def change_password(**params):
if request.method == "GET":
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
csrf_token = CSRFToken.generate_csrf_token(user)
if success and csrf_token:
params["current_user"] = user
params["csrf_token"] = csrf_token
return render_template("public/auth/change_password.html",
**params)
else:
params["error_message"] = message
return render_template("public/auth/error_page.html", **params)
elif request.method == "POST":
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
current_email = user.email
current_password = request.form.get("current_password")
new_password = request.form.get("new_password")
form_csrf_token = request.form.get("csrf_token")
csrf_validation_success = CSRFToken.validate_csrf_token(
form_csrf_token)
if current_email and current_password and new_password and csrf_validation_success:
# checks if user with this e-mail and password exists
user = User.query.filter_by(email=current_email).first()
if user and bcrypt.checkpw(current_password.encode("utf-8"),
user.password.encode("utf-8")):
success, message = User.update_password(
current_email, new_password)
if success:
# if password was changed, logout the user so he has to login again
# prepare the response
message = "Your password has been changed, please login again."
response = redirect(
url_for("public.main.login", info_message=message))
# remove session cookie
response.set_cookie('my-simple-app-session', '', expires=0)
return response
else:
params["error_message"] = message
return render_template("public/auth/error_page.html",
**params)
else:
params[
"error_message"] = "You entered the wrong old password, please try again."
return render_template("public/auth/error_page.html", **params)
def registration(**params):
if request.method == "GET":
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
if success:
params["current_user"] = user
return render_template("public/auth/logged_in.html", **params)
else:
return render_template("public/auth/registration.html", **params)
elif request.method == "POST":
email = request.form.get("email")
password = request.form.get("password")
if email and password:
success, user, message = User.create(email=email, password=password)
if success:
send_success = User.send_verification_code(user)
if send_success:
return render_template("public/auth/verify_email.html", **params)
else:
params["error_message"] = message
return render_template("public/auth/error_page.html", **params)
def users_list(**params):
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
if success:
params["current_user"] = user
params["users"] = User.get_users()
return render_template("admin/users/users-list.html", **params)
else:
params["error_message"] = message
return render_template("public/auth/error_page.html", **params)
def email_verification(code, **params):
if request.method == "GET":
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
if success:
return render_template("public/auth/logged_in.html", **params)
else:
verify_success, verify_message = User.verify_verification_code(code)
if verify_success:
return render_template("public/auth/registration_success.html", **params)
else:
params["error_message"] = message
return render_template("public/auth/error_page.html", **params)
def login(**params):
if request.method == "GET":
params["info_message"] = request.args.get("info_message")
token = request.cookies.get('my-simple-app-session')
success, user, message = Session.verify_session(token)
if success:
params["current_user"] = user
return render_template("public/auth/logged_in.html", **params)
else:
return render_template('public/main/index.html', **params)
elif request.method == "POST":
email = request.form.get("email")
password = request.form.get("password")
if email and password:
# checks if user with this email exists
user = User.query.filter_by(email=email).first()
if user:
if user.verification_code != "":
message = "Please verify your e-mail, we've sent you instructions."
params["danger_message"] = message
return render_template("public/main/index.html", **params)
if bcrypt.checkpw(password.encode("utf-8"),
user.password.encode("utf-8")):
token = Session.generate_session(user)
response = make_response(
redirect(url_for("admin.users.users_list")))
response.set_cookie('my-simple-app-session', token)
return response
else:
message = "You entered wrong e-mail or password."
params["danger_message"] = message
return render_template("public/main/index.html", **params)
else:
message = "You entered wrong e-mail or password."
params["danger_message"] = message
return render_template("public/main/index.html", **params)
def decorated_function(*args, **kwargs):
session_id = request.cookies.get('session_id')
if not Session.verify_session(session_id):
return redirect("/login/form", code=302)
Session.refresh_session(session_id)
return f(*args, **kwargs)
def decorated_function(*args, **kwargs):
session_id = request.cookies.get('session_id')
if not Session.verify_session(session_id):
return redirect("/login/form", code=302)
Session.refresh_session(session_id)
return f(*args, **kwargs)