コード例 #1
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def change_password():
    """
    Changes a password.

    Associated template: change-password.html
    Associated form: PasswordChangeForm
    """
    form = PasswordChangeForm()

    if request.method == 'GET':
        return render_template('change-password.html', form=form)
    else:
        if form.validate_on_submit():

            # Set the new password
            current_user.password = bcrypt.hashpw(
                form.password.data,
                bcrypt.gensalt())

            # Save the user and log them in.
            db.session.commit()

            # Flash a message and redirect the user to the settings page
            flash('Your password has been successfully changed!', 'success')
            return redirect(url_for('remedy.settings'))

        else:
            flash_errors(form)
            return render_template('change-password.html', form=form), 400
コード例 #2
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def sign_up():
    """
    Handles user signup.

    Associated template: create-account.html
    Associated form: SignUpForm
    """
    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # Get active populations and set up the form
    population_choices = active_populations()
    form = SignUpForm(request.form,
                      group_active_populations(population_choices))

    if request.method == 'GET':
        return render_template('create-account.html', form=form)
    else:

        if form.validate_on_submit():
            # Create the user.
            u = User(form.username.data, form.email.data, form.password.data)

            # If we have a display name, use that - otherwise,
            # default to the username.
            if form.display_name.data and not form.display_name.data.isspace():
                u.display_name = form.display_name.data
            else:
                u.display_name = form.username.data

            # Set up populations
            pop_ids = set(form.populations.data)

            for new_pop_id in pop_ids:
                # Find it in our population choices and add it in
                new_pop = next(
                    (p for p in population_choices if p.id == new_pop_id),
                    None)

                if new_pop:
                    u.populations.append(new_pop)

            # Generate an activation code
            u.email_code = str(uuid4())
            u.email_activated = False

            # Save the user and send a confirmation email.
            db.session.add(u)
            db.session.commit()

            send_confirm_account(u)

            # Display the success page
            return render_template('create-account-success.html')

        else:
            flash_errors(form)
            return render_template('create-account.html', form=form), 400
コード例 #3
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def change_password():
    """
    Changes a password.

    Associated template: change-password.html
    Associated form: PasswordChangeForm
    """
    form = PasswordChangeForm()

    if request.method == 'GET':
        return render_template('change-password.html', form=form)
    else:
        if form.validate_on_submit():

            # Set the new password
            current_user.password = bcrypt.hashpw(form.password.data,
                                                  bcrypt.gensalt())

            # Save the user and log them in.
            db.session.commit()

            # Flash a message and redirect the user to the settings page
            flash('Your password has been successfully changed!', 'success')
            return redirect(url_for('remedy.settings'))

        else:
            flash_errors(form)
            return render_template('change-password.html', form=form), 400
コード例 #4
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def request_password_reset():
    """
    Requests a password reset.

    Associated template: request-password-reset.html
    Associated form: RequestPasswordResetForm
    """
    form = RequestPasswordResetForm()

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    if request.method == 'GET':
        return render_template('request-password-reset.html', form=form)
    else:
        if form.validate_on_submit():

            # Look up the user.
            user = User.query.filter_by(email=form.email.data).first()

            # Make sure the user exists.
            if user is not None:

                # Make sure the user's email has been activated.
                if user.email_activated == False:
                    flash(
                        'You must first activate your account. ' +
                        'Check your email for the confirmation link.',
                        'warning')
                    return login_redirect(), 401

                # Generate a code and update the reset date.
                user.email_code = str(uuid4())
                user.reset_pass_date = datetime.utcnow()

                # Save the user and send a confirmation email.
                db.session.commit()
                send_password_reset(user)

            # Flash a message and redirect the user to the login page
            # Note: This is outside of the user check so that people can't
            # abuse this system -
            # it'll always indicate successful even if there isn't
            # already an account.
            flash(
                'Your password reset was successfully requested. ' +
                'Check your email for the link.',
                'success')
            return login_redirect()

        else:
            flash_errors(form)
            return render_template(
                'request-password-reset.html',
                form=form), 400
コード例 #5
0
ファイル: user_auth.py プロジェクト: smitzter/radremedy
def sign_up():
    """
    Handles user signup.

    Associated template: create-account.html
    Associated form: SignUpForm
    """
    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # Get active populations and set up the form
    population_choices = active_populations()
    form = SignUpForm(request.form, group_active_populations(population_choices))

    if request.method == 'GET':
        return render_template('create-account.html', form=form)
    else:

        if form.validate_on_submit():
            # Create the user.
            u = User(form.username.data, form.email.data, form.password.data)

            # If we have a display name, use that - otherwise,
            # default to the username.
            if form.display_name.data and not form.display_name.data.isspace():
                u.display_name = form.display_name.data
            else:
                u.display_name = form.username.data

            # Set up populations
            pop_ids = set(form.populations.data)

            for new_pop_id in pop_ids:
                # Find it in our population choices and add it in
                new_pop = next((p for p in population_choices if p.id == new_pop_id), None)
                if new_pop:
                    u.populations.append(new_pop)

            # Generate an activation code
            u.email_code = str(uuid4())
            u.email_activated = False

            # Save the user and send a confirmation email.
            db.session.add(u)
            db.session.commit()

            send_confirm_account(u)

            # Display the success page
            return render_template('create-account-success.html')

        else:
            flash_errors(form)
            return render_template('create-account.html', form=form), 400
コード例 #6
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def request_password_reset():
    """
    Requests a password reset.

    Associated template: request-password-reset.html
    Associated form: RequestPasswordResetForm
    """
    form = RequestPasswordResetForm()

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    if request.method == 'GET':
        return render_template('request-password-reset.html', form=form)
    else:
        if form.validate_on_submit():

            # Look up the user.
            user = User.query.filter_by(email=form.email.data).first()

            # Make sure the user exists.
            if user is not None:

                # Make sure the user's email has been activated.
                if user.email_activated == False:
                    flash(
                        'You must first activate your account. ' +
                        'Check your email for the confirmation link.',
                        'warning')
                    return login_redirect(), 401

                # Generate a code and update the reset date.
                user.email_code = str(uuid4())
                user.reset_pass_date = datetime.utcnow()

                # Save the user and send a confirmation email.
                db.session.commit()
                send_password_reset(user)

            # Flash a message and redirect the user to the login page
            # Note: This is outside of the user check so that people can't
            # abuse this system -
            # it'll always indicate successful even if there isn't
            # already an account.
            flash(
                'Your password reset was successfully requested. ' +
                'Check your email for the link.', 'success')
            return login_redirect()

        else:
            flash_errors(form)
            return render_template('request-password-reset.html',
                                   form=form), 400
コード例 #7
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def reset_password(code):
    """
    Resets a password.

    Associated template: password-reset.html
    Associated form: PasswordResetForm

    Args:
        code: The activation code, sent through email.
    """
    form = PasswordResetForm()

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # Normalize our code
    code = code.strip().lower()

    if not code:
        flash('A password reset code was not provided.', 'error')
        return login_redirect()

    # Find the user based on the code and if they're already activated
    reset_user = db.session.query(User). \
        filter(User.email_code == code). \
        filter(User.email_activated == True). \
        first()

    # Make sure we have a user.
    if reset_user is None:
        flash('The provided reset code is invalid.', 'error')
        return login_redirect()

    # Only allow codes to be used for 48 hours
    min_reset_date = datetime.utcnow() - timedelta(days=2)

    if reset_user.reset_pass_date is None or \
            reset_user.reset_pass_date < min_reset_date:
        flash(
            'The reset code is invalid or has expired.\n' +
            'You must request a new code.',
            'error')

        return redirect(url_for('auth.request_password_reset'))

    if request.method == 'GET':
        return render_template('password-reset.html', form=form, code=code)
    else:
        if form.validate_on_submit():

            # Set the new password
            reset_user.password = bcrypt.hashpw(
                form.password.data,
                bcrypt.gensalt())

            # Clear the email code and reset date
            reset_user.email_code = None
            reset_user.reset_pass_date = None

            # Save the user and log them in.
            db.session.commit()
            login_success(reset_user)

            # Flash a message and redirect the user to the index
            flash('Your password has been successfully reset!', 'success')
            return index_redirect()

        else:
            flash_errors(form)
            return render_template(
                'password-reset.html',
                form=form,
                code=code), 400
コード例 #8
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def sign_in():
    """
    Handles user sign-in.

    Associated template: login.html
    Associated form: LoginForm
    Also adds a "next" template variable.
    """
    form = LoginForm(request.form)

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # See if we have a "next" argument provided.
    # The Flask-Login docs reference a (nonexistent)
    # next_is_valid function, which is application-specific.
    # However, since we're being sensible about CSRF/not having
    # GETs actually modify the state of the application,
    # I think we can assume this will be fine.
    next = request.args.get('next')

    if request.method == 'GET':
        return render_template('login.html', form=form, next=next)
    else:
        if form.validate_on_submit():

            # Look up the user
            user = User.query.filter_by(username=form.username.data).first()

            # Make sure the user exists and the password is correct.
            # We use different branches for the purposes of logging
            # the appropriate reason for the failed login.
            if user is None:
                return login_failure(
                    "Invalid username or password.",
                    "No User",
                    form)

            if not user.verify_password(form.password.data):
                return login_failure(
                    "Invalid username or password.",
                    "Bad Password",
                    form)

            # Lock out inactive users.
            if not user.active:
                return login_failure(
                    "Your account is currently inactive.",
                    "Deactivated",
                    form)

            # Lock out users who haven't confirmed their account.
            if not user.email_activated:
                return login_failure(
                    "Your account must first be confirmed. " +
                    "Please check your email (" + user.email +
                    ") for the confirmation link.",
                    "Not Confirmed",
                    form)

            # We're good.
            login_success(user)

            # Redirect to either the value specified by "next"
            # or the main index page
            return redirect(next or url_for('remedy.index'))

        else:
            flash_errors(form)
            return render_template(
                'login.html',
                form=form,
                next=next), 400
コード例 #9
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def reset_password(code):
    """
    Resets a password.

    Associated template: password-reset.html
    Associated form: PasswordResetForm

    Args:
        code: The activation code, sent through email.
    """
    form = PasswordResetForm()

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # Normalize our code
    code = code.strip().lower()

    if not code:
        flash('A password reset code was not provided.', 'error')
        return login_redirect()

    # Find the user based on the code and if they're already activated
    reset_user = db.session.query(User). \
        filter(User.email_code == code). \
        filter(User.email_activated == True). \
        first()

    # Make sure we have a user.
    if reset_user is None:
        flash('The provided reset code is invalid.', 'error')
        return login_redirect()

    # Only allow codes to be used for 48 hours
    min_reset_date = datetime.utcnow() - timedelta(days=2)

    if reset_user.reset_pass_date is None or \
            reset_user.reset_pass_date < min_reset_date:
        flash(
            'The reset code is invalid or has expired.\n' +
            'You must request a new code.', 'error')

        return redirect(url_for('auth.request_password_reset'))

    if request.method == 'GET':
        return render_template('password-reset.html', form=form, code=code)
    else:
        if form.validate_on_submit():

            # Set the new password
            reset_user.password = bcrypt.hashpw(form.password.data,
                                                bcrypt.gensalt())

            # Clear the email code and reset date
            reset_user.email_code = None
            reset_user.reset_pass_date = None

            # Save the user and log them in.
            db.session.commit()
            login_success(reset_user)

            # Flash a message and redirect the user to the index
            flash('Your password has been successfully reset!', 'success')
            return index_redirect()

        else:
            flash_errors(form)
            return render_template('password-reset.html', form=form,
                                   code=code), 400
コード例 #10
0
ファイル: user_auth.py プロジェクト: radioprotector/radremedy
def sign_in():
    """
    Handles user sign-in.

    Associated template: login.html
    Associated form: LoginForm
    Also adds a "next" template variable.
    """
    form = LoginForm(request.form)

    # Kick the current user back to the index
    # if they're already logged in
    if current_user.is_authenticated:
        return index_redirect()

    # See if we have a "next" argument provided.
    # The Flask-Login docs reference a (nonexistent)
    # next_is_valid function, which is application-specific.
    # However, since we're being sensible about CSRF/not having
    # GETs actually modify the state of the application,
    # I think we can assume this will be fine.
    next = request.args.get('next')

    if request.method == 'GET':
        return render_template('login.html', form=form, next=next)
    else:
        if form.validate_on_submit():

            # Look up the user
            user = User.query.filter_by(username=form.username.data).first()

            # Make sure the user exists and the password is correct.
            # We use different branches for the purposes of logging
            # the appropriate reason for the failed login.
            if user is None:
                return login_failure("Invalid username or password.",
                                     "No User", form)

            if not user.verify_password(form.password.data):
                return login_failure("Invalid username or password.",
                                     "Bad Password", form)

            # Lock out inactive users.
            if not user.active:
                return login_failure("Your account is currently inactive.",
                                     "Deactivated", form)

            # Lock out users who haven't confirmed their account.
            if not user.email_activated:
                return login_failure(
                    "Your account must first be confirmed. " +
                    "Please check your email (" + user.email +
                    ") for the confirmation link.", "Not Confirmed", form)

            # We're good.
            login_success(user)

            # Redirect to either the value specified by "next"
            # or the main index page
            return redirect(next or url_for('remedy.index'))

        else:
            flash_errors(form)
            return render_template('login.html', form=form, next=next), 400