def post(self, *args, **kwargs):
""" Sends the password reset to email """
user = User.by_email(self.get_argument("email", ""))
if user is not None and len(options.mail_host) > 0 and len(user.email) > 0:
reset_token = encode(urandom(16), "hex")
passtoken = PasswordToken()
passtoken.user_id = user.id
passtoken.value = sha256(reset_token).hexdigest()
self.dbsession.add(passtoken)
self.dbsession.commit()
receivers = [user.email]
message = self.create_reset_message(user, reset_token)
smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port)
smtpObj.set_debuglevel(False)
try:
smtpObj.starttls()
try:
smtpObj.login(options.mail_username, options.mail_password)
except smtplib.SMTPNotSupportedError as e:
logging.warn("SMTP Auth issue (%s). Attempting to send anyway." % e)
smtpObj.sendmail(options.mail_sender, receivers, message)
finally:
smtpObj.quit()
logging.info("Password Reset sent for %s" % user.email)
elif not len(options.mail_host) > 0:
logging.info("Password Reset request failed: No Mail Host in Settings.")
elif user is None or not len(user.email) > 0:
logging.info("Password Reset request failed: Email does not exist.")
self.render(
"public/forgot.html",
errors=None,
info=["If the email exists, a password reset has been sent."],
)
def form_validation(self):
if (bool(
re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$",
self.get_argument("handle", ""))) is False):
raise ValidationError("Invalid handle format")
email = self.get_argument("email", None)
if options.require_email and (not email or not len(email) > 0):
raise ValidationError("Email address is required")
if (email and bool(
re.match(
r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$",
self.get_argument("email", ""),
)) is False):
raise ValidationError("Invalid email format")
if (self.get_argument("playername", None) and bool(
re.match(r"^[a-zA-Z0-9 ]{3,64}$",
self.get_argument("playername", ""))) is False):
raise ValidationError("Invalid playername format")
if (User.by_handle(self.get_argument("handle", ""),
case_sensitive=False) is not None):
raise ValidationError("This handle is already registered")
if User.by_email(self.get_argument("email", "")) is not None:
raise ValidationError("This email address is already registered")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
raise ValidationError("Passwords do not match")
def post(self, *args, **kwargs):
""" Sends the password reset to email """
user = User.by_email(self.get_argument("email", ""))
if user is not None and len(options.mail_host) > 0 and len(
user.email) > 0:
reset_token = encode(urandom(16), "hex")
passtoken = PasswordToken()
passtoken.user_id = user.id
passtoken.value = sha256(reset_token).hexdigest()
self.dbsession.add(passtoken)
self.dbsession.commit()
receivers = [user.email]
message = self.create_message(user, reset_token)
smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port)
smtpObj.set_debuglevel(False)
try:
smtpObj.starttls()
smtpObj.login(options.mail_username, options.mail_password)
smtpObj.sendmail(options.mail_sender, receivers, message)
finally:
smtpObj.quit()
self.render(
"public/forgot.html",
errors=None,
info=["If the email exists, a password reset has been sent."],
)
def post(self, *args, **kwargs):
""" Checks submitted username and password """
user = User.by_handle(self.get_argument("account", ""))
password_attempt = self.get_argument("password", "")
if user is None:
user = User.by_email(self.get_argument("account", ""))
if user is not None:
if user.validate_password(password_attempt):
self.valid_login(user)
else:
self.failed_login()
else:
if password_attempt is not None:
PBKDF2.crypt(password_attempt, "BurnTheHashTime")
self.failed_login()