def update_password(itsid): password_details = Password.query.get_or_404(itsid) if password_details.user != current_user: abort(403) form = PasswordForm() if form.validate_on_submit(): message = form.password.data # Users real password message = message.encode('latin-1') # processed encrypted_text = CIPHER.encrypt(message) # Got the value encrypted_text = encrypted_text.decode() password_details.site = form.site.data password_details.password = encrypted_text password_details.hint = form.hint.data db.session.commit() flash("Password Updated Successfully!", 'success') return redirect(url_for('passwords')) elif request.method == "GET": form.site.data = password_details.site form.hint.data = password_details.hint return render_template("create_passwords.html", title='Update Password', form=form, legend='Update')
def activate(key, token): """Activate Method.""" try: element = User.objects.filter(deleted=False, id=key, code=token).first() except Exception: flash("Usuario no Existe", "error") return redirect(url_for("index")) if element.state == 'confirmed': flash(u"Contraseña Actualizada Anteriormente", "info") return redirect(url_for('auth.login')) if element.state == "email_reset": element.state = "confirmed" element.save() flash(u"Correo Actualizado", "success") return redirect(url_for('auth.login')) form = PasswordForm(request.form, element) if request.method == 'GET': return render_template("auth/password.html", form=form) if form.validate_on_submit(): state = element.state password = form.password.data element.password = password element.generate_password() element.state = "confirmed" element.save() flash(u"Contraseña Actualizada", "success") if state == 'confirm': flash(u"Cuenta Activada", "info") return redirect(url_for('auth.login')) return render_template("auth/password.html", form=form)
def changepswd(request): if(islogin(request)==False): return HttpResponseRedirect("/") emailid = request.session.get("email",None) name = request.session.get("name",None) if request.method =="POST": form = PasswordForm(request.POST) if form.is_valid(): try: user = RegisteredUsers.objects.get(email=emailid) user.pswd = form.cleaned_data["new_pswd"] user.save() c= {} c.update(csrf(request)) c.update({"emailid":emailid,"user":name}) c.update({"updated":True}) return render_to_response("changepswd.html",c) except: return HttpResponse("Error in Connection with Database , Try again ") else: c={} c.update(csrf(request)) c.update({"passwordform":form}) c.update({"emailid":emailid,"user":name}) #return HttpResponse(str(vars(form))) return render_to_response("changepswd.html",c) c={} c.update(csrf(request)) c.update({"emailid":emailid}) return render_to_response("changepswd.html",c)
def password(request): """ View that changes the password on the LDAP server. """ member = retrieve_member(request) if request.method == 'POST': form = PasswordForm(request.POST, request=request) if form.is_valid(): new_password = form.cleaned_data['password1'] # change the password for the Wifi member.set('sambaLMPassword', smbpasswd.lmhash(new_password)) member.set('sambaNTPassword', smbpasswd.nthash(new_password)) member.save() # change the LDAP password member.change_password(new_password) key = store_ldap_password(request, new_password) request.session.save() new_form = PasswordForm() response = render(request, 'password.html', {'message': _('Your password was changed. Thank you!'), 'form': new_form, 'member': member.to_dict()}) response.set_cookie('sessionkey', key) return response else: return render(request, 'password.html', {'form': form, 'member': member.to_dict()}) else: form = PasswordForm() return render(request, 'password.html', {'form': form, 'member': member.to_dict()})
def change_password(user_id): form = PasswordForm() cursor = g.db.execute('SELECT * FROM user WHERE id=? ', [user_id]) res = cursor.fetchone() if res is None: return render_template('404.html') # 没有改用户 404 if int(session.get('user_id')) == int(user_id): if request.method == 'POST' and form.validate_on_submit(): old_password = request.form.get('old_password') new_password = request.form.get('new_password') new_password_repeat = request.form.get('new_password_repeat') if new_password != new_password_repeat: flash( message= 'Please enter the same password in both new password fields.' ) return render_template('change_password.html', form=form) if md5_user_psw(res[1], old_password) == res[2]: # 密码正确 g.db.execute('UPDATE user SET pass_hash=? WHERE id=?', [md5_user_psw(res[1], new_password), user_id]) return redirect( url_for('user_profile', user_id=session['user_id'])) else: flash(message='Password error') return render_template('change_password.html', form=form) else: return render_template('change_password.html', form=form)
def changePassword(): form = PasswordForm() if session['type'] == 'Student' or session['type'] == 'Faculty': if form.validate_on_submit(): with sql.connect('courseSystem.db') as db: c = db.cursor() if session['type'] == 'Student': find_users = """SELECT * FROM Student S WHERE S.email = ?""" else: find_users = """SELECT * FROM Professor P WHERE P.email = ?""" c.execute(find_users, (session['user'], )) results = c.fetchall() if results and checkpw(str.encode(form.password.data), results[0][1]) and\ (form.newPassword.data == form.confirm.data): if session['type'] == 'Student': changePassword = """UPDATE Student SET password=? WHERE email=?""" else: changePassword = """UPDATE Professor SET password=? WHERE email=?""" print(form.newPassword.data) c.execute(changePassword, (hashpw(str.encode(form.newPassword.data), gensalt(4)), session['user'])) db.commit() c.close() return redirect(url_for('userhome')) return render_template('changePassword.html', form=form) elif session['type'] == 'Admin': return render_template('changePassword.html') else: return render_template('home.html')
def change_pass(): form = PasswordForm() if form.validate_on_submit(): flash(f'Your password was updated successfully.', 'success') return redirect(url_for('user.home')) return render_template('user-change-pass.html', form=form)
def reset_with_token(token): """ Resets a user's password, verifying that their token is correct, and then encrypting their new password and logging them in. """ try: email = ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) #get form data form = PasswordForm() if form.validate_on_submit(): user = model.User.query.filter_by(email=email).first_or_404() password = form.password.data # securely store password password_hash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) user.password = password_hash model.db.session.add(user) model.db.session.commit() # login user login_user(user) return redirect("/") else: return render_template("/reset_with_token.html", form=form, token=token)
def process_password_reset_token(token): try: password_reset_serializer = URLSafeTimedSerializer( current_app.config['SECRET_KEY']) email = password_reset_serializer.loads(token, salt='password-reset-salt', max_age=3600) except BadSignature as e: flash('The password reset link is invalid or has expired.', 'danger') return redirect(url_for('users.login')) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=email).first() if user is None: flash('Invalid email address!', 'danger') return redirect(url_for('users.login')) user.set_password(form.password.data) database.session.add(user) database.session.commit() flash('Your password has been updated!', 'success') return redirect(url_for('users.login')) return render_template('users/reset_password_with_token.html', form=form)
def password_reset(payload=None): client=currentSession() form = PasswordForm(request.form) if request.method == 'POST': decrypted = "" reset_id = form["reset_id"].data if not form.validate(): return render_template('passwordreset.html', form=form, client=client, msg=None, decrypted=decrypted) else: # update password if reset_id: client.user = client.getUserById(reset_id) client.user.set_password(form.password.data) database.db_session.add(client.user) database.db_session.commit() client.saveSession() msg = "password has been changed. please login again." else: msg = "user not found." return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted) else: msg = None e = Crypto() decrypted = e.decrypt(payload, True) if utilities.validate_uuid4(decrypted) == False: # timestamp has expired. msg = decrypted return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted)
def changepswd(request): if (islogin(request) == False): return HttpResponseRedirect("/") emailid = request.session.get("email", None) name = request.session.get("name", None) if request.method == "POST": form = PasswordForm(request.POST) if form.is_valid(): try: user = RegisteredUsers.objects.get(email=emailid) user.pswd = form.cleaned_data["new_pswd"] user.save() c = {} c.update(csrf(request)) c.update({"emailid": emailid, "user": name}) c.update({"updated": True}) return render_to_response("changepswd.html", c) except: return HttpResponse( "Error in Connection with Database , Try again ") else: c = {} c.update(csrf(request)) c.update({"passwordform": form}) c.update({"emailid": emailid, "user": name}) #return HttpResponse(str(vars(form))) return render_to_response("changepswd.html", c) c = {} c.update(csrf(request)) c.update({"emailid": emailid}) return render_to_response("changepswd.html", c)
def password(user_id): user = User.query.get(user_id) if not user or (current_user != user): return redirect(url_for('Common.index')) form = PasswordForm(request.form) if request.method == 'POST': if form.validate(): old_password = form.old_password.data new_password = form.new_password.data confirm_password = form.confirm_password.data old_password = hashlib.md5(old_password).hexdigest() if old_password != user.password: flash('旧密码错误', 'error') elif new_password != confirm_password: flash('密码不一致', 'error') else: new_password = hashlib.md5(new_password).hexdigest() user.password = new_password user.save() flash('修改密码成功', 'success') else: flash('请按格式填写表单', 'error') return render_template('user/password.html', user=user, form=form)
def login3(): if 'pno' not in session.keys(): flash('enter pno first') return redirect(url_for('login')) for key in ['firstname', 'lastname']: if key not in session.keys(): flash('enter name first') return redirect(url_for('login2')) form = PasswordForm() if form.validate_on_submit(): password = form.password.data pno = session['pno'] firstname = session['firstname'] lastname = session['lastname'] user = User.get_by_pno(pno) user.firstname = firstname user.lastname = lastname user.password = password db.session.add(user) db.session.commit() login_user(user) remove_ban(request_obj=request.remote_addr) return redirect(url_for('index')) return render_template('login.html', form=form)
def login(): form = PasswordForm() if form.validate_on_submit(): session.clear() session['admin_logged'] = True return redirect(url_for('admin.home')) return render_template('admin/login.html', form=form)
def makePasswordQRcode(): form = PasswordForm() if form.validate_on_submit(): s = str(form.password.data) QR = pyqrcode.create(s) myfile = os.path.join(app.static_folder, "QR.png") QR.png(myfile, scale=5) return redirect(url_for('QRcodedisplay')) return render_template('makePasswordQRcode.html', title='Maker', form=form)
def setPassword(): form = PasswordForm(request.form) if request.method == "POST" and form.validate(): hashedpwd = hashpw(form.pwd.data, gensalt(log_rounds=13)) current_user.update(set__pwd=hashedpwd) current_user.save() flash("Password was changed successfully") return redirect('/settings') return render_template("newpassword.html", form=form, upform=UploadForm())
def password(): form = PasswordForm() if form.validate_on_submit(): form.populate_obj(user) user.password = form.new_password.data db.session.commit() flash('Password updated.', 'success') return render_template('user/password.html', form=form)
def password(): form = PasswordForm() if request.method == 'POST': if form.validate(): session['admin'] = 1 return redirect(url_for('rsvp')) else: #session.pop('admin', None) #return redirect(url_for('index')) return redirect(url_for('logout')) return render_template('password.html', form=form)
def edit(): user = current_user form = PasswordForm() if request.method == 'POST' and form.validate(): user.password = form.password.data db_session.add(user) db_session.commit() flash('Password updated successfully!') return redirect('/') return render_template('edit_user.html', form=form)
def password(): form = PasswordForm() if form.validate_on_submit(): if not current_user.check_password(form.current_password.data): flash('Current Password wrong', 'danger') return redirect(url_for('password.password')) current_user.set_password(form.new_password.data) current_user.save() commit() logout_user() flash('Password change successful. Please login again', 'success') return redirect(url_for('login.login')) return render_template('password.html', form=form)
def user_password_change(): form = PasswordForm(request.form) if request.method == 'POST': if form.validate(): user = current_user user.password = generate_password_hash(form.password.data, method='sha256') db.session.add(user) db.session.commit() flash("Password changed !", "INFO") return redirect(url_for('account')) return render_template('new-password.html', form=form)
def password(request, user_id): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = User.objects.get(id=user_id) user.set_password(request.POST['password']) user.save() return redirect('/') else: form = PasswordForm() user = User.objects.get(id=user_id) return render(request, 'form.html', {'form': form, 'user': user})
def changePassword(request): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = request.user user.set_password(request.POST.get('password')) return HttpResponseRedirect('/profile') else: form = PasswordForm() return render(request, 'change_password.html', context={ 'form': form, })
def login(request): password_form = PasswordForm() if request.method == "POST": password_form = PasswordForm(request.POST) if password_form.is_valid() and password_form.cleaned_data['password'] == settings.SITE_PASSWORD: response = HttpResponseRedirect('/') response.set_cookie('password', value=password_form.cleaned_data['password'], max_age=60*60*24*60) # 60 days return response context = { 'password_form': password_form , 'hide_sidebar': True } return HttpResponse(loader.get_template("login.html").render(RequestContext(request,context)))
def change_password(username): """Change/Update password""" form = PasswordForm(request.form) if request.method == 'GET': return render_template("password.html") if request.method == 'POST' and form.validate(): current_user = User.query.filter(User.user_id == session['id']).first() current_user.password = form.password.data picture = current_user.picture db.session.commit() return render_template('password.html', form=form)
def change_password(username): """Change/Update password""" form = PasswordForm(request.form) if request.method =='GET': return render_template("password.html") if request.method == 'POST' and form.validate(): current_user = User.query.filter(User.user_id==session['id']).first() current_user.password = form.password.data picture = current_user.picture db.session.commit() return render_template('password.html', form=form)
def index(): form = PasswordForm() if form.validate_on_submit(): print(form.password.data) if form.password.data == "password": return redirect(url_for("home")) else: message = "wrong password" return render_template("password.html", form=form, message=message) return render_template("password.html", form=form)
def reset_with_token(token): try: email = ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) form = PasswordForm() if form.validate_on_submit(): user = mongo_db.users.User.find_one({'email' : email}) user.password = generate_password_hash(form.password.data) user.save() return redirect(url_for('login')) return render_template('reset_with_token.html', form=form, token=token)
def intern_profile(): """Profile page with ability to change password""" form = PasswordForm() # Form submitted? if form.validate_on_submit(): # Fetch current user's data user_data = User.query.filter_by(id = g.user.id).first() # Check if old password was correct if check_password_hash(user_data.password, form.password.data): # Generate new password user_data.password = generate_password_hash(form.newpassword.data) # Done, commit to database db.session.commit() flash('Password changed!') return redirect(url_for('intern_profile')) return render_template('intern/profile.html', form = form)
def password(): form = PasswordForm() errors = [] if request.method == "POST": password = form.newPassword.data confirmPassword = form.confirmPassword.data email = session["email"] if not funcs.lengthCheck(password, MIN_LENGTH): errors.append(PASSWORD_MESSAGES["length"]) if not funcs.lowerCheck(password, MIN_LOWER): errors.append(PASSWORD_MESSAGES["lower"]) if not funcs.upperCheck(password, MIN_UPPER): errors.append(PASSWORD_MESSAGES["upper"]) if not funcs.numCheck(password, MIN_NUM): errors.append(PASSWORD_MESSAGES["num"]) if not funcs.symbolCheck(password, MIN_SYMBOL): errors.append(PASSWORD_MESSAGES["symbol"]) if not funcs.newCheck(password, email): errors.append(PASSWORD_MESSAGES["new"]) if not funcs.sameCheck(password, confirmPassword): errors.append(PASSWORD_MESSAGES["same"]) if len(errors) == 0: #assign password to user in DB funcs.addPassword(password, email) #remove the 'email' session variable since we #can use the UserID to identify the user now. session.pop("email", default=None) session["user"] = funcs.getID(email) return redirect(url_for("index")) return render_template("password.html", form=form, errors=errors, msgDict=PASSWORD_MESSAGES)
def view_password(): user_name = session.get('user_name') if not user_name: flash('Unauthorized access!', 'danger') return redirect(url_for('view_index')) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(name=user_name).first() if user.verify_password(form.current_password.data): user.set_password(form.new_password.data) db.session.commit() flash('Password update successful!', 'success') return redirect(url_for('view_home')) else: flash('Incorrect password!', 'warning') return render_template('password.html', form=form)
def edit_password(request, pw_pk=None): new = False password = get_object_or_404(Password, pk=pw_pk) ldap_groups = get_ldap_groups(request.user.username) ldap_groups_choices = [(lg, lg) for lg in ldap_groups] if request.method == 'POST': form = PasswordForm(request.POST, instance=password, ldap_groups_choices=ldap_groups_choices) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("index")) elif request.method == 'GET': form = PasswordForm(instance=password, ldap_groups_choices=ldap_groups_choices) return direct_to_template(request, 'edit_password.html', {'form': form, 'ldapGroups': LdapGroup.objects.all(), 'new': new})
def change_password(type, id): if type == "Student": user = Student.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Student', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Student', id=id)) return render_template('student_password.html', form=form) elif type == "Professor": user = Professor.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Professor', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Professor', id=id)) return render_template('prof_password.html', form=form) elif type == "Administrator": user = Administrator.query.get(id) # if user.is_authenticated: # return redirect(url_for('index', type="Student", id=id)) form = PasswordForm() if form.validate_on_submit(): if user is None or not password_manager.verify_password( form.password.data, user.password): flash('Invalid password') return redirect( url_for('change_password', type='Administrator', id=id)) user.password = password_manager.hash_password(form.np.data) db.session.add(user) db.session.commit() return redirect(url_for('index', type='Administrator', id=id)) return render_template('admin_password.html', form=form) else: return render_template('error.html')
def password(request, user_id): if request.method == 'POST': form = PasswordForm(request.POST) if form.is_valid(): user = User.objects.get(id=user_id) user.set_password(request.POST['password']) user.save() # 記錄系統事件 if is_event_open(request) : log = Log(user_id=request.user.id, event=u'修改<'+user.first_name+u'>密碼成功') log.save() return redirect('homepage') else: form = PasswordForm() user = User.objects.get(id=user_id) return render_to_response('account/password.html',{'form': form, 'user':user}, context_instance=RequestContext(request))
def settings(request): tf = timezone_form(request) if request.method == 'POST': if 'password' == request.POST.get('action'): pf = PasswordForm(request.POST) if pf.is_valid(): ok = request.user.check_password( pf.cleaned_data['old_password']) if ok: request.user.set_password( pf.cleaned_data['new_password']) messages.success(request, 'Password was changed.') return redirect(request.path) else: pf.add_error('old_password', 'Wrong old password') elif 'tz' == request.POST.get('action'): pf = PasswordForm() if tf.is_valid(): tz = tf.save() messages.success(request, 'Timezone set to {}'.format(tz.timezone)) return redirect(request.path) else: pf = PasswordForm() else: pf = PasswordForm() return render(request, 'settings.html', {'password_form': pf, 'tz_form': tf})
def password(request, template_name='django_yubico/password.html', redirect_field_name=REDIRECT_FIELD_NAME): """ Displays the password form and handles the login action. """ redirect_to = request.REQUEST.get(redirect_field_name, settings.LOGIN_REDIRECT_URL) for key in SESSION_KEYS: # Make sure all the required session keys are present value = request.session.get(key, None) if value is None: return HttpResponseRedirect(reverse('yubico_django_login')) user_id = request.session[YUBIKEY_SESSION_USER_ID] auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND] user = User.objects.get(pk=user_id) user.backend = auth_backend if request.method == 'POST': form = PasswordForm(request.POST, user=user) if form.is_valid(): auth_login(request=request, user=user) reset_user_session(session=request.session) return HttpResponseRedirect(redirect_to) else: # Limit the number of password attempts per token request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1 if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \ YUBIKEY_PASSWORD_ATTEMPTS: # Maximum number of attemps has been reached. Require user to # start from scratch. reset_user_session(session=request.session) return HttpResponseRedirect(reverse('yubico_django_login')) else: form = PasswordForm(user=user) dictionary = {'form': form, redirect_field_name: redirect_to} return render_to_response(template_name, dictionary, context_instance=RequestContext(request))
def auth(username): """ Log in """ if 'username' in session and session['username'] == username: return redirect(url_for('home')+username+'/edit') else: person = PeopleModel.get_by_key_name(username.lower()) if person: form = PasswordForm() if form.validate_on_submit(): if check_password_hash(person.password, form.password.data): session['username'] = username return redirect(url_for('home')+username+'/edit') else: flash(u'Das eingegebene Passwort war leider Falsch. Probier es noch einmal') return redirect(url_for('home')+username+'/auth') return render_template('auth.html', name=username, form=form) else: abort(404)
def user_password(request, user_id, response_format='html'): "User change password form" profile = get_object_or_404(User, pk=user_id) if request.POST: if 'cancel' not in request.POST: form = PasswordForm(profile.user, request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id])) else: return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id])) else: form = PasswordForm(profile.user) return render_to_response('core/administration/user_password', {'profile': profile, 'form': form}, context_instance=RequestContext(request), response_format=response_format)
def reset_with_token(token): try: email = security.ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) form = PasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=email).first_or_404() user.pwdhash = form.password.data user.set_password(user.pwdhash) db.session.add(user) db.session.commit() return redirect(url_for('signin')) return render_template('reset_with_token.html', form=form, token=token)
def reset_password(): if request.method == "POST": form = PasswordForm(request.form) if form.validate(): ul = serv.login(g.user['email'],form.oldpassword.data) if ul: ul.reset_password(form.newpassword.data) try: g.db.flush() g.db.commit() success = u"重设密码成功" except Exception, e: g.db.rollback() log.error(e.message) errors = [u"未知异常"] else: errors = [u"登陆密码输入不正确"] else: errors = [v[0] for k, v in form.errors.iteritems()]
def password(request, template_name='django_yubico/password.html', redirect_field_name=REDIRECT_FIELD_NAME): """ Displays the password form and handles the login action. """ redirect_to = settings.LOGIN_REDIRECT_URL for key in SESSION_KEYS: # Make sure all the required session keys are present value = request.session.get(key, None) if value is None: return HttpResponseRedirect(reverse('yubico_django_login')) user_id = request.session[YUBIKEY_SESSION_USER_ID] auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND] user = User.objects.get(pk=user_id) user.backend = auth_backend if request.method == 'POST': form = PasswordForm(request.POST, user=user) if form.is_valid(): auth_login(request=request, user=user) reset_user_session(session=request.session) return HttpResponseRedirect(redirect_to) else: # Limit the number of password attempts per token request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1 if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \ YUBIKEY_PASSWORD_ATTEMPTS: # Maximum number of attemps has been reached. Require user to # start from scratch. reset_user_session(session=request.session) return HttpResponseRedirect(reverse('yubico_django_login')) else: form = PasswordForm(user=user) dictionary = {'form': form, redirect_field_name: redirect_to} return render_to_response(template_name, dictionary, context_instance=RequestContext(request))
def reset_password(): if request.method == "POST": form = PasswordForm(request.form) if form.validate(): ul = serv.login(g.user['email'], form.oldpassword.data) if ul: ul.reset_password(form.newpassword.data) try: g.db.flush() g.db.commit() success = u"重设密码成功" except Exception, e: g.db.rollback() log.error(e.message) errors = [u"未知异常"] else: errors = [u"登陆密码输入不正确"] else: errors = [v[0] for k, v in form.errors.iteritems()]
def reset_with_token(token): """ reset password with email token @param token: unique token @type token: str @return: refreshed page indicating success or failure """ try: email = ts.loads(token, salt="recover-key", max_age=86400) except: abort(404) form = PasswordForm() if form.validate_on_submit(): user = User.get(email) password = form.password.data user.change_password(user.set_password(password)) login_user(user) flash('Password changed successfully!') return redirect(url_for('main')) return render_template('reset_with_token.html', form=form, token=token)
def new_password(): form = PasswordForm() if form.validate_on_submit(): message = form.password.data # Users real password message = message.encode('latin-1') # processed encrypted_text = CIPHER.encrypt(message) # Got the value encrypted_text = encrypted_text.decode() password = Password(site=form.site.data, password=encrypted_text, hint=form.hint.data, user=current_user) db.session.add(password) db.session.commit() flash("Password Added", 'success') return redirect(url_for('passwords')) return render_template("create_passwords.html", title="New Password", form=form, legend='Add')
def delete_user(username): user = User.query.filter_by(username=username).first() if user: form = PasswordForm() password = form.password.data if form.validate_on_submit(): if User.authenticate(username, password): session.pop("user_id") db.session.delete(user) db.session.commit() flash("User has been deleted.") return redirect("/") else: flash("Invalid password, loser.") return render_template("delete.html", form=form) else: return render_template("delete.html", form=form) else: flash("Thou must be logged in to do that.") return redirect("/"), 401
def password(request, template_name = 'django_yubico/password.html', redirect_field_name = REDIRECT_FIELD_NAME): """Displays the password form and handles the login action.""" redirect_to = request.REQUEST.get(redirect_field_name, '') if not request.session.get(YUBIKEY_SESSION_USER) or not request.session.get(YUBIKEY_ATTEMPT_COUNTER): return HttpResponseRedirect(reverse('yubico_django_login')) if request.method == 'POST': form = PasswordForm(request.POST, user = request.session[YUBIKEY_SESSION_USER]) if form.is_valid(): auth_login(request, request.session[YUBIKEY_SESSION_USER]) try: del(request.session[YUBIKEY_SESSION_USER]) except KeyError: pass try: del(request.session[YUBIKEY_ATTEMPT_COUNTER]) except KeyError: pass return HttpResponseRedirect(redirect_to or settings.LOGIN_REDIRECT_URL) else: # Limit the number of password attempts per token request.session[YUBIKEY_ATTEMPT_COUNTER] += 1 if request.session[YUBIKEY_ATTEMPT_COUNTER] > YUBIKEY_PASSWORD_ATTEMPTS: del(request.session[YUBIKEY_SESSION_USER]) del(request.session[YUBIKEY_ATTEMPT_COUNTER]) return HttpResponseRedirect(reverse('yubico_django_login')) else: form = PasswordForm(user = request.session[YUBIKEY_SESSION_USER]) return render_to_response(template_name, {'form': form, redirect_field_name: redirect_to}, \ context_instance = RequestContext(request))
def password_reset(payload=None): form = PasswordForm() if request.method == 'POST': if not form.validate(): return render_template('passwordreset.html', form=form, user=get_user(), msg=None) else: # update password reset_id = form.reset_id.data user = User.query.get(reset_id) if user: user.set_password(form.password.data) db.session.commit() msg = "password has been changed. please login again." else: msg = "user not found." return render_template('passwordreset.html', form=form, user=get_user(), msg=msg) else: e = crypto.crypto() decrypted = e.decrypt(payload, True) p = User.query.get(decrypted) if p: return render_template('passwordreset.html', form=form, user=p, msg=None) else: return render_template('passwordreset.html', form=form, user=get_user(), msg=decrypted)