def submit_login():
"""
attempt to log in
@return: requested page or home page
"""
if request.form['submit'] == "Login":
login_form = EmailPasswordForm(request.form)
if login_form.validate_on_submit():
registered_user = User.get(login_form.login_email.data)
if registered_user is None or registered_user.password is None:
flash('Username is invalid', 'error')
return render_template('login.html',
loginform=login_form,
forgotpw=ForgotPasswordForm())
if not registered_user.check_password(login_form.password.data):
flash('Password is invalid', 'error')
return render_template('login.html',
loginform=login_form,
forgotpw=ForgotPasswordForm())
login_user(registered_user)
return redirect(request.args.get('next') or url_for('index'))
else:
return render_template('login.html',
loginform=login_form,
forgotpw=ForgotPasswordForm())
def forgot(request):
"""Sends a password reset link to a user's validated email address. If
the email address isn't validated, do nothing (?)
"""
# This doesn't make sense if the user is logged in
if not request.user.is_anonymous():
return HttpResponseRedirect('/')
if request.method == 'POST':
User = get_user_model()
form = ForgotPasswordForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
try:
user = User.objects.get(email=email,
userdata__email_verified=True)
if getattr(user, 'social_auth', None) and user.social_auth.exists():
send_social_auth_provider_login_email(request, user)
else:
send_password_reset_email(request, user)
except User.DoesNotExist:
pass
return render(request, 'accounts/forgot/wait_for_email.html')
else:
form = ForgotPasswordForm()
c = {
'form': form,
}
return render(request, 'accounts/forgot/forgot.html', c)
def forgot_password():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
# generating a random token to send to the user email
user_email = form.email.data
try:
print("here")
user = User.query.filter_by(email=user_email).one()
verification_code = verification_code = ''.join([ random.choice(
string.ascii_uppercase +
string.ascii_lowercase +
string.digits) for _ in range(1,48) ])
msg = Message('MSTS Password Reset',
sender="*****@*****.**",
recipients=[user_email],
)
msg.html = render_template('users/forgot_password_email.html',verification_code = verification_code)
try:
mail.send(msg)
except socket.error as e:
print("Message not successfully sent")
except MultipleResultsFound as e:
pass
except NoResultFound as e:
pass
flash("If this email address has a registered account, we have sent an email with instructions on how to recover your account.","alert-success")
print(form.errors)
return render_template('users/forgot_password.html',form=form)
def forgotPassword():
form = ForgotPasswordForm()
if form.validate_on_submit():
connection = sqlite3.connect('data/site.db')
cur = connection.cursor()
for row in cur.execute("SELECT username, password from user_data"):
if form.username.data == row[0]:
flash(
"A new password has been sent to your email so you can reset your password !"
)
resetPassword = generateRandomPassword()
salt = bcrypt.gensalt()
newResetPassword = bcrypt.hashpw(resetPassword.encode(), salt)
username = form.username.data
cur.execute("Update user_data set password=? where username=?",
(newResetPassword, username))
connection.commit()
cur.close()
msg = Message('Forgot Password from Jean-Francois Website',
recipients=[form.username.data])
msg.body = "Your password has been reset. Your new password is now : " + resetPassword + "\nYou can change your password with it."
mail.send(msg)
return redirect('/login')
flash("There is no account associated with that email. ")
return redirect('/forgotPassword')
return render_template('forgotPassword.html', form=form)
def reset_password(request):
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
data = {'message': str(), 'error': str()}
if form.is_valid():
user = User.objects.filter(email=request.POST['email'])
data['form'] = ForgotPasswordForm()
if len(user) > 0:
user = user[0]
user.set_password(request.POST['password'])
user.save()
auth_user = authenticate(identification=request.POST['email'],
password=request.POST['password'])
if auth_user is not None:
login(request, auth_user)
return redirect('home')
else:
data['error'] = 'Invalid login'
else:
data['error'] = 'Invalid user.'
else:
data['error'] = 'Passwords must match.'
if data['error'] == str():
del data['error']
if data['message'] == str():
del data['message']
return render(request, 'forgot_password.jade', data)
return render(request, 'forgot_password.jade', dict())
def post(self):
data = ImmutableMultiDict(request.json)
forgot_password_form = ForgotPasswordForm(data, csrf_enabled=False)
if forgot_password_form.validate():
instance = User.query.filter(User.email == data['email']).first()
forgot_password_form.send_mail(instance)
return {"status": "success"}
return forgot_password_form.errors
def forgot():
form = ForgotPasswordForm(request.form)
if request.method == "POST" and form.validate():
s = Signer(app.config['SECRET_KEY'])
token = s.sign(request.form['email'])
send_password_reset(form.get_user(), token)
return redirect('/forgot_confirmation')
return render_template("forgot.html", form=form)
def forgot_password(request):
"""If the user forgot his password, he can have a new one."""
if request.method == "POST":
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.data
username = data["username"]
usr = get_object_or_404(User, username=username)
# Generate a valid token during one hour.
uuid_token = str(uuid.uuid4())
date_end = datetime.now() + timedelta(
days=0, hours=1, minutes=0, seconds=0)
token = TokenForgotPassword(user=usr,
token=uuid_token,
date_end=date_end)
token.save()
# send email
subject = _(u"{} - Mot de passe oublié").format(
settings.ZDS_APP['site']['abbr'])
from_email = "{} <{}>".format(
settings.ZDS_APP['site']['litteral_name'],
settings.ZDS_APP['site']['email_noreply'])
message_html = get_template(
"email/forgot_password/confirm.html").render(
Context({
"username":
usr.username,
"url":
settings.ZDS_APP['site']['url'] +
token.get_absolute_url()
}))
message_txt = get_template(
"email/forgot_password/confirm.txt").render(
Context({
"username":
usr.username,
"url":
settings.ZDS_APP['site']['url'] +
token.get_absolute_url()
}))
msg = EmailMultiAlternatives(subject, message_txt, from_email,
[usr.email])
msg.attach_alternative(message_html, "text/html")
msg.send()
return render_template("member/forgot_password/success.html")
else:
return render_template("member/forgot_password/index.html",
{"form": form})
form = ForgotPasswordForm()
return render_template("member/forgot_password/index.html", {"form": form})
def forgot():
form = ForgotPasswordForm(request.form)
if request.method == "POST" and form.validate():
s = Signer(app.config['SECRET_KEY'])
token = s.sign(request.form['email'])
send_password_reset(form.get_user(), token)
return redirect('/forgot_confirmation')
return render_template("forgot.html", form=form)
def forgot():
form = ForgotPasswordForm()
if form.validate_on_submit():
try:
user = User.get(User.email == form.email.data)
except User.DoesNotExist:
flash('No account with that email was found.')
return redirect(url_for('forgot'))
send_recovery_email(form.email.data)
flash('A recovery link will be sent to your email.')
return redirect(url_for('index'))
else:
return render_template('forgot.html', form=form)
def forgot_password_form():
form = ForgotPasswordForm()
if current_user.is_authenticated: # Making sure the user is not logged in.
return redirect(url_for('home'))
if form.validate_on_submit():
user = find_user(form.username.data) # Checking if the user exists.
if user:
send_password_reset_email(user)
flash(
'Check your email for the instructions to reset your password!',
'success')
return redirect(url_for('password_reset_response'))
return render_template("ForgotPassword.html", form=form)
def forgot_password(user):
if current_user.is_authenticated:
return redirect(url_for('main'))
user_object = db.session.query(relations.User).filter_by(id=user).first()
question = user_object.question
password= ""
form = ForgotPasswordForm()
if form.validate_on_submit():
if user and user_object.answer==form.answer.data:
password= user_object.password
return render_template('forgot_password.html', form=form, password=password, question=question)
flash("Invalid Answer")
return redirect(url_for('forgot_password', user=user))
return render_template('forgot_password.html', form=form, password=password, question=question)
def forgot_passwd():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
user = request.form['email']
if User.query.filter_by(email=user).first():
q = User.query.filter_by(email=user).first()
forgot_password(user, q.password)
return redirect(request.args.get("next") or url_for("login"))
else:
flash('Username not found')
return redirect(request.args.get("next") or url_for("login"))
return render_template("forgot_passwd.html",
title="Forgot Password",
form=form)
def forgot_passwd():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
user = request.form['email']
if User.query.filter_by(email=user).first():
q = User.query.filter_by(email=user).first()
forgot_password(user, q.password)
return redirect(request.args.get("next") or url_for("login"))
else:
flash('Username not found')
return redirect(request.args.get("next") or url_for("login"))
return render_template("forgot_passwd.html",
title="Forgot Password",
form=form)
def forgot_password(request):
form = ForgotPasswordForm()
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
email = form.cleaned_data['email']
et = EmailTool()
et.send([email], "your new password is:sss")
messages.add_message(
request, messages.SUCCESS,
'%s:Your password has been emailed to you!' % username)
return redirect('login')
return render_to_response('forgot_password.html', {'form': form},
context_instance=RequestContext(request))
def forgot_password():
form = ForgotPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
serialized_token = get_serialized_token(user, 'reset')
send_reset_password_email(user, serialized_token)
flash(msgs['SEND_RESET_EMAIL'])
return redirect(url_for('.login'))
for field in form.errors:
flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error')
login_link = '<p>Remembered your password? <a href="' + url_for('.login') + '">Click here to log in.</a></p>'
return render_template('forgot_password.html', form=form, login=login_link)
def forgot():
form = ForgotPasswordForm()
if form.validate_on_submit() or request.method == 'POST':
cursor = db.cursor()
sql = """SELECT * FROM USER WHERE U_id = '%s' AND Email = '%s'""" \
% (form.user_id.data, form.email.data)
cursor.execute(sql)
result = cursor.fetchall()
cursor.close()
# ID Chcek
if len(result) is 1:
session['forgot_user'] = form.user_id.data
return redirect(url_for('reset'))
return render_template('forgot.html', form=form)
def forgot_passwd():
meta = Metaindex.query.order_by(Metaindex.id.desc()).first()
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
user = request.form['email']
if User.query.filter_by(email=user).first():
q = User.query.filter_by(email=user).first()
forgot_password(user, q.password)
return redirect(request.args.get("next") or url_for("login"))
else:
flash('Usuario no enconstrado')
return redirect(request.args.get("next") or url_for("login"))
return render_template ("forgot_passwd.html",
title="Recuperacion de contrase&ntide;a",
form=form)
def forgot_passwd():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
user = request.form['email']
if User.query.filter_by(email=user).first():
q = User.query.filter_by(email=user).first()
login_user(q)
user = g.user
# forgot_password(user, q.password)
app.logger.debug('ready to change the password')
return redirect(request.args.get("next") or url_for("new_pass"))
else:
flash('Username not found', 'error')
# return redirect(request.args.get("next") or url_for("login"))
return render_template("forgot_passwd.html",
title="Forgot Password",
form=form)
def forgot_password():
forgot_form = ForgotPasswordForm(request.form)
error = None
if request.method == 'POST':
if forgot_form.validate() and recaptcha_check(request.form["g-recaptcha-response"]):
user = User.get(email=forgot_form.email.data)
if user is not None:
if user.forgot_password():
link = url_for("common_views.change_password", user_id=user.user_id, secret=user.forgot_secret, _external=True)
current_app.logger.info(link)
mail = mail_handler.Mail(user.email, link)
mail.send()
return redirect(url_for("common_views.index"))
else:
error = "A user with this email does not exist!"
else:
error = "Please enter email address and prove you are not a robot!"
return render_template("forgot.html", forgot_form=forgot_form, error=error)
def forgot_password():
form = ForgotPasswordForm()
if form.validate_on_submit():
#MySQL Integration
cur = mysql.connection.cursor()
result = cur.execute("SELECT password FROM users WHERE email = %s", [form.email.data])
if result > 0:
newPassword = str(uuid.uuid4())
cur.execute("UPDATE users SET password = %s WHERE email = %s", (sha256_crypt.hash(str(newPassword)), form.email.data))
mysql.connection.commit()
msg = Message('Reset my codon.io password!', recipients = [form.email.data])
msg.body = "Here is your new password: "******"We sent the required information to your email adress!", msg_type_to_color["success"])
else:
cur.close()
flash("Email not found!", msg_type_to_color["error"])
return render_template("forgot_password.html", form=form)
def forgot_password():
"""Forgot password"""
form = ForgotPasswordForm()
if form.validate_on_submit():
user = User.query.get(form.email.data)
if user is None:
flash('Email does not exist')
else:
temp_password = str(uuid.uuid4())[:8]
user.password = bcrypt.generate_password_hash(temp_password)
db.session.add(user)
db.session.commit()
send_forgot_password_email(user, temp_password)
return redirect(url_for("index"))
return render_template("forgot_password.html", form=form)
def forgot_password():
form = ForgotPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
s = get_url_serializer(current_app)
token = s.dumps(user.email, salt='recovery-key')
context = {
'first_name': user.first_name,
'token': token
}
print(url_for('auth.reset', token=token, _external=True))
send_email(
recipients=[user.email],
subject='Password Reset',
template_name='password_reset',
**context
)
flash('Email with link to reset password has been sent')
return redirect(url_for('auth.login'))
return render_template('auth/forgot_password.html', form=form)
def forgotPassword(request):
messages = []
if request.method == 'POST':
forgotPasswordForm = ForgotPasswordForm(request.POST)
if forgotPasswordForm.is_valid():
try:
user= User.objects.get(username= forgotPasswordForm.cleaned_data['username'])
print user
print user.email
messages.append('user found, forgot password email to be sent')
# send_mail('Subject here', 'Here is the message.', '*****@*****.**',
# ['*****@*****.**'], fail_silently=False)
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
except User.DoesNotExist:
messages.append('user not found')
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
else:
messages.append('invalid form')
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
else:
forgotPasswordForm = ForgotPasswordForm()
return render(request, 'ForgotPassword.html', {'forgotPasswordForm':forgotPasswordForm,'messages':messages})
def forgot_password():
forgot_form = ForgotPasswordForm(request.form)
error = None
if request.method == 'POST':
if forgot_form.validate() and recaptcha_check(
request.form["g-recaptcha-response"]):
user = User.get(email=forgot_form.email.data)
if user is not None:
if user.forgot_password():
link = url_for("common_views.change_password",
user_id=user.user_id,
secret=user.forgot_secret,
_external=True)
current_app.logger.info(link)
mail = mail_handler.Mail(user.email, link)
mail.send()
return redirect(url_for("common_views.index"))
else:
error = "A user with this email does not exist!"
else:
error = "Please enter email address and prove you are not a robot!"
return render_template("forgot.html", forgot_form=forgot_form, error=error)
def reset():
"""
send reset password email to specified user email
@return: refreshed page indicating success or failure
"""
form = ForgotPasswordForm()
if form.validate_on_submit():
user = User.get(form.forgot_email.data)
subject = "Password reset requested"
token = ts.dumps(user.id, salt='recover-key')
recover_url = url_for('reset_with_token', token=token, _external=True)
html = render_template('recover.html', recover_url=recover_url)
msg = Message(subject,
sender=config.MAIL_USERNAME,
recipients=[user.id])
msg.body = html
mail.send(msg)
flash('Password reset email sent to ' + user.id)
return redirect(url_for('login'))
return render_template('login.html',
loginform=EmailPasswordForm(),
forgotpw=ForgotPasswordForm())
def forgot_password():
if current_user.is_authenticated:
return render_view(url_for('latest'),
redirect=True,
message=_('SESSIONS_MSG_ALREADY_SIGNED_IN'))
form = ForgotPasswordForm()
if form.is_submitted():
try:
if not form.validate():
raise Exception(_('ERROR_INVALID_SUBMISSION'))
if not verify_captcha():
raise Exception(_('SESSIONS_ERROR_UNFINISHED_CHALLENGE_LBL'))
email = form.email.data
user = User.find_by_email(email)
if not user:
raise Exception(_('SESSIONS_ERROR_MAIL_NOT_FOUND',
email=email))
user.generate_reset_password()
flash(_('SESSIONS_PASSWORD_RESET', email=email))
# send reset password email
send_email('reset_password', user)
return render_view(url_for('sessions.forgot_password'),
redirect=True)
except Exception as e:
flash(e.message, 'error')
return render_view('admin/sessions/forgot_password.html', form=form)
def forgot_password(request):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect(reverse('main_page'))
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s' % (_hostname(),
reverse('reset_password'),
reset_string, str(profile.id))
email_body = render_message(
'mongologin/static/emails/forgot_password.txt', locals())
send_email(email_to=user.username,
email_body=email_body,
email_subject="Reset your password")
messages.add_message(
request, messages.SUCCESS,
"An email has been sent to you with instructions on resetting your password."
)
return HttpResponseRedirect(reverse('main_page'))
else:
form = ForgotPasswordForm()
return render_to_response('forgot_password.html',
locals(),
context_instance=RequestContext(request))
def forgot_password( request ):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect( reverse('main_page') )
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s'%(
_hostname(),
reverse( 'reset_password' ),
reset_string,
str(profile.id)
)
email_body = render_message(
'mongologin/static/emails/forgot_password.txt',
locals()
)
send_email( email_to=user.username, email_body=email_body, email_subject="Reset your password" )
messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." )
return HttpResponseRedirect( reverse('main_page') )
else:
form = ForgotPasswordForm()
return render_to_response( 'forgot_password.html',
locals(),
context_instance=RequestContext(request) )
def forgot_password(request):
"""If the user forgot his password, he can have a new one."""
if request.method == "POST":
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.data
username = data["username"]
usr = get_object_or_404(User, username=username)
# Generate a valid token during one hour.
uuidToken = str(uuid.uuid4())
date_end = datetime.now() + timedelta(days=0, hours=1, minutes=0,
seconds=0)
token = TokenForgotPassword(user=usr, token=uuidToken,
date_end=date_end)
token.save()
# send email
subject = "ZDS - Mot de passe oublié"
from_email = "Zeste de Savoir <{0}>".format(settings.MAIL_NOREPLY)
message_html = get_template("email/forgot_password/confirm.html").render(Context(
{"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()}))
message_txt = get_template("email/forgot_password/confirm.txt") .render(Context(
{"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()}))
msg = EmailMultiAlternatives(subject, message_txt, from_email,
[usr.email])
msg.attach_alternative(message_html, "text/html")
msg.send()
return render_template("member/forgot_password/success.html")
else:
return render_template("member/forgot_password/index.html",
{"form": form})
form = ForgotPasswordForm()
return render_template("member/forgot_password/index.html", {"form": form})
def forgot_password(request):
FORM_TITLE = _('Password Recovery')
main = get_renderer(BASE_TEMPLATE).implementation()
localizer = get_localizer(request)
forgot_password_form = ForgotPasswordForm.get_form(localizer)
if request.method == 'POST':
if 'btn_cancel' in request.POST:
return HTTPFound(location=request.route_path('users.login'))
controls = request.POST.items()
try:
appstruct = forgot_password_form.validate(controls)
except deform.ValidationFailure, e:
return {'content':e.render(),
'main':main,
'general_stuff':{'form_title':FORM_TITLE},
'user':get_logged_user(request),
}
del(appstruct['__LOCALE__'])
try:
user = request.rel_db_session.query(users.User).filter_by(username=appstruct['username']).one()
except NoResultFound:
request.session.flash(_("Username doesn't exist."))
return {'content':forgot_password_form.render(appstruct),
'main':main,
'general_stuff':{'form_title':FORM_TITLE},
'user':get_logged_user(request),
}
account = users.AccountRecovery(user)
request.rel_db_session.add(account)
try:
request.rel_db_session.commit()
except:
request.rel_db_session.rollback()
request.session.flash(_('Problems occured when trying to redefine the user password. Please try again.'))
return {'content':forgot_password_form.render(appstruct),
'main':main,
'general_stuff':{'form_title':FORM_TITLE},
'user':get_logged_user(request),
}
else:
AccountRecoveryManager.send_recovery_mail(user, request)
request.session.flash(_('You will receive an email with instructions on how to reset your account password.'))
return HTTPFound(location=request.route_path('users.forgot_password'))
def reset_password():
form = ForgotPasswordForm()
try:
user = User.query.filter_by(email=form.email.data)[-1]
pwd = md5(str(datetime.now()) + form.email.data).hexdigest()[0:5]
user.password = sha512(pwd)
db.session.commit()
email_tp = render_template('user/mail/forgot.html',
user=user.serialize(),
new_pwd=pwd)
send_mail("Forgot Password", [user.email], email_tp)
flash(dictionary()["new_password_sent"], "success")
except:
flash(dictionary()["couldnt_find_user"], "danger")
return render_template("user/forgot_password.html", form=form)
return redirect(url_for('user.reset_password'))
def forgot_password():
form = ForgotPasswordForm()
if request.method == 'GET':
return render_template('forgot_password.html', form=form)
if request.method == 'POST':
user = User.query.filter_by(email=form.email.data).first()
if user is not None:
temppass = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(24))
user.pwdhash = generate_password_hash(temppass)
db.session.commit()
msg = Message('ArchHacks - Password Reset',
sender='*****@*****.**',
recipients=[form.email.data])
msg.body = "Your temporary ArchHacks password is: archhacksrulez."
msg.html = "<p>Your temporary ArchHacks password is: " + temppass + "</p><p>Go to <a href='http://archhacks.io/signin'>ArchHacks App Signin</a> to log in.</p>"
mail.send(msg)
return render_template('forgot_password.html', email=form.email.data)
def reset_password():
form = ForgotPasswordForm()
try:
user = User.query.filter_by(email=form.email.data)[-1]
pwd = md5(str(datetime.now()) + form.email.data).hexdigest()[0:5]
user.password = sha512(pwd)
db.session.commit()
email_tp = render_template('account/mail/forgot.html',
user=user.serialize(),
new_pwd=pwd)
send_mail("Forgot Password", [user.email], email_tp)
flash("A new password has been sent to you! Please check you inbox!",
"success")
except Exception as e:
flash("We couldnt find any user with the informed email address",
"danger")
return render_template("account/forgot_password.html", form=form)
return redirect("account/signin")
def forgot_password():
form = ForgotPasswordForm()
return render_template('user/forgot_password.html', form=form)
def forgot_password(request, forgot_key=None):
if request.method == 'POST':
user = User.objects.filter(email=request.POST['email'])
if len(user) > 0:
email = user[0].email
data = '{0}&{1}'.format(
email,
(datetime.datetime.now() +
datetime.timedelta(hours=24)).strftime('%d-%m-%Y %H:%M:%S'))
sha = hashlib.sha256()
sha.update(data)
hash_key = base64.b64encode(sha.digest())
forgot_key = obfuscate('{0}#{1}'.format(data, hash_key))
if settings.DEBUG:
message = 'http://localhost:8000/forgot_password/{0}/'.format(
forgot_key)
else:
message = 'http://www.equallo.com/forgot_password/{0}/'.format(
forgot_key)
message_html = open(
r'/home/equallo/eq/src/equ/equ/equ_common/static/files/forgot_password_email.html'
).read()
#message_html = open(r'/home/nicolas/git/equ_project/equ_project/src/equ/equ/equ_common/static/files/forgot_password_email.html').read()
message_html = message_html.replace('{{message}}', message)
message_text = 'Forgot your password?\n\nPlease click the following link to set a new one.\n\n{0}'.format(
message)
send_email = EmailMultiAlternatives('Password reset', message_text,
settings.DEFAULT_FROM_EMAIL,
[email])
send_email.attach_alternative(message_html, 'text/html')
send_email.send(fail_silently=False)
else:
request.session['message'] = 'User not found'
elif request.method == 'GET':
try:
link = deobfuscate(forgot_key)
parts = link.split('#')
sha = hashlib.sha256()
sha.update(parts[0])
hashing = base64.b64encode(sha.digest())
if hashing == parts[1]:
data = parts[0].split('&')
if datetime.datetime.strptime(
data[1],
'%d-%m-%Y %H:%M:%S') >= datetime.datetime.now():
user = User.objects.filter(email=data[0])
if len(user) > 0:
form = ForgotPasswordForm(initial={'email': data[0]})
return render(request, 'forgot_password.jade',
{'form': form})
else:
request.session[
'message'] = 'Key to reset password not valid.'
else:
request.session[
'message'] = 'Expired password recovery link.'
else:
request.session[
'message'] = 'Corrupted password recovery link.'
except Exception as e:
request.session['message'] = 'Corrupted password recovery link.'
return redirect('login')
def forgot_password(request):
"""Form for requesting a PasswordResetToken for a specified account.
Accepts email or username. Keeps for each user at most one token at a time
in the database. Also, it saves FakeTokens to obfuscate an account's existence
whilst at the same time forcing a 5 minutes gap between the sending of two
tokens for the same account."""
if request.user.is_authenticated():
return not_logged_out_routine(request)
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
identifier = form.cleaned_data['identifier']
user = None # do we need this here? -- Probably.
try:
# Form input could be an email or a username
if looks_like_email(identifier):
user = CustomUser.objects.get(email=identifier)
else:
user = CustomUser.objects.get(username=identifier)
# At this point, we do have a user object.
try:
# Between sending two tokens for the same user, a certain period should pass (--> settings)
previous_token = PasswordResetToken.objects.get(user=user)
if previous_token.blocks_new():
messages.error(request, 'You need to wait between sending two tokens for the same account.')
return redirect('accounts:forgot_password')
# Only one token per user in the database; and we are about to create a new one.
else:
previous_token.delete()
except PasswordResetToken.DoesNotExist:
# Fair enough.
pass
# Alright, create the new token and send it.
token = PasswordResetToken(user=user)
token.save()
request.session['token_value'] = token.value
# EXTEND: send email
except CustomUser.DoesNotExist:
# No such user, therefor no email or token. But we do want a FakeToken.
# See models.FakeToken or the docstring here for explanation why we do this FakeToken thing.
try:
# Clear all previous FakeTokens.
# No difference between email or username here:
previous_token = FakeToken.objects.get(user_identifier=identifier)
if previous_token.blocks_new() == True:
messages.error(request, 'You need to wait between sending two tokens for the same account.')
return redirect('accounts:forgot_password')
else:
previous_token.delete()
except FakeToken.DoesNotExist:
pass
ft = FakeToken(user_identifier=identifier)
ft.save()
request.session['token_value'] = None
# we want to tell the user whether he had stated a username or an
# email address; and we want to tell him which of both he stated
if looks_like_email(identifier):
request.session['token_email'] = identifier
request.session['token_username'] = None
else:
request.session['token_email'] = None
request.session['token_username'] = identifier
return redirect('accounts:token_sent')
else:
form = ForgotPasswordForm
return render(request, 'accounts/forgot_password.html', {
'form':form
})
def auth_login(request, template='auth/login.html', next='/'):
''' View for the main user authentication system. Display a LoginForm to
validate credentials, and optionally accept a ForgotPasswordForm to
allow users to reset their password.'''
from forms import LoginForm,ForgotPasswordForm
from atrinsic.base.models import User
form = LoginForm()
forgotform = ForgotPasswordForm()
user = None
error = None
next = request.REQUEST.get('next',next)
if request.method == "POST":
form = LoginForm(request.POST)
forgotform = ForgotPasswordForm(request.POST)
forgot_email = request.POST.get('forgot_email', None)
if forgotform.is_valid() and forgotform.cleaned_data['forgot_email'] is not None:
u = User.objects.get(email=forgotform.cleaned_data['forgot_email'])
reset_auth = uuid.uuid4()
UserPasswordReset.objects.filter(user=u).delete()
UserPasswordReset.objects.create(user=u, reset=reset_auth)
send_mail('Password Reset', """\nHello, You have requested your password be reset. To confirm your account and\n reset your password, please click on the link below:\n\n%s/accounts/reset?reset_auth=%s\n\n """ % (settings.SITE_URL, reset_auth), settings.SITE_CONTACT, [ u.email ], fail_silently=True)
return render_to_response('auth/reset.html', {}, context_instance = RequestContext(request))
elif form.is_valid():
user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password'])
if user is not None:
if user.is_active:
login(request, user)
request.session["next"] = next
if request.session.get("organization_id",None):
del request.session["organization_id"]
return HttpResponseRedirect(reverse('auth_choice'))
else:
error = "Account disabled"
else:
error = "Invalid Login"
else:
error = "Invalid Login"
if request.GET.get("newhome",None)=="1":
return render_to_response("notlogged/home.html",{
'form':form,
'error':error,
'next' : next,
'forgotform' : forgotform,
}, context_instance=RequestContext(request))
return render_to_response("auth/login2.html",{
'form':form,
'error':error,
'next' : next,
'forgotform' : forgotform,
}, context_instance=RequestContext(request))
def forgot_password():
form = ForgotPasswordForm()
return render_template("account/forgot_password.html", form=form)
def login():
""" load the login page """
return render_template('login.html',
loginform=EmailPasswordForm(),
forgotpw=ForgotPasswordForm())
def forgot_password(request):
FORGOT_PASSWORD_TEMPLATE = "core/forgot_password.html"
if request.method == "GET":
next_page = request.GET.get("next", "")
else:
next_page = ""
if request.method != "POST":
forgot_password_form = ForgotPasswordForm()
else:
forgot_password_form = ForgotPasswordForm(request.POST)
if forgot_password_form.is_valid():
username_or_email = forgot_password_form.cleaned_data["username_or_email"]
try:
if username_or_email.count("@") > 0:
username = ""
email = username_or_email
user = User.objects.get(email=username_or_email)
else:
username = username_or_email
email = ""
user = User.objects.get(username=username_or_email)
except:
# No username could be found.
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"not_found": True,
"form": forgot_password_form,
"next": next_page,
"username": username,
"email": email
})
username = user.username
email = user.email
# Username/email could be found (success).
# Reset the password.
new_random_password = UserManager().make_random_password()
user.set_password(new_random_password)
user.save()
# Load a template for the message body and render it (to a string).
email_body_template = loader.get_template("core/password_reset.html")
template_context = Context({
"first_name": user.first_name,
"last_name": user.last_name,
"username": user.username,
"password": new_random_password,
"login_url": "http://localhost:8000/login/"
})
# Email the user with the new password.
user.email_user("EpiC Account Password Reset", email_body_template.render(template_context))
# Display the page confirming to the user that their password was reset.
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"username": username,
"email": email,
"next": next_page
})
# No GET or POST data, so display the form (for the first time).
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"form": forgot_password_form,
"next": next_page
})
