def change_email(): """ This view allows the user to change their their email address. It will send a token to the new address for the user to confirm they own it. The email will contain a link to confirm_email() """ form = ChangeEmailForm(request.form) if request.method == 'POST': if form.validate(): # User validates in the form # Get an authentication token token = generate_token({ 'action': 'change_email', 'uid': current_user['uid'], 'email': form.new_email.data} ) # Send a confirmation to the new email address send_mail( 'Pjuu Account Notification - Confirm Email Change', [form.new_email.data], text_body=render_template('emails/email_change.txt', token=token), html_body=render_template('emails/email_change.html', token=token) ) flash('We\'ve sent you an email, please confirm this', 'success') else: flash('Oh no! There are errors in your form', 'error') return render_template('change_email.html', form=form)
def signup(): """ """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_account(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail( 'Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token) ) flash('Yay! You\'ve signed up<br/>' 'We\'ve sent an e-mail to {}<br/>' 'Please activate your account'.format(form.email.data), 'success') return redirect(url_for('auth.signin')) flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def forgot(): """ View to allow the user to recover their password. This will send an email to the users email address so long as the account is found. It will not tell the user if the account was located or not. """ form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': uid = get_uid(form.username.data) if uid: # Only send e-mails to user which exist. token = generate_token({'action': 'reset', 'uid': uid}) send_mail( 'Pjuu Account Notification - Password Reset', [get_email(uid)], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token) ) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('signin')) return render_template('forgot.html', form=form)
def forgot(): """Allow users to get a password reset link""" form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': if form.validate(): user = get_user(get_uid(form.username.data, non_active=True)) if user is not None: # Only send e-mails to user which exist. token = generate_token({ 'action': 'reset', 'uid': user.get('_id') }) send_mail( 'Pjuu Account Notification - Password Reset', [user.get('email')], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token) ) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('auth.signin')) else: flash('Please enter a username or e-mail address', 'error') return render_template('forgot.html', form=form)
def change_email(): """ """ form = ChangeEmailForm(request.form) if request.method == 'POST': if form.validate(): # User validates in the form # Get an authentication token token = generate_token({ 'action': 'change_email', 'uid': current_user['_id'], 'email': form.new_email.data }) # Send a confirmation to the new email address send_mail('Pjuu Account Notification - Confirm Email Change', [form.new_email.data], text_body=render_template('emails/email_change.txt', token=token), html_body=render_template('emails/email_change.html', token=token)) flash('We\'ve sent you an email, please confirm this', 'success') else: flash('Oh no! There are errors in your form', 'error') return render_template('change_email.html', form=form)
def signup(): """ """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_account(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail('Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token)) flash( 'Yay! You\'ve signed up<br/>' 'We\'ve sent an e-mail to {}<br/>' 'Please activate your account'.format(form.email.data), 'success') return redirect(url_for('auth.signin')) flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def forgot(): """Allow users to get a password reset link""" form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': user = get_user(get_uid(form.username.data, non_active=True)) if user is not None: # Only send e-mails to user which exist. token = generate_token({'action': 'reset', 'uid': user.get('_id')}) send_mail('Pjuu Account Notification - Password Reset', [user.get('email')], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token)) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('auth.signin')) return render_template('forgot.html', form=form)
def signup(): """ The view a user uses to sign up for Pjuu. This will generate the activation email and send it to the new user so long as the form is correct. """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_user(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail( 'Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token) ) flash('Yay! You\'ve signed up<br/>Please check your e-mails ' 'to activate your account', 'success') return redirect(url_for('signin')) # This will fire if the form is invalid or if there is a race # condition with 2 users trying to enter the same username or password # at exactly the same time. flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def test_tokens(self): """Generate and check a few tokens, simple. """ # Test normal token operations token1 = generate_token("token1") self.assertEqual(check_token(token1), "token1") # Check that getting the token again returns nothing self.assertIsNone(check_token(token1)) # Create another token just this time check it initially with preserve token1 = generate_token("token1") self.assertEqual(check_token(token1, preserve=True), "token1") # Get it again with no preserve and check we get the correct answer self.assertEqual(check_token(token1), "token1") # Try creating a token with some Python objects token1 = generate_token({"name": "token1"}) self.assertEqual(check_token(token1).get("name"), "token1") # A token with None stored would not work as the same outcome would # happen as if there was not a token token1 = generate_token(None) # POINTLESS! self.assertIsNone(check_token(token1)) # Try and break check tokens # Check a token that I just made up, not a hex UUID self.assertIsNone(check_token("token1")) # Create a token and mangle the data inside Redis token1 = generate_token("token1") # Not a valid JSON pickle, the dict is invalid r.set(k.TOKEN.format(token1), "{token: 1}") self.assertIsNone(check_token(token1)) # That will have raised our ValueError, I don't know how to trigger a # TypeError from Redis as everything is a string # Check that preserve on works on tokens token1 = generate_token("token1") self.assertEqual(check_token(token1, preserve=True), 'token1') self.assertEqual(check_token(token1), 'token1') self.assertIsNone(check_token(token1))