def users(): if request.method == 'GET': try: query = json.loads(request.args.get("query", "")) sort = json.loads(request.args.get("sort", "[]")) except Exception as e: return failure(repr(e)) # remove password projection = {"password": False} return success( id_clear( db.users.find(filter=query, projection=projection, sort=sort))) elif request.method == 'POST': request_json = request.get_json(force=True) try: assert (get_email_from_token( request_json['token']) == request_json['email']) except Exception as e: return failure("Permission Denied") user = User.create(db, id_generate, request_json['username'], request_json['email'], request_json['password']) if isinstance(user, str): return failure(user) login_user(user) return success(user.dump())
def regiester_page(): try: token = request.args.get("token") email = get_email_from_token(token) if email == False: return render_template("error.html", message="没有权限") if not token_verify(db, token): return render_template("error.html", message="网址已过期") except Exception: return render_template("error.html", message="没有权限") return render_template("register.html", email=email, token=token)
def password_resetter_page(): try: token = request.args.get("token") email = get_email_from_token(token) user = User.load_from_email(db, email) if email == False: return render_template("error.html", message="没有权限") if not token_verify(db, token): return render_template("error.html", message="网址已过期") except Exception: return render_template("error.html", message="没有权限") return render_template("password_resetter.html", token=token, user_id=user.user_id)
def confirm_page(): try: token = request.args.get("token") email = get_email_from_token(token) if email == False or current_user.user_id == -1: return render_template("error.html", message="没有权限") if not token_verify(db, token): return render_template("error.html", message="网址已过期") except Exception: return render_template("error.html", message="没有权限") current_user.update("email", email) return render_template("user_setting.html", target_user=current_user, updated=True)
def user_email_password_resetter(user_id): request_json = request.get_json(force=True) try: token = request_json["token"] email = get_email_from_token(token) user = User.load_from_email(db, email) if email == False: return failure("Permission denied") except Exception: return failure("Permission denied") user.update('password', request_json['password']) login_user(user) return success("")