def update_email():
"""Allow the user to update their email address."""
if flask.request.method != 'POST':
return flask.redirect(flask.request.referrer
or flask.url_for('dashboard.profile'))
flashes = []
if (flask.request.form['email'] != login.current_user.email and
models.User.get_by_email(flask.request.form['email']) is not None):
flashes.append('That email address is already in use. ')
if ('email' not in flask.request.form
or flask.request.form['email'] == ''):
flashes.append('Email cannot be blank')
if flashes:
flask.flash(('There were errors in your provided details. Please fix '
'these and try again'), 'error')
for msg in flashes:
flask.flash(msg, 'warning')
return flask.redirect(flask.request.referrer
or flask.url_for('dashboard.profile'))
if flask.request.form['email'] != login.current_user.email:
login.current_user.new_email = flask.request.form['email']
login.current_user.secret_key = util.generate_key(64)
login.current_user.secret_key_expiry = (datetime.datetime.utcnow() +
datetime.timedelta(days=7))
APP.email_manager.send_template(
flask.request.form['email'],
'Confirm your Email Address',
'email_change_confirm.email',
name=login.current_user.forenames,
confirmurl=flask.url_for('front.confirm_email',
user_id=login.current_user.object_id,
secret_key=login.current_user.secret_key,
_external=True))
flask.flash(('You must confirm your new email address to make '
'sure that we can contact you if necessary. Please '
'check your email for further instructions.'), 'info')
DB.session.commit()
APP.log_manager.log_event('Updated email address',
user=login.current_user)
else:
flask.flash('Your email has not been changed.', 'info')
return flask.redirect(flask.request.referrer
or flask.url_for('dashboard.profile'))
def reset_password(user_id, secret_key):
"""Complete the password reset process.
To reset their password, the user is sent an email with a link to this view.
Upon clicking it, they are presented with a form to define a new password,
which is saved when the form is submitted (to this view)
"""
user = models.User.query.get_or_404(user_id)
if user is None or user.secret_key != secret_key:
if user is not None:
user.secret_key = None
user.secret_key_expiry = None
DB.session.commit()
flask.flash('Could not complete password reset. Please try again',
'error')
return flask.redirect(flask.url_for('shop.home'))
if flask.request.method == 'POST':
if flask.request.form['password'] != flask.request.form['confirm']:
user.secret_key = util.generate_key(64)
user.secret_key_expiry = (datetime.datetime.utcnow() +
datetime.timedelta(minutes=5))
DB.session.commit()
flask.flash('Passwords do not match, please try again', 'warning')
return flask.redirect(
flask.url_for('shop.reset_password',
user_id=user.object_id,
secret_key=user.secret_key))
else:
user.set_password(flask.request.form['password'])
user.secret_key = None
user.secret_key_expiry = None
DB.session.commit()
APP.log_manager.log_event('Completed password reset', user=user)
flask.flash('Your password has been reset, please log in.',
'success')
return flask.redirect(flask.url_for('shop.home'))
else:
return flask.render_template('front/reset_password.html',
user_id=user_id,
secret_key=secret_key)
def email_confirm():
"""Retry email confirmation.
If the user somehow manages to lose the email confirmation message, they can
use this view to have it resent.
"""
if flask.request.method == 'POST':
user = models.User.get_by_email(flask.request.form['email'])
if not user:
APP.log_manager.log_event('Attempted email confirm for {0}'.format(
flask.request.form['email']))
APP.email_manager.send_template(flask.request.form['email'],
'Attempted Account Access',
'email_confirm_fail.email')
else:
user.secret_key = util.generate_key(64)
user.secret_key_expiry = None
DB.session.commit()
APP.log_manager.log_event('Requested email confirm', user=user)
APP.email_manager.send_template(
flask.request.form['email'],
'Confirm your Email Address',
'email_confirm.email',
name=user.forenames,
confirmurl=flask.url_for('shop.confirm_email',
user_id=user.object_id,
secret_key=user.secret_key,
_external=True),
destroyurl=flask.url_for('shop.destroy_account',
user_id=user.object_id,
secret_key=user.secret_key,
_external=True))
flask.flash(
('An email has been sent to {0} with detailing what to do '
'next. Please check your email (including your spam folder) '
'and follow the instructions given').format(
flask.request.form['email']), 'info')
return flask.redirect(flask.url_for('shop.home'))
else:
return flask.render_template('front/email_confirm.html')
def password_reset():
"""Display a form to start the password reset process.
User enters their email, and is sent an email containing a link with a
random key to validate their identity.
"""
if flask.request.method == 'POST':
user = models.User.get_by_email(flask.request.form['email'])
if not user:
APP.log_manager.log_event(
'Attempted password reset for {0}'.format(
flask.request.form['email']))
APP.email_manager.send_template(flask.request.form['email'],
'Attempted Account Access',
'password_reset_fail.email')
else:
user.secret_key = util.generate_key(64)
user.secret_key_expiry = (datetime.datetime.utcnow() +
datetime.timedelta(minutes=30))
DB.session.commit()
APP.log_manager.log_event('Started password reset', user=user)
APP.email_manager.send_template(flask.request.form['email'],
'Confirm Password Reset',
'password_reset_confirm.email',
name=user.forenames,
confirmurl=flask.url_for(
'shop.reset_password',
user_id=user.object_id,
secret_key=user.secret_key,
_external=True))
flask.flash(
('An email has been sent to {0} with detailing what to do '
'next. Please check your email (including your spam folder) '
'and follow the instructions given').format(
flask.request.form['email']), 'info')
return flask.redirect(flask.url_for('shop.home'))
else:
return flask.render_template('front/password_reset.html')
def __init__(self, email, password, forenames, surname, phone, college,
affiliation, photo):
self.email = email
self.forenames = forenames
self.surname = surname
self.phone = phone
self.college = college
self.affiliation = affiliation
self.photo = photo
self.set_password(password)
self.secret_key = util.generate_key(64)
self.verified = False
self.deleted = False
self.role = 'User'
if affiliation.name == 'None':
self.affiliation_verified = True
else:
self.affiliation_verified = False
def generate_barcodes(send_only_new):
"""Given a ticket, generate a 20 character long unique ID for each ticket.
This will then be used in the QR code that we generate.
This returns the tickets that will then be used by 'send_claim_codes'.
"""
# Get all the tickets that need to have barcodes added to them
tickets = []
if send_only_new:
tickets = models.Ticket.query.filter(
# We have not sent them an email yet (it has not been "claimed")
models.Ticket.barcode == None,
# # Ticket has a holder
# models.Ticket.holder_id != None,
# The ticket is paid for.
models.Ticket.paid,
# The ticket has not been cancelled.
models.Ticket.cancelled == False).all()
else:
tickets = models.Ticket.query.filter(
# # Ticket has a holder
# models.Ticket.holder_id != None,
# The ticket is paid for.
models.Ticket.paid,
# The ticket has not been cancelled.
models.Ticket.cancelled == False).all()
for ticket in tickets:
if not ticket.barcode: # Need to generate a bar code
# Generate a unique key for this ticket.
key = util.generate_key(20).decode('utf-8')
# and add it
ticket.barcode = key
DB.session.commit()
# Return the tickets
return tickets
def member_password_create(user):
"""
as above, but jsut sends the reset password email
"""
if not user:
APP.log_manager.log_event('Attempted password reset for {0}'.format(
flask.request.form['email']))
APP.email_manager.send_template(flask.request.form['email'],
'Attempted Account Access',
'password_reset_fail.email')
else:
user.secret_key = util.generate_key(64)
user.secret_key_expiry = (datetime.datetime.utcnow() +
datetime.timedelta(minutes=4320)
) #expires in 3 days
DB.session.add(user)
DB.session.commit()
# APP.log_manager.log_event(
# 'Started password creation',
# user=user
# )
APP.email_manager.send_template(
user.email,
'Confirm Password Reset',
'create_user_password.email',
name=user.forenames,
confirmurl="{}resetpassword/{}/{}".format(
app.APP.config['FLASKSHOP_URL'], user.object_id,
user.secret_key))
return True
def generate_barcode(self):
# generate barcode
key = util.generate_key(20).decode('utf-8')
self.barcode = key