def post(self, *args, **kwargs):
""" Sends the password reset to email """
user = User.by_email(self.get_argument("email", ""))
if user is not None and len(options.mail_host) > 0 and len(user.email) > 0:
reset_token = encode(urandom(16), "hex")
passtoken = PasswordToken()
passtoken.user_id = user.id
passtoken.value = sha256(reset_token).hexdigest()
self.dbsession.add(passtoken)
self.dbsession.commit()
receivers = [user.email]
message = self.create_reset_message(user, reset_token)
smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port)
smtpObj.set_debuglevel(False)
try:
smtpObj.starttls()
try:
smtpObj.login(options.mail_username, options.mail_password)
except smtplib.SMTPNotSupportedError as e:
logging.warn("SMTP Auth issue (%s). Attempting to send anyway." % e)
smtpObj.sendmail(options.mail_sender, receivers, message)
finally:
smtpObj.quit()
logging.info("Password Reset sent for %s" % user.email)
elif not len(options.mail_host) > 0:
logging.info("Password Reset request failed: No Mail Host in Settings.")
elif user is None or not len(user.email) > 0:
logging.info("Password Reset request failed: Email does not exist.")
self.render(
"public/forgot.html",
errors=None,
info=["If the email exists, a password reset has been sent."],
)
def post(self, *args, **kwargs):
""" Sends the password reset to email """
user = User.by_email(self.get_argument("email", ""))
if user is not None and len(options.mail_host) > 0 and len(
user.email) > 0:
reset_token = encode(urandom(16), "hex")
passtoken = PasswordToken()
passtoken.user_id = user.id
passtoken.value = sha256(reset_token).hexdigest()
self.dbsession.add(passtoken)
self.dbsession.commit()
receivers = [user.email]
message = self.create_message(user, reset_token)
smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port)
smtpObj.set_debuglevel(False)
try:
smtpObj.starttls()
smtpObj.login(options.mail_username, options.mail_password)
smtpObj.sendmail(options.mail_sender, receivers, message)
finally:
smtpObj.quit()
self.render(
"public/forgot.html",
errors=None,
info=["If the email exists, a password reset has been sent."],
)
def post(self, *args, **kwargs):
token = self.get_argument("token", "")
uuid = self.get_argument("uuid", "")
if self.valid_pass_token(token, uuid):
if self.get_argument("pass1", "") != self.get_argument(
"pass2", ""):
self.render(
"public/reset.html",
errors=None,
info=["Passwords do not match."],
token=token,
uuid=uuid,
)
else:
pass_token = PasswordToken.by_value(token)
user = User.by_id(pass_token.user_id)
user.password = self.get_argument("pass1", "")
pass_token.used = True
self.dbsession.add(pass_token)
self.dbsession.commit()
self.render(
"public/reset.html",
errors=None,
info=["Successfully updated password."],
uuid=uuid,
token=token,
)
def valid_pass_token(self, token, uuid):
pass_token = PasswordToken.by_value(token)
if pass_token:
user = User.by_id(pass_token.user_id)
if (user and user.uuid == uuid and not pass_token.is_expired()
and not pass_token.used):
return True
self.render(
"public/reset.html",
errors=[
"The password reset token does not exist, is invalid or expired."
],
info=None,
token="",
uuid="",
)
return False
def post(self, *args, **kwargs):
token = self.get_argument("token", "")
uuid = self.get_argument("uuid", "")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
self.render(
"public/reset.html",
errors=None,
info=["Passwords do not match."],
token=token,
uuid=uuid,
)
return
pass_token = PasswordToken.by_value(token)
if pass_token:
user = User.by_id(pass_token.user_id)
if (
user
and user.uuid == uuid
and not pass_token.is_expired()
and not pass_token.used
):
user.password = self.get_argument("pass1", "")
pass_token.used = True
self.dbsession.add(pass_token)
self.dbsession.commit()
self.render(
"public/reset.html",
errors=None,
info=["Successfully updated password."],
uuid=uuid,
token=token,
)
return
self.render(
"public/reset.html",
errors=["The user or token does not exist, is invalid or expired."],
info=None,
token=token,
uuid=uuid,
)