def login_email_passreset(code): """ They've clicked on a password reset link. Log them in (might as well) and send them to the password reset page.""" # This will also confirm their email if they haven't. # Doesn't seem to be any harm in doing that if len(code) > 20: abort(404) uid = Users.verify_confirm_code(code) if not uid: abort(404) Users.set_confirm(uid) Users.set_confirm_code(uid, "") user = Users2.get_user(uid) session['username'] = user['uname'] session['user_id'] = uid session['user_givenname'] = user['givenname'] session['user_familyname'] = user['familyname'] session['user_fullname'] = user['fullname'] session['user_authtype'] = "local" audit(1, uid, uid, "UserAuth", "%s logged in using password reset email" % (session['username'], )) flash("Please change your password") return redirect(url_for("setup_change_pass"))
def login_email_passreset(code): """ They've clicked on a password reset link. Log them in (might as well) and send them to the password reset page.""" # This will also confirm their email if they haven't. # Doesn't seem to be any harm in doing that if len(code) > 20: abort(404) uid = Users.verify_confirm_code(code) if not uid: abort(404) Users.set_confirm(uid) Users.set_confirm_code(uid, "") user = Users2.get_user(uid) session['username'] = user['uname'] session['user_id'] = uid session['user_givenname'] = user['givenname'] session['user_familyname'] = user['familyname'] session['user_fullname'] = user['fullname'] session['user_authtype'] = "local" audit(1, uid, uid, "UserAuth", "%s logged in using password reset email" % (session['username'],)) flash("Please change your password") return redirect(url_for("setup_change_pass"))
def login_confirm(code): """ They've clicked on a confirmation link.""" if not OaConfig.open_registration: abort(404) if len(code) > 20: abort(404) uid = Users.verify_confirm_code(code) if not uid: abort(404) Users.set_confirm(uid) Users.set_confirm_code(uid, "") return render_template("login_signup_confirmed.html")
def login_forgot_pass_submit(): """ Forgot their password. Grab their username and send them a reset email. """ if "cancel" in request.form: flash("Password reset cancelled.") return redirect(url_for("login_local")) username = sanitize_username(request.form.get('username', None)) if username == "admin": flash("""The admin account cannot do an email password reset, please see the Installation instructions.""") return redirect(url_for("login_forgot_pass")) if username: user_id = Users2.uid_by_uname(username) else: user_id = None if not user_id: flash("Unknown username ") return redirect(url_for("login_forgot_pass")) user = Users2.get_user(user_id) if not user['source'] == "local": flash("Your password is not managed by OASIS, " "please contact IT Support.") return redirect(url_for("login_forgot_pass")) code = Users.gen_confirm_code() Users.set_confirm_code(user_id, code) email = user['email'] if not email: flash("We do not appear to have an email address on file for " "that account.") return redirect(url_for("login_forgot_pass")) text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code) html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code) send_email(user['email'], from_addr=None, subject="OASIS Password Reset", text_body=text_body, html_body=html_body) return render_template("login_forgot_pass_submit.html")