def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN')) if expired: do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=_security.reset_password_within)) if invalid or expired: return redirect(url_for('browser.forgot_password')) has_error = False form = _security.reset_password_form() if form.validate_on_submit(): try: update_password(user, form.password.data) except SOCKETErrorException as e: # Handle socket errors which are not covered by SMTPExceptions. logging.exception(str(e), exc_info=True) flash( gettext( u'SMTP Socket error: {}\nYour password has not been changed.' ).format(e), 'danger') has_error = True except (SMTPConnectError, SMTPResponseException, SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, SMTPAuthenticationError, SMTPSenderRefused, SMTPRecipientsRefused) as e: # Handle smtp specific exceptions. logging.exception(str(e), exc_info=True) flash( gettext( u'SMTP error: {}\nYour password has not been changed.' ).format(e), 'danger') has_error = True except Exception as e: # Handle other exceptions. logging.exception(str(e), exc_info=True) flash( gettext(u'Error: {}\nYour password has not been changed.'). format(e), 'danger') has_error = True if not has_error: after_this_request(_commit) do_flash(*get_message('PASSWORD_RESET')) login_user(user) return redirect( get_url(_security.post_reset_view) or get_url(_security.post_login_view)) return _security.render_template( config_value('RESET_PASSWORD_TEMPLATE'), reset_password_form=form, reset_password_token=token, **_ctx('reset_password'))
def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: return redirect(url_for('frontend.forgot_password') + '?invalid') elif expired: send_reset_password_instructions(user) return redirect(url_for('frontend.forgot_password') + '?expired') elif request.method == 'GET': return redirect(url_for('frontend.reset_password', token=token)) form = _security.reset_password_form() if form.validate_on_submit(): after_this_request(_commit) update_password(user, form.newPassword.data) login_user(user) else: return jsonify({'errors': form.errors}), HTTPStatus.BAD_REQUEST return jsonify({ 'token': user.get_auth_token(), 'user': user, })
def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN')) if expired: do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=config_value('RESET_PASSWORD_WITHIN'))) if invalid or expired: return redirect(url_for('login.forgot_password')) form = ResetPasswordForm() if form.validate_on_submit(): update_password(user, form.new_password.data) do_flash(*get_message('PASSWORD_RESET')) login_user(user) return redirect( get_url(config_value('POST_RESET_VIEW')) or get_url(config_value('POST_LOGIN_VIEW'))) else: current_app.logger.error('Form did not validate: {}'.format( form.errors)) flash(form.errors, 'error') return render_template('login/reset_password.html', reset_password_form=form, reset_password_token=token)
def post(self): data = parser.parse_args() print("We are here") if not data['password'] or not data['token']: return { 'message': 'Provide Password and the token sent', "loggedIn": False }, 401 expired, invalid, user = reset_password_token_status(data['token']) if expired: return { 'message': 'The password reset token provided has expired', "loggedIn": False }, 401 if invalid: return { 'message': 'Invalid token provided', "loggedIn": False }, 401 if not user: return { 'message': 'Could not find a user for that account', "loggedIn": False }, 401 print("Updating password for", user.username) update_password(user, data['password']) return { 'message': 'The password for your account has been successfully updated' }
def update_password(self): """Used in conjunction with reset password to set password to a known value""" schema = RELS['v1.AuthView:update'][request.method] args = reset_password_options.parse_args() try: validate(args, schema, format_checker=FormatChecker()) except ValidationError as e: return dict(status=400, message=e.message), 400 token = args.get('token') expired, invalid, user = reset_password_token_status(token) if invalid or not user: return dict(status=409, message="Invalid reset token"), 409 if expired: return dict(status=409, message="Reset token has expired"), 409 update_password(user, args.get('password')) user.reset_secret() send_password_reset_notice(user) #SEE 90720022, Login the user login_user(user) user.save() #saving the user as a precaution, want the log data return {'status': 200, 'message': 'Password updated', 'user': generate_response_dict(user=user)}
def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN')) if expired: do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=_security.reset_password_within)) if invalid or expired: return redirect(url_for('browser.forgot_password')) has_error = False form = _security.reset_password_form() if form.validate_on_submit(): try: update_password(user, form.password.data) except SOCKETErrorException as e: # Handle socket errors which are not covered by SMTPExceptions. logging.exception(str(e), exc_info=True) flash(gettext(u'SMTP Socket error: {}\n' u'Your password has not been changed.' ).format(e), 'danger') has_error = True except (SMTPConnectError, SMTPResponseException, SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, SMTPAuthenticationError, SMTPSenderRefused, SMTPRecipientsRefused) as e: # Handle smtp specific exceptions. logging.exception(str(e), exc_info=True) flash(gettext(u'SMTP error: {}\n' u'Your password has not been changed.' ).format(e), 'danger') has_error = True except Exception as e: # Handle other exceptions. logging.exception(str(e), exc_info=True) flash(gettext(u'Error: {}\n' u'Your password has not been changed.' ).format(e), 'danger') has_error = True if not has_error: after_this_request(_commit) do_flash(*get_message('PASSWORD_RESET')) login_user(user) return redirect(get_url(_security.post_reset_view) or get_url(_security.post_login_view)) return _security.render_template( config_value('RESET_PASSWORD_TEMPLATE'), reset_password_form=form, reset_password_token=token, **_ctx('reset_password'))
def post(self, **kwargs): expired, invalid, user = reset_password_token_status(kwargs['token']) if expired: abort(422, 'Password reset token expired.') elif invalid: abort(422, 'Invalid password reset token.') else: user.password = kwargs['password'] db.session.commit() return {'message': 'Password reset succesfully.'}
def get_user(self, token=None, **kwargs): """Retrieve a user by the provided arguments.""" # Verify the token expired, invalid, user = reset_password_token_status(token) if invalid: _abort(get_message('INVALID_RESET_PASSWORD_TOKEN')[0]) if expired: _abort( get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=current_security.reset_password_within)[0]) return user
def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN')) if expired: do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=_security.reset_password_within)) if invalid or expired: return redirect(url_for('browser.forgot_password')) has_error = False form = _security.reset_password_form() if form.validate_on_submit(): try: update_password(user, form.password.data) except SOCKETErrorException as e: # Handle socket errors which are not covered by SMTPExceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger') has_error = True except (SMTPConnectError, SMTPResponseException, SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, SMTPAuthenticationError, SMTPSenderRefused, SMTPRecipientsRefused) as e: # Handle smtp specific exceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_ERROR).format(e), 'danger') has_error = True except Exception as e: # Handle other exceptions. logging.exception(str(e), exc_info=True) flash(gettext(PASS_ERROR).format(e), 'danger') has_error = True if not has_error: after_this_request(view_commit) auth_obj = AuthSourceManager(form, [INTERNAL]) session['_auth_source_manager_obj'] = auth_obj.as_dict() if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: flash( gettext('You successfully reset your password but' ' your account is locked. Please contact ' 'the Administrator.'), 'warning') return redirect(get_post_logout_redirect()) do_flash(*get_message('PASSWORD_RESET')) login_user(user) auth_obj = AuthSourceManager(form, [INTERNAL]) session['auth_source_manager'] = auth_obj.as_dict() return redirect( get_url(_security.post_reset_view) or get_url(_security.post_login_view)) return _security.render_template( config_value('RESET_PASSWORD_TEMPLATE'), reset_password_form=form, reset_password_token=token, **_ctx('reset_password'))