def post(self, **kwargs):
"""Reset user password."""
user = self.get_user(**kwargs)
after_this_request(_commit)
update_password(user, kwargs['password'])
login_user(user)
return self.success_response(user)
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP Socket error: {}\nYour password has not been changed.'
).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP error: {}\nYour password has not been changed.'
).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'Error: {}\nYour password has not been changed.').
format(e), 'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(
get_url(_security.post_reset_view)
or get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
return redirect(url_for('frontend.forgot_password') + '?invalid')
elif expired:
send_reset_password_instructions(user)
return redirect(url_for('frontend.forgot_password') + '?expired')
elif request.method == 'GET':
return redirect(url_for('frontend.reset_password', token=token))
form = _security.reset_password_form()
if form.validate_on_submit():
after_this_request(_commit)
update_password(user, form.newPassword.data)
login_user(user)
else:
return jsonify({'errors': form.errors}), HTTPStatus.BAD_REQUEST
return jsonify({
'token': user.get_auth_token(),
'user': user,
})
def update_password(self):
"""Used in conjunction with reset password to set password to a known value"""
schema = RELS['v1.AuthView:update'][request.method]
args = reset_password_options.parse_args()
try:
validate(args, schema, format_checker=FormatChecker())
except ValidationError as e:
return dict(status=400, message=e.message), 400
token = args.get('token')
expired, invalid, user = reset_password_token_status(token)
if invalid or not user:
return dict(status=409, message="Invalid reset token"), 409
if expired:
return dict(status=409, message="Reset token has expired"), 409
update_password(user, args.get('password'))
user.reset_secret()
send_password_reset_notice(user)
#SEE 90720022, Login the user
login_user(user)
user.save() #saving the user as a precaution, want the log data
return {'status': 200, 'message': 'Password updated', 'user': generate_response_dict(user=user)}
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'Error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(get_url(_security.post_reset_view) or
get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def set_random_password(user: User):
"""
Randomise a user's password.
Remember to commit the session after calling this function!
"""
new_random_password = "".join(
[random.choice(string.ascii_lowercase) for _ in range(24)])
update_password(user, new_random_password)
def reset_password(token):
"""
---
post:
tags: ["User"]
description: Reset the user's password based on the given token
responses:
200:
description: Ok
"""
if not config.smtp.is_enabled():
logger.warning('Missing SMTP Config.')
return make_response(
flask.jsonify(response=dict(message="Operation not implemented"),
success=False,
code=501), 501)
try:
if 'password' not in request.json or 'password_confirm' not in request.json:
return make_response(
flask.jsonify(response=dict(message="Invalid data provided"),
success=False,
code=406), 406)
expired, invalid, user = reset_password_token_status(token)
if not user or invalid:
invalid = True
if invalid or expired:
return make_response(
flask.jsonify(response=dict(message="Invalid Token"),
success=False,
code=406), 406)
if request.is_json:
form = ResetPasswordForm(MultiDict(request.get_json()))
if form.validate_on_submit() and validate_strong_password(
form.password.data, form.password_confirm.data):
update_password(user, form.password.data)
_datastore.commit()
return flask.jsonify(
response=dict(message="Password changed successfully"),
success=True,
code=200)
return make_response(
flask.jsonify(response=dict(message="Bad request"),
success=False,
code=400), 400)
except Exception as e:
logger.exception(e)
return make_response(
flask.jsonify(response=dict(token=token, message="Server Error"),
success=False,
code=500), 500)
def account_edit_own_password():
form = forms.MembersEditPassword()
_security = LocalProxy(lambda: current_app.extensions['security'])
_datastore = LocalProxy(lambda: _security.datastore)
if form.validate_on_submit():
update_password(current_user, request.form['password'])
_datastore.commit()
flash("your password was updated", "confirmation")
return redirect(request.url)
return render_template('my_account/edit_password.html', form=form)
def account_edit_own_password():
form = forms.MembersEditPassword()
_security = LocalProxy(lambda: current_app.extensions['security'])
_datastore = LocalProxy(lambda: _security.datastore)
if form.validate_on_submit():
update_password(current_user, request.form['password'])
_datastore.commit()
flash("your password was updated", "confirmation")
return redirect(request.url)
return render_template('my_account/edit_password.html', form=form)
def post(self, **kwargs):
"""Reset user password."""
# TODO there doesn't seem to be a `.resettable` or similar?
if not current_security.recoverable:
_abort(get_message("PASSWORD_RESET_DISABLED")[0])
user = self.get_user(**kwargs)
after_this_request(_commit)
update_password(user, kwargs["password"])
login_user(user)
return self.success_response(user)
def reset_password(user):
"""
Reset the user's current password.
Send a password reset link to the user.
"""
new_random_password = "".join(
[random.choice(string.ascii_lowercase) for _ in range(24)])
update_password(user, new_random_password)
send_reset_password_instructions(user)
# commit only if sending instructions worked
db.session.commit()
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_ERROR).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(PASS_ERROR).format(e), 'danger')
has_error = True
if not has_error:
after_this_request(view_commit)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['_auth_source_manager_obj'] = auth_obj.as_dict()
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
flash(
gettext('You successfully reset your password but'
' your account is locked. Please contact '
'the Administrator.'), 'warning')
return redirect(get_post_logout_redirect())
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['auth_source_manager'] = auth_obj.as_dict()
return redirect(
get_url(_security.post_reset_view)
or get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def create_user( # noqa: C901
user_roles: Union[Dict[str, str], List[Dict[str, str]], str, List[str]] = None,
check_deliverability: bool = True,
**kwargs
) -> User:
"""Convenience wrapper to create a new User object and new Role objects (if user roles do not already exist),
and new DataSource object that corresponds to the user."""
# Check necessary input explicitly before anything happens
if "email" not in kwargs:
raise InvalidFlexMeasuresUser("No email address provided.")
email = kwargs.pop("email").strip()
try:
email_info = validate_email(email, check_deliverability=False)
# The mx check talks to the SMTP server. During testing, we skip it because it
# takes a bit of time and without internet connection it fails.
if check_deliverability and not current_app.testing:
try:
validate_email_deliverability(
email_info.domain, email_info["domain_i18n"]
)
except EmailUndeliverableError as eue:
raise InvalidFlexMeasuresUser(
"The email address %s does not seem to be deliverable: %s"
% (email, str(eue))
)
except EmailNotValidError as enve:
raise InvalidFlexMeasuresUser(
"%s is not a valid email address: %s" % (email, str(enve))
)
if "username" not in kwargs:
username = email.split("@")[0]
else:
username = kwargs.pop("username").strip()
# Check integrity explicitly before anything happens
existing_user_by_email = User.query.filter_by(email=email).one_or_none()
if existing_user_by_email is not None:
raise InvalidFlexMeasuresUser("User with email %s already exists." % email)
existing_user_by_username = User.query.filter_by(username=username).one_or_none()
if existing_user_by_username is not None:
raise InvalidFlexMeasuresUser(
"User with username %s already exists." % username
)
user_datastore = SQLAlchemySessionUserDatastore(db.session, User, Role)
kwargs.update(email=email, username=username)
user = user_datastore.create_user(**kwargs)
if user.password is None:
new_random_password = "".join(
[random.choice(string.ascii_lowercase) for _ in range(12)]
)
update_password(user, new_random_password)
# add roles to user (creating new roles if necessary)
if user_roles:
if not isinstance(user_roles, list):
user_roles = [user_roles] # type: ignore
for user_role in user_roles:
if isinstance(user_role, dict):
role = user_datastore.find_role(user_role["name"])
else:
role = user_datastore.find_role(user_role)
if role is None:
if isinstance(user_role, dict):
role = user_datastore.create_role(**user_role)
else:
role = user_datastore.create_role(name=user_role)
user_datastore.add_role_to_user(user, role)
# create data source
db.session.add(DataSource(user=user))
return user
