def login():
if not isLoggedIn():
if request.method == "POST":
#User Login
email = request.form.get("email")
password = request.form.get("password")
if (UserModel.login(email, password)):
user = UserModel.getUserByEmail(email)
if user["isEmailVerified"]:
createSession(email)
return redirect(url_for("index"))
else:
flash("""
You didn't activate your email address. Please activate your email address.
If you didn't receive an email, <a href="/send-verification-mail/{}">click here.</a>
""".format(email))
return redirect(url_for("login"))
else:
flash("Email or password is not correct")
return redirect(url_for("login"))
else:
return render_template("intro/login.html")
else:
return redirect(url_for("index"))
def passwordReset():
if request.method == "POST":
email = request.form.get("email")
hashCodeFromUser = request.form.get("hash")
password = request.form.get("password")
confirmPassword = request.form.get("confirm-password")
if email != None and UserModel.isThereThisEmail(email):
hashCode = generatePasswordResetHashCode(email)
if hashCodeFromUser != None and password != None and confirmPassword != None:
if hashCode == hashCodeFromUser and password == confirmPassword:
#Get user id
userId = UserModel.getUserByEmail(email)["uid"]
#Update password
UserModel.updatePassword(userId, password)
flash("Your password updated succesfully. Now you can log in.", "success")
return redirect(url_for("login"))
else:
#Send password reset mail
sendMail({
"To" : email,
"Subject" : "Password Reset - devSeater",
"Body" : render_template("mail/password-reset-mail.html", SITE_ADDR = SITE_ADDR, email = email, hashCode = hashCode)
})
#Show message
flash("If you have entered your email address properly, we sent you an email. Please check your inbox.", "success")
else:
return redirect(url_for("index"))
return redirect(url_for("passwordReset"))
else:
email = request.args.get("email")
hashCode = request.args.get("hash")
return render_template("intro/password-reset.html", email = email, hashCode = hashCode)
def getUser():
if request.method == "GET":
uid = request.args.get("uid")
username = request.args.get("username")
email = request.args.get("email")
if uid != None:
user = UserModel.getUser(uid)
elif username != None:
user = UserModel.getUserByUsername(username)
elif email != None:
user = UserModel.getUserByEmail(email)
else:
return render_template("private-api/unknown-request.html")
try:
user.pop("password")
except:
print("password field cannot be popped!")
return
return json.dumps(user, cls=DateTimeEncoder)
return redirect(url_for("index"))
def generatePasswordResetHashCode(email):
user = UserModel.getUserByEmail(email)
h = hashlib.sha256()
stringToHash = user["email"] + user["password"] + user["full_name"] + user["username"]
h.update(stringToHash.encode("utf-8"))
return h.hexdigest()