def create_admin():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
confirm = request.form['confirmation']
# validate all data, everything must be correct
error = None
admin = create_user('admin')
if not admin.validate_username(username):
error = "Username is already taken"
elif not validate_password(password, confirm):
error = 'Password is required and must be at least 8 '\
+ 'characters with 1 uppercase, and 1 number'
if error is None:
# if error is None, create a admin
new_admin = create_user('admin')
new_admin.create(username=username,
password=generate_password_hash(password))
# then return to add admin
return redirect(url_for('AdminAdminsController.manage_admins'))
flash(error)
return render_template('create_admin.html')
def verify_username_password(user: str, password: str, db_pass: str) -> str:
error = None
if user is None:
error = 'Incorrect username.'
elif not validate_password(password, password):
error = 'Incorrect password. Password must be at ' + \
'least 8 characters with at least 1 uppercase ' + \
'letter and at least 1 number.'
elif not check_password_hash(db_pass, password):
error = 'Incorrect password.'
return error
def edit_admin(a_id):
admin_id = a_id
admin = create_user('admin')
print(admin.fetch_by_id(admin_id))
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
confirmation = request.form.get('confirmation')
print("posted")
error = None
if username and not admin.validate_username(username):
error = "Username is already taken"
elif username:
admin.set_username(username)
if password and confirmation:
if not validate_password(password, confirmation):
error = 'Password is required and must be at least 8 '\
+ 'characters with 1 uppercase, and 1 number'
else:
admin.set_password(generate_password_hash(password))
elif password or confirmation:
error = "Both password and confirmation should be filled out"
admin.save_by_id()
if error is not None:
flash(error)
else:
return redirect(url_for('AdminAdminsController.manage_admins'))
info = admin.obj_by_id(admin_id)
return render_template('edit_admin.html', admin=info)
def reset_password():
# if the submit button has been presselsd...
if request.method == 'POST':
# pull data from forms
password = request.form['password']
confirmation = request.form['confirm']
user_id = session.get('user_id')
error = None
customer = create_user('customer')
customer.fetch(user_id)
print(user_id)
# validate the fields
# per issue 7, we'll change this to javascript
if not validate_password(password, confirmation):
error = 'Password is required and must be at least 8 '\
+ 'characters with 1 uppercase, and 1 number'
elif check_password_hash(customer.get_password(), password):
error = 'Password must be different from your old '\
+ 'password'
# update the password
if error is None and user_id is not None:
customer.set_password(generate_password_hash(password))
customer.save()
customer.send_password_reset_email(customer.get_email(),
customer.get_first_name())
# TODO: change this to a password change confirm screen
return redirect(url_for('ResetPasswordController.reset_confirm'))
flash(error)
return render_template('reset.html')
def register():
# if the submit button has been presselsd...
if request.method == 'POST':
# pull data from forms
firstname = request.form['firstname']
lastname = request.form['lastname']
password = request.form['password']
confirmation = request.form['confirm']
phonenumber = request.form['phone']
email = request.form['email']
username = email
# IMPORTANT: non-required fields should use the .get method
subscribe = str(request.form.get('subscribe') is not None)
error = None
# validate the fields
# per issue 7, we'll change this to javascript
if not validate_name(firstname):
print(firstname)
error = "First name is required"
elif not validate_name(lastname):
error = "Last name is required"
elif not validate_password(password, confirmation):
error = 'Password is required and must be at least 8 '\
+ 'characters with 1 uppercase, and 1 number'
elif not username:
error = 'Username is required'
elif not validate_email(email):
error = 'Email is required and must be valid'
elif not validate_unique_email(email):
error = 'Email is already registered to an account'
elif not validate_phone(phonenumber):
error = 'Phone number is invalid'
# create a new user
if error is None:
customer = create_user('customer')
customer.create(first_name=firstname,
last_name=lastname,
password=generate_password_hash(password),
username=username,
email=email,
subscribe_to_promo=subscribe,
phone=phonenumber)
customer.set_status('inactive')
customer.set_username(
generate_username(firstname, customer.get_id()))
customer.save()
token = generate_confirmation_token(email)
customer.send_confirmation_email(email, firstname,
customer.get_username(), token)
session['customer_id'] = customer.get_id()
session['customer_username'] = customer.get_username()
return redirect(url_for('RegisterController.optional_register'))
flash(error)
return render_template('registration.html')