def forgot_password():
form = ForgotPasswordForm(request.form)
if form.validate_on_submit():
email = form.email.data
user = User.query.filter_by(email=email).first()
if user:
token = randomString(32)
addAuditLog(AuditSeverity.USER, user, "(Anonymous) requested a password reset",
url_for("users.profile", username=user.username), None)
ver = UserEmailVerification()
ver.user = user
ver.token = token
ver.email = email
ver.is_password_reset = True
db.session.add(ver)
db.session.commit()
send_verify_email.delay(form.email.data, token)
else:
send_anon_email.delay(email, "Unable to find account", """
<p>
We were unable to perform the password reset as we could not find an account
associated with this email.
</p>
<p>
If you weren't expecting to receive this email, then you can safely ignore it.
</p>
""")
flash("Check your email address to continue the reset", "success")
return redirect(url_for("homepage.home"))
return render_template("users/forgot_password.html", form=form)
def handle_register(form):
user_by_name = User.query.filter(
or_(User.username == form.username.data,
User.username == form.display_name.data,
User.display_name == form.display_name.data,
User.forums_username == form.username.data,
User.github_username == form.username.data)).first()
if user_by_name:
if user_by_name.rank == UserRank.NOT_JOINED and user_by_name.forums_username:
flash(
"An account already exists for that username but hasn't been claimed yet.",
"danger")
return redirect(
url_for("users.claim_forums",
username=user_by_name.forums_username))
else:
flash(
"That username/display name is already in use, please choose another.",
"danger")
return
user_by_email = User.query.filter_by(email=form.email.data).first()
if user_by_email:
send_anon_email.delay(
form.email.data, "Email already in use",
"We were unable to create the account as the email is already in use by {}. Try a different email address."
.format(user_by_email.display_name))
flash("Check your email address to verify your account", "success")
return redirect(url_for("homepage.home"))
elif EmailSubscription.query.filter_by(email=form.email.data,
blacklisted=True).count() > 0:
flash(
"That email address has been unsubscribed/blacklisted, and cannot be used",
"danger")
return
user = User(form.username.data, False, form.email.data,
make_flask_login_password(form.password.data))
user.notification_preferences = UserNotificationPreferences(user)
if form.display_name.data:
user.display_name = form.display_name.data
db.session.add(user)
addAuditLog(AuditSeverity.USER, user,
"Registered with email, display name=" + user.display_name,
url_for("users.profile", username=user.username))
token = randomString(32)
ver = UserEmailVerification()
ver.user = user
ver.token = token
ver.email = form.email.data
db.session.add(ver)
db.session.commit()
send_verify_email.delay(form.email.data, token)
flash("Check your email address to verify your account", "success")
return redirect(url_for("homepage.home"))
def handle_email_notifications(user, prefs: UserNotificationPreferences,
is_new, form):
for notificationType in NotificationType:
field_email = getattr(form, "pref_" + notificationType.toName()).data
field_digest = getattr(form, "pref_" + notificationType.toName() +
"_digest").data or field_email
prefs.set_can_email(notificationType, field_email)
prefs.set_can_digest(notificationType, field_digest)
if is_new:
db.session.add(prefs)
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
newEmail = form.email.data
if newEmail and newEmail != user.email and newEmail.strip() != "":
if EmailSubscription.query.filter_by(email=form.email.data,
blacklisted=True).count() > 0:
flash(
"That email address has been unsubscribed/blacklisted, and cannot be used",
"danger")
return
token = randomString(32)
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
msg = "Changed email of {}".format(user.display_name)
addAuditLog(severity, current_user, msg,
url_for("users.profile", username=user.username))
ver = UserEmailVerification()
ver.user = user
ver.token = token
ver.email = newEmail
db.session.add(ver)
db.session.commit()
flash("Check your email to confirm it", "success")
send_verify_email.delay(newEmail, token)
return redirect(
url_for("users.email_notifications", username=user.username))
db.session.commit()
return redirect(
url_for("users.email_notifications", username=user.username))