def login_screen_submit(): """handle the login form submit""" # try to find user by username user_details = site_user.get_by_username({ 'username': request.form.get('username')}).get() # not found so lets bail to the login screen if not user_details: flash('Failed to login with that username and password, please retry.') return redirect('/login') # now lets verify the users password, and bail if its wrong pw_hash = generate_password_hash(request.form.get('password')) if check_password_hash(pw_hash, user_details.get('password')): flash('Failed to login with that username and password, please retry.') return redirect('/login') #login user and redirect to profile login_user( User(user_details.get('user_id')) ) flash('You have successfully logged in !') site_user.update_last_login().execute({'id': user_details.get('user_id')}) # logged in but no E-Mail so lets ask the user for there email. if not user_details.get('email'): return redirect('/profile/change_email') return redirect('/profile')
def reset_password_submit(): user_details = site_user.get_by_username({ 'email': request.form.get('email')}).get() reset_code = hashlib.sha256(str(uuid.uuid4())).hexdigest() if user_details: site_user.create_password_reset() \ .on_duplicate() \ .execute({ 'user_id': str(user_details.get('user_id')), 'reset_code': reset_code}) l=web.link.create(title='Change password', content='Click to change password',link="{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})).render() body = "Please follow the link below to change your password.\n" + l body += "{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code}) sendmail().send( from_address='*****@*****.**', to_address='oly@leela', subject="Reset password request", body=body) # display success page, dont give away anything about if the email is actually registered web.template.create('Maidstone Hackspace - Password reset') header('Password reset') web.page.create('Password reset sent') web.page.section( web.paragraph.create('If this E-Mail is registered you will shortly be reciving an E-Mail with reset details').render() ) web.template.body.append(web.page.render()) return make_response(footer())
def reset_password_submit(): user_details = site_user.get_by_username({ 'email': request.form.get('email')}).get() reset_code = hashlib.sha256(str(uuid.uuid4())).hexdigest() if user_details: site_user.create_password_reset() \ .on_duplicate() \ .execute({ 'user_id': str(user_details.get('user_id')), 'reset_code': reset_code}) l=web.link.create(title='Change password', content='Click to change password',link="{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code})).render() body = "Please follow the link below to change your password.\n" + l body += "{domain}change-password/{resetcode}".format(**{'domain':app_domain, 'resetcode': reset_code}) sendmail().send(from_address='*****@*****.**', to_address='oly@leela', subject="Reset password request", body=body) # display success page, dont give away anything about if the email is actually registered web.template.create('Maidstone Hackspace - Password reset') header('Password reset') web.page.create('Password reset sent') web.page.section( web.paragraph.create('If this E-Mail is registered you will shortly be reciving an E-Mail with reset details').render() ) web.template.body.append(web.page.render()) return make_response(footer())
def login_screen_submit(): """handle the login form submit""" # try to find user by username user_details = site_user.get_by_username({ 'email': request.form.get('username')}).get() #not found so lets bail to the login screen if not user_details: flash('Failed to login with that username and password, please retry.') return login_screen() #now lets verify the users password, and bail if its wrong pw_hash = generate_password_hash(request.form.get('password')) if check_password_hash(pw_hash, user_details.get('password')): flash('Failed to login with that username and password, please retry.') return login_screen() #login user and redirect to profile login_user( User(user_details.get('user_id')) ) flash('You have successfully logged in !') #~ session['username'] = user_details.get('username', 'anonymous') #~ session['user_id'] = str(user_details.get('user_id')) site_user.update_last_login(user_details) return redirect('/profile')
def testRegisterNewUser(self): pw_hash = generate_password_hash('letmein') site_user.create().execute({ 'username': '******', 'first_name': 'myfirstname', 'last_name': 'mylastname', 'password': pw_hash }) user_details = site_user.get_by_username({ 'username': '******'}).get() self.assertTrue(user_details) self.assertTrue(pw_hash == user_details.get('password')) self.assertTrue(user_details)