def forgot_password(): form = ForgotPasswordForm(request.form) if form.validate_on_submit(): email = form.email.data user = User.query.filter_by(email=email).first() if user: token = randomString(32) addAuditLog(AuditSeverity.USER, user, "(Anonymous) requested a password reset", url_for("users.profile", username=user.username), None) ver = UserEmailVerification() ver.user = user ver.token = token ver.email = email ver.is_password_reset = True db.session.add(ver) db.session.commit() send_verify_email.delay(form.email.data, token) else: send_anon_email.delay(email, "Unable to find account", """ <p> We were unable to perform the password reset as we could not find an account associated with this email. </p> <p> If you weren't expecting to receive this email, then you can safely ignore it. </p> """) flash("Check your email address to continue the reset", "success") return redirect(url_for("homepage.home")) return render_template("users/forgot_password.html", form=form)
def handle_register(form): user_by_name = User.query.filter( or_(User.username == form.username.data, User.username == form.display_name.data, User.display_name == form.display_name.data, User.forums_username == form.username.data, User.github_username == form.username.data)).first() if user_by_name: if user_by_name.rank == UserRank.NOT_JOINED and user_by_name.forums_username: flash( "An account already exists for that username but hasn't been claimed yet.", "danger") return redirect( url_for("users.claim_forums", username=user_by_name.forums_username)) else: flash( "That username/display name is already in use, please choose another.", "danger") return user_by_email = User.query.filter_by(email=form.email.data).first() if user_by_email: send_anon_email.delay( form.email.data, "Email already in use", "We were unable to create the account as the email is already in use by {}. Try a different email address." .format(user_by_email.display_name)) flash("Check your email address to verify your account", "success") return redirect(url_for("homepage.home")) elif EmailSubscription.query.filter_by(email=form.email.data, blacklisted=True).count() > 0: flash( "That email address has been unsubscribed/blacklisted, and cannot be used", "danger") return user = User(form.username.data, False, form.email.data, make_flask_login_password(form.password.data)) user.notification_preferences = UserNotificationPreferences(user) if form.display_name.data: user.display_name = form.display_name.data db.session.add(user) addAuditLog(AuditSeverity.USER, user, "Registered with email, display name=" + user.display_name, url_for("users.profile", username=user.username)) token = randomString(32) ver = UserEmailVerification() ver.user = user ver.token = token ver.email = form.email.data db.session.add(ver) db.session.commit() send_verify_email.delay(form.email.data, token) flash("Check your email address to verify your account", "success") return redirect(url_for("homepage.home"))