def resetPassword(token):
if current_user.is_authenticated:
# If user is already logged in (they have their password), issue a redirect
return redirect(url_for('.index'))
# Create form object
form = ResetPassword()
# If the form validates on submit
if form.validate_on_submit():
if User.resetPassword(form.password.data, token):
# If the password reset is successful, flash green message
flash("Your password has been updated", 'success')
# Issue redirect to login page
return redirect(url_for('.login'))
else:
# If not successful, flash red message
flash("The password could not be updated", 'error')
# Issue redirect to this page
return redirect(url_for('.resetPassword'))
# Render template
return render_template("blog/resetPassword.html",
title="Blog - Reset Your Password",
year=year,
form=form)
def reset_password(username, random_key):
form = ResetPassword()
stored_key = redis_conn.get(f"reset_{username}")
user = User.query.filter_by(username=username).first()
if stored_key is not None:
# Data are stored as bytes in Redis
stored_key = stored_key.decode()
if (stored_key != random_key) or (not user):
return "Something went wrong. Key expired?"
if request.method == "GET":
return render_template("reset_password.html", form=form)
else:
if form.validate_on_submit():
new_password = form.new_password.data
confirm_password = form.confirm_password.data
if new_password == confirm_password:
# Update the password and log the user in
update_password(user_id=user.id,
password=generate_password_hash(new_password))
login_user(user)
# Delete the key
redis_conn.delete(f"reset_{username}")
return redirect(f"/user/{username}")
return "Something went wrong. Not matching passwords?"
def reset_password(request):
if request.method == 'POST':
form = ResetPassword(request.POST)
if form.is_valid():
cd = form.cleaned_data
myNewPassword = newPassword()
username = cd['username']
try:
user = User.objects.get(username=username)
if user.email == cd['email']:
user.set_password(myNewPassword)
user.save()
email = EmailMessage(
subject = 'Reading List - Temporary Password Request',
body = 'Hello ' + str(cd['username']) + ',' + '\n\n' +
'Please log in with this temporary password: '******'\n\n' +
'Your password can be reset on your profile page.',
from_email = '*****@*****.**',
to = [cd['email']],
)
email.send(fail_silently=False)
return HttpResponseRedirect(reverse('books:email_sent'))
else:
no_match = 'Username and Email does not match'
return render(request, 'books/reset_password.html', {'form': form, 'no_user': no_match})
except User.DoesNotExist:
no_user = '******'
return render(request, 'books/reset_password.html', {'form': form, 'no_user': no_user})
else:
form = ResetPassword()
return render(request, 'books/reset_password.html', {'form': form})
def reset_password():
form = ResetPassword()
if form.validate_on_submit():
if current_user.verify_password(form.password.data):
current_user.password = form.new_password.data
db.session.add(current_user)
flash(messages.reset_password_ok)
return redirect(url_for('main.index'))
flash(messages.reset_password_err)
return render_template('auth/reset_password.html', form=form)
def reset_password():
form = ResetPassword(request.form)
if request.method == 'POST':
if form.validate_on_submit():
u = User.query.filter_by(name=form.username.data, temp_pass=form.temp_pass.data).first()
if u is None:
flash("Username or passwords incorrect.")
return render_template('reset_password.html', form=form)
else:
u.temp_pass = None
u.hash_password(form.password.data)
db.session.commit()
flash("Password has been reset.")
return redirect(url_for('index'))
flash_errors(form)
return render_template('reset_password.html', form=form)
return render_template('reset_password.html', form=form)
def reset():
form = ResetPassword()
if form.validate_on_submit():
try:
user = Employee.query.filter_by(
email=form.email.data).first_or_404()
except:
flash('Invalid email address!', 'error')
return render_template('auth/reset.html', form=form)
# if user.email_confirmed:
send_password_reset_email(user.email)
flash('Please check your email for a password reset link.', 'success')
# else:
# flash('Your email address must be confirmed before attempting a password reset.', 'error')
return redirect(url_for('auth.login'))
return render_template('auth/reset.html', form=form)
def reset_password(token):
if 'loggedin' in session:
return redirect(url_for('index'))
email = verify_token(token)
if email is None:
flash(_("Token expired!"))
return redirect(url_for('login'))
form = ResetPassword()
if form.validate_on_submit():
password = generate_password_hash('{}'.format(form.password.data))
cur = db.connection.cursor()
cur.execute(
"UPDATE `user` SET `password`='{}' WHERE `email`='{}'".format(
password, email))
db.connection.commit()
flash(_("Your account is now active! Try Login!"))
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def reset_password(request):
if request.method == 'POST':
form = ResetPassword(request.POST)
if form.is_valid():
cd = form.cleaned_data
myNewPassword = newPassword()
username = cd['username']
try:
user = User.objects.get(username=username)
if user.email == cd['email']:
user.set_password(myNewPassword)
user.save()
email = EmailMessage(
subject='Reading List - Temporary Password Request',
body='Hello ' + str(cd['username']) + ',' + '\n\n' +
'Please log in with this temporary password: '******'\n\n' +
'Your password can be reset on your profile page.',
from_email='*****@*****.**',
to=[cd['email']],
)
email.send(fail_silently=False)
return HttpResponseRedirect(reverse('books:email_sent'))
else:
no_match = 'Username and Email does not match'
return render(request, 'books/reset_password.html', {
'form': form,
'no_user': no_match
})
except User.DoesNotExist:
no_user = '******'
return render(request, 'books/reset_password.html', {
'form': form,
'no_user': no_user
})
else:
form = ResetPassword()
return render(request, 'books/reset_password.html', {'form': form})
def forgot_password():
token = request.args.get('token')
form = ResetPassword()
if form.validate_on_submit():
email = form.email.data
user = User.query.filter_by(email=email).first()
if user:
token = user.get_token()
print("HERE'S THE OUL TOKEN LOVE", token)
link_for_token = "<a href=\"http://*****:*****@gmail.com",
html=message,
subject=subject)
conn.send(msg)
flash("Email has been sent!")
else:
flash("No such user in the database")
token = request.args.get('token')
verified_result = User.verify_token(token)
if token and verified_result:
is_verified_token = True
form = ResetPasswordSubmit()
if form.validate_on_submit():
verified_result.password = form.password.data
verified_result.is_subscribed = verified_result.is_subscribed
db.session.commit()
flash("Password updated successfully")
return redirect(url_for('auth.login'))
return render_template('auth/reset.html', form=form, title='Reset')