def manager_user(): grade = request.args.get('grade', '2') if grade == '1': users = User.objects(is_admin='1').all() else: users = User.objects(is_admin='2').all() page = request.args.get('page', 1, int) pagination = users.paginate(page, 10) targets = pagination.items return render_template('admin/manager_user.html', pagination=pagination, targets=targets)
def validate_token(user, token, operation, new_password=None): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (SignatureExpired, BadSignature): return False if operation != data.get('operation') or str(user.pk) != data.get('id'): return False if operation == 'confirm': user.confirmed = True elif operation == 'reset-password': user.set_password(new_password) elif operation == 'change_email': new_email = data.get('new_email') if new_email is None: return False if User.objects(email=new_email).first() is not None: return False user.email = new_email else: return False user.save() return True
def upgrade(user_id): form = UpgradeForm() user = User.objects(pk=user_id).first() if form.validate_on_submit(): user.update(is_admin=form.is_admin.data) flash('修改管理成功', 'success') return redirect(url_for('admin.manager_user')) form.is_admin.data = user.is_admin return render_template('admin/upgrade.html', form=form)
def forget_password(): if current_user.is_authenticated: return redirect(url_for('base')) form = ForgetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data.lower()).first() if user: token = generate_token(user=user, operation='reset-password') send_reset_password_email(user=user, token=token) flash('重置密码邮件已发送,请到邮箱中确认', 'info') return redirect(url_for('user.login')) flash('该邮箱不存在', 'warning') return redirect(url_for('user.forget_password')) return render_template('user/reset_password.html', form=form)
def test_register(self): self.logout() email = '*****@*****.**' username = '******' password = '******' password2 = '1234567a' res = self.client.post(url_for('user.register'), data=dict(email=email, username=username, password=password, password2=password2), follow_redirects=True) data = res.get_data(as_text=True) user = User.objects(username='******').first() user.delete() self.assertEqual(res.status_code, 200) self.assertIn('确认邮件已发送,请检查您的收件箱', data)
def login(): if current_user.is_authenticated: return redirect(url_for('base')) form = LoginForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user: if user.validate_password(form.password.data): login_user(user, form.remember_me.data) flash('欢迎回来.', 'info') return redirect_back() else: flash('密码错误', 'warning') return redirect(url_for('user.login')) else: flash('帐号不存在', 'warning') return redirect(url_for('user.login')) return render_template('user/login.html', form=form)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('base')) form = ResetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data.lower()).first() if user is None: flash('邮箱不存在', 'warning') return redirect(url_for('base')) if validate_token(user=user, token=token, operation='reset-password', new_password=form.password.data): flash('重置密码成功', 'success') return redirect(url_for('user.login')) else: flash('无效或者过期的链接', 'danger') return redirect(url_for('user.forget_password')) return render_template('user/reset_password.html', form=form)
def validate_username(self, field): if User.objects(username=field.data).first(): raise ValidationError('帐号已经存在')
def validate_email(self, field): if User.objects(email=field.data.lower()).first(): raise ValidationError('该邮箱已被注册')