def change_password(database, reset_hash): db = models.get_database(database) or abort(404) user = db.session.query(db.User).filter_by( activation_hash='pw_reset_' + reset_hash).first() or abort(404) form = forms.ChangePasswordForm() if form.validate_on_submit(): user.activation_hash = '' user.password = password_hash(form.password.data) try: db.session.commit() flash('Password changed.') except Exception as e: print e flash( 'Could not set password in db. Please contact an administrator.' ) return redirect( url_for('frontend.experiments_index', database=database)) return render('/accounts/change_password.html', db=db, database=database, form=form, reset_hash=reset_hash)
def login(database): """ User login form and handling for a specific database. Users can only be logged in to one database at a time """ db = models.get_database(database) or abort(404) form = forms.LoginForm(csrf_enabled=False) error = None if form.validate_on_submit(): user = db.session.query( db.User).filter_by(email=form.email.data).first() if user is None: error = "Invalid password or username." else: if user.activation_hash: error = "Account not activated yet. Please check your e-mail account, otherwise contact an administrator." elif not user.verified: error = "Account was not verified yet. Please wait for an administrator to verify your account. You will be notified by e-mail." elif user.password != password_hash(form.password.data): error = 'Invalid password or username.' else: session['logged_in'] = True session['database'] = database session['idUser'] = user.idUser session['email'] = user.email session['db'] = str(db) session['admin'] = user.admin session.permanent = form.permanent_login.data # if db.is_competition() and db.competition_phase() == 5: # if not user.admin: # session.pop('logged_in', None) # flash('Website offline for competition computations.') # return redirect(url_for('frontend.experiments_index', # database=database)) flash('Login successful') return redirect( url_for('frontend.experiments_index', database=database)) return render('/accounts/login.html', database=database, error=error, db=db, form=form)
def change_password(database, reset_hash): db = models.get_database(database) or abort(404) user = db.session.query(db.User).filter_by(activation_hash='pw_reset_' + reset_hash).first() or abort(404) form = forms.ChangePasswordForm() if form.validate_on_submit(): user.activation_hash = '' user.password = password_hash(form.password.data) try: db.session.commit() flash('Password changed.') except Exception as e: print e flash('Could not set password in db. Please contact an administrator.') return redirect(url_for('frontend.experiments_index', database=database)) return render('/accounts/change_password.html', db=db, database=database, form=form, reset_hash=reset_hash)
def login(database): """ User login form and handling for a specific database. Users can only be logged in to one database at a time """ db = models.get_database(database) or abort(404) form = forms.LoginForm(csrf_enabled=False) error = None if form.validate_on_submit(): user = db.session.query(db.User).filter_by(email=form.email.data).first() if user is None: error = "Invalid password or username." else: if user.activation_hash: error = "Account not activated yet. Please check your e-mail account, otherwise contact an administrator." elif not user.verified: error = "Account was not verified yet. Please wait for an administrator to verify your account. You will be notified by e-mail." elif user.password != password_hash(form.password.data): error = 'Invalid password or username.' else: session['logged_in'] = True session['database'] = database session['idUser'] = user.idUser session['email'] = user.email session['db'] = str(db) session['admin'] = user.admin session.permanent = form.permanent_login.data # if db.is_competition() and db.competition_phase() == 5: # if not user.admin: # session.pop('logged_in', None) # flash('Website offline for competition computations.') # return redirect(url_for('frontend.experiments_index', # database=database)) flash('Login successful') return redirect(url_for('frontend.experiments_index', database=database)) return render('/accounts/login.html', database=database, error=error, db=db, form=form)
def register(database): """ User registration """ db = models.get_database(database) or abort(404) form = forms.RegistrationForm() errors = [] if form.validate_on_submit(): if db.session.query(db.User).filter_by(email=form.email.data.lower()) \ .count() > 0: errors.append( "An account with this email address already exists. Please check your e-mail account for the activation link.") try: captcha = map(int, form.captcha.data.split()) if not utils.satisfies(captcha, session['captcha']): errors.append("Wrong solution to the captcha challenge.") except: errors.append("Wrong format of the solution") if not errors: user = db.User() user.lastname = form.lastname.data user.firstname = form.firstname.data user.password = password_hash(form.password.data) user.email = form.email.data.lower() # store email in lower case for easier password reset etc user.postal_address = form.address.data user.affiliation = form.affiliation.data user.verified = False user.accepted_terms = form.accepted_terms.data user.affiliation_type = form.affiliation_type.data user.country = form.country.data hash = hashlib.sha256() hash.update(config.SECRET_KEY) hash.update(user.email) hash.update(str(datetime.datetime.now())) hash.update(user.password) user.activation_hash = hash.hexdigest() db.session.add(user) try: db.session.commit() except Exception: db.session.rollback() errors.append('Error while trying to save the account to the database. Please \ contact an administrator.') return render('/accounts/register.html', database=database, db=db, errors=errors, form=form) session.pop('captcha', None) msg = Message("[" + db.label + "] Account activation", recipients=[user.email]) msg.body = "Dear " + user.firstname + " " + user.lastname + ",\n\n" + \ "Please use the following link to activate your account:\n" + \ request.url_root[:-1] + url_for('accounts.activate', database=database, activation_hash=user.activation_hash) mail.send(msg) flash("Account created successfully. An e-mail has been sent to your account with an activation link.") return redirect(url_for('frontend.experiments_index', database=database)) # Save captcha to the session. The user will have to provide a solution for # the same captcha that was given to him. random.seed() f = utils.random_formula(2, 3) while not utils.SAT(f): f = utils.random_formula(2, 3) session['captcha'] = f return render('/accounts/register.html', database=database, db=db, errors=errors, form=form)
def register(database): """ User registration """ db = models.get_database(database) or abort(404) form = forms.RegistrationForm() errors = [] if form.validate_on_submit(): if db.session.query(db.User).filter_by(email=form.email.data.lower()) \ .count() > 0: errors.append( "An account with this email address already exists. Please check your e-mail account for the activation link." ) try: captcha = map(int, form.captcha.data.split()) if not utils.satisfies(captcha, session['captcha']): errors.append("Wrong solution to the captcha challenge.") except: errors.append("Wrong format of the solution") if not errors: user = db.User() user.lastname = form.lastname.data user.firstname = form.firstname.data user.password = password_hash(form.password.data) user.email = form.email.data.lower( ) # store email in lower case for easier password reset etc user.postal_address = form.address.data user.affiliation = form.affiliation.data user.verified = False user.accepted_terms = form.accepted_terms.data user.affiliation_type = form.affiliation_type.data user.country = form.country.data hash = hashlib.sha256() hash.update(config.SECRET_KEY) hash.update(user.email) hash.update(str(datetime.datetime.now())) hash.update(user.password) user.activation_hash = hash.hexdigest() db.session.add(user) try: db.session.commit() except Exception: db.session.rollback() errors.append( 'Error while trying to save the account to the database. Please \ contact an administrator.') return render('/accounts/register.html', database=database, db=db, errors=errors, form=form) session.pop('captcha', None) msg = Message("[" + db.label + "] Account activation", recipients=[user.email]) msg.body = "Dear " + user.firstname + " " + user.lastname + ",\n\n" + \ "Please use the following link to activate your account:\n" + \ request.url_root[:-1] + url_for('accounts.activate', database=database, activation_hash=user.activation_hash) mail.send(msg) flash( "Account created successfully. An e-mail has been sent to your account with an activation link." ) return redirect( url_for('frontend.experiments_index', database=database)) # Save captcha to the session. The user will have to provide a solution for # the same captcha that was given to him. random.seed() f = utils.random_formula(2, 3) while not utils.SAT(f): f = utils.random_formula(2, 3) session['captcha'] = f return render('/accounts/register.html', database=database, db=db, errors=errors, form=form)