def new_password(request):
"""Create a new password for a user."""
try:
token = request.GET["token"]
except KeyError:
return redirect(reverse("zds.pages.views.home"))
token = get_object_or_404(TokenForgotPassword, token=token)
if request.method == "POST":
form = NewPasswordForm(token.user.username, request.POST)
if form.is_valid():
data = form.data
password = data["password"]
# User can't confirm his request if it is too late.
if datetime.now() > token.date_end:
return render_template("member/new_password/failed.html")
token.user.set_password(password)
token.user.save()
token.delete()
return render_template("member/new_password/success.html")
else:
return render_template("member/new_password.html", {"form": form})
form = NewPasswordForm(identifier=token.user.username)
return render_template("member/new_password/index.html", {"form": form})
def new_password(request):
"""Create a new password for a user."""
try:
token = request.GET["token"]
except KeyError:
return redirect(reverse("zds.pages.views.home"))
token = get_object_or_404(TokenForgotPassword, token=token)
if request.method == "POST":
form = NewPasswordForm(token.user.username, request.POST)
if form.is_valid():
data = form.data
password = data["password"]
# User can't confirm his request if it is too late.
if datetime.now() > token.date_end:
return render_template("member/new_password/failed.html")
token.user.set_password(password)
token.user.save()
token.delete()
return render_template("member/new_password/success.html")
else:
return render_template("member/new_password.html", {"form": form})
form = NewPasswordForm(identifier=token.user.username)
return render_template("member/new_password/index.html", {"form": form})
def ResetPasswordConfirmation(token):
user = User.verify_reset_password_token(
token) # This statement returns the id inside the token in the url.
if not user:
flash('Sorry, your verification token expired!', category='danger')
return redirect(url_for('ResetPasswordFail'))
form = NewPasswordForm()
if form.validate_on_submit():
salt = bcrypt.gensalt()
password = bcrypt.hashpw(form.password.data.encode(),
salt) # Hashing the new password
conn = cs.get_conn()
cursor = conn.cursor()
cursor.execute(
f"update chess.users set password = '******' where username = '******';"
)
conn.commit()
flash('Your password was successfully changed!', category='info')
return redirect(url_for('Reset_Password_Confirmation_Response'))
return render_template("ResetPasswordConfirmation.html", form=form)
def new_password(self):
"""Show form and send reset password instructions."""
form = NewPasswordForm()
if form.validate_on_submit():
user = self.user_query().filter_by(email=form.email.data).first()
if user:
# generate and save reset token
user.reset_password_token = self.generate_token()
self.user_query().session.commit()
# send password reset instructions
try:
self.send_reset_passwort_instructions(user)
except Exception as e:
self.logger.error(
"Could not send reset password instructions to "
"user '%s':\n%s" % (user.email, e))
flash("Failed to send reset password instructions")
return render_template('new_password.html',
title='Forgot your password?',
form=form)
# NOTE: show message anyway even if email not found
flash(
"You will receive an email with instructions on how to reset "
"your password in a few minutes.")
return redirect(url_for('login'))
return render_template('new_password.html',
title='Forgot your password?',
form=form)
def change_password():
"""Update password for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get_or_404(g.user.id)
form = NewPasswordForm()
if form.validate_on_submit():
"""handles password submission"""
password = User.authenticate(user.username, form.cur_password.data)
if password:
if form.new_password.data != form.conf_password.data:
form.conf_password.errors.append("Passwords do not match")
return render_template("users/change_password.html", form=form)
"""changes the password"""
User.change_password(user.username, form.new_password.data)
db.session.commit()
flash("Password Changed", "success")
return redirect(f"/users/{user.id}")
else:
"""shows for invalid password"""
flash("Invalid Password", "danger")
return redirect("/users/change_password")
else:
return render_template("users/change_password.html",
user=user,
form=form)
def do_reset_password( user_id, password_reset_token):
user = User.objects( password_reset_token=password_reset_token).first()
if( not user):
flash( "Invalid request parameters. Please try resetting again.", "error")
return redirect( "/accounts/password/reset")
if request.method == "POST":
form = NewPasswordForm( request.form)
if( form.validate()):
user.set_password( form.password1.data)
login_user( user)
flash( "Your password was changed successfully.", "success")
return redirect( "/")
form = NewPasswordForm()
return render_template( "auth/new_password.html", **locals())
def reset_password(request, key):
profile = RegistrationProfile.objects\
.get_user(key,
only_activated=False)
user = profile.user
if request.method == "POST":
form = NewPasswordForm(request.POST, request.FILES)
if form.is_valid():
user = authenticate(username=user.email)
login(request, user)
user.set_password(form.cleaned_data['password1'])
user.save()
return redirect(reverse('home'))
else:
form = NewPasswordForm()
return locals()
def new_password():
error = ''
token = request.args.get('token', None)
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
if not user:
flash('Invalid or expired password reset token.')
return redirect(url_for('index'))
form = NewPasswordForm()
if form.validate_on_submit():
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
user.password=md5.md5(form.password.data).hexdigest()
user.password_reset_token=''
db.session.commit()
flash('Password has been changed.')
return redirect(url_for('login'))
return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password():
error = ''
token = request.args.get('token', None)
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
if not user:
flash('Invalid or expired password reset token.')
return redirect(url_for('index'))
form = NewPasswordForm()
if form.validate_on_submit():
chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
salt = ''.join(random.choice(chars) for x in range(5))
password = '******'+salt+'$'+hashlib.sha1(salt + form.password.data).hexdigest()
user = UserAccount.query.filter(and_(UserAccount.password_reset_token==token, now()<UserAccount.password_reset_expiration)).first()
user.password=password
user.password_reset_token=None
db.session.commit()
flash('Password has been changed.')
return redirect(url_for('login'))
return render_template('new_password.html', form=form, error=error, help_email=ADMINS[0], navigation=return_navigation(), site_data=site_data())
def new_password(self):
"""Show form and send reset password instructions."""
form = NewPasswordForm(meta=wft_locales())
if form.validate_on_submit():
# create session for ConfigDB
db_session = self.db_session()
user = self.find_user(db_session, email=form.email.data)
if user:
# generate and save reset token
user.reset_password_token = self.generate_token()
db_session.commit()
# send password reset instructions
try:
self.send_reset_passwort_instructions(user)
except Exception as e:
self.logger.error(
"Could not send reset password instructions to "
"user '%s':\n%s" % (user.email, e)
)
flash(i18n.t("auth.reset_mail_failed"))
return self.response(
render_template(
'new_password.html', form=form, i18n=i18n,
title=i18n.t("auth.new_password_page_title")
),
db_session
)
# NOTE: show message anyway even if email not found
flash(i18n.t("auth.reset_message"))
return self.response(
redirect(url_for('login')),
db_session
)
return render_template(
'new_password.html', form=form, i18n=i18n,
title=i18n.t("auth.new_password_page_title")
)
