset_code})
l=web.link.create(title='Change password', content='Click to change password',link="{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})).render()
body = "Please follow the link below to change your password.\n" + l
body += "{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})
sendmail().send(from_address='*****@*****.**', to_address='oly@leela', subject="Reset password request", body=body)
# display success page, dont give away anything about if the email is actually registered
web.template.create('Maidstone Hackspace - Password reset')
header('Password reset')
web.page.create('Password reset sent')
web.page.section(
web.paragraph.create('If this E-Mail is registered you will shortly be reciving an E-Mail with reset details').render()
)
web.template.body.append(web.page.render())
return make_response(footer())
def login_screen_submit():
"""handle the login form submit"""
# try to find user by username
user_details = site_user.get_by_username({
'email': request.form.get('username')}).get()
#not found so lets bail to the login screen
if not user_details:
flash('Failed to login with that username and password, please retry.')
return login_screen()
#now lets verify the users password, and bail if its wrong
pw_hash = generate_password_hash(request.form.get('password'))
if check_password_hash(pw_hash, user_details.get('password')):
flash('Failed to login with that username and password, please retry.')
return login_screen()
#login user and redirect to profile
login_user(
User(user_details.get('user_id'))
)
flash('You have successfully logged in !')
#~ session['username'] = user_details.get('username', 'anonymous')
#~ session['user_id'] = str(user_details.get('user_id'))
site_user.update_last_login(user_details)
return redirect('/profile')
def testRegisterNewUser(self):
pw_hash = generate_password_hash('letmein')
site_user.create().execute({
'username': '******',
'first_name': 'myfirstname',
'last_name': 'mylastname',
'password': pw_hash
})
user_details = site_user.get_by_username({
'username': '******'}).get()
self.assertTrue(user_details)
self.assertTrue(pw_hash == user_details.get('password'))
self.assertTrue(user_details)
