if email == '':
logging.debug('No email')
return render_template('forgot-password.html', error='Email field required.')
user = mongo.db.users.find_one({'email': email})
if user is None:
logging.debug('User not found for email %s', email)
return render_template('forgot-password.html', error='User not found.')
to_address = user['email']
username = user['username']
id = mongo.db.password_retrievals.save({
'user_id': user['_id'],
'created': datetime.datetime.utcnow()
})
logging.debug('sending email to user %s with email %s and link %s',
username, to_address, id
)
res = send_password_retrieval_email(app, to_address, username, id)
logging.debug('response: %s', res)
if res is None:
return render_template('forgot-password.html', error='Oops! An error occurred. Please try again.')
return redirect(url_for('password_email_sent'))
app.add_url_rule('/forgot-password', view_func=ForgotPassword.as_view('forgot_password'))
if 'user_id' not in session:
abort(401)
user_id = session['user_id']
upload = request.get_json()
print('Looking for upload %s', id)
if mongo.db.uploads.find_one(ObjectId(id)) is None:
print('Not found')
return ('Upload not found', 400)
print('Found')
upload['user_id'] = user_id
upload['due'] = parser.parse(upload['due'])
upload['_id'] = ObjectId(id)
mongo.db.uploads.save(upload, True)
upload['_id'] = str(id)
upload['due'] = str(upload['due'])
return make_json_response(upload)
def delete(self, id):
print('%s /uploads/%s/', request.method, id)
if 'user_id' not in session:
abort(401)
if mongo.db.uploads.find_one(ObjectId(id)) is None:
return ('Upload not found', 400)
mongo.db.uploads.remove(ObjectId(id))
return ('', 204)
app.add_url_rule('/uploads', view_func=Uploads.as_view('uploads_1'))
app.add_url_rule('/uploads/<id>', view_func=Uploads.as_view('uploads_2'))
error = 'Please fill in all fields.'
elif mongo.db.users.find_one({'username':
form.username.data}) is not None:
error = 'Username taken.'
elif mongo.db.users.find_one({'email': form.email.data}) is not None:
error = 'Email address already in use.'
else:
user_id = mongo.db.users.save({
'username':
form.username.data,
'email':
form.email.data,
'password':
hashlib.md5(form.password.data).hexdigest(),
'created':
datetime.utcnow()
})
session['user_id'] = str(user_id)
session.permanent = True
logging.debug('Logged in user %s', form.username.data)
return redirect(url_for('index'))
logging.debug('Error logging in: %s', error)
return render_template('register.html',
username=form.username.data,
email=form.email.data,
error=error)
app.add_url_rule('/register', view_func=Register.as_view('register'))
return render_template('reset-password.html',
username=user['username'],
email=user['email'])
except Exception as ex:
logging.debug(ex)
return ('An error occurred', 500)
def post(self):
logging.debug('POST /password-reset')
if 'user_id' not in session:
abort(401)
user = mongo.db.users.find_one(ObjectId(session['user_id']))
form = RegistrationForm(request.form)
if not form.validate():
logging.debug('Invalid reset password form: %s', form.errors)
return render_template('reset-password.html',
username=user['username'],
email=user['email'],
error='Please fill in all fields.')
user['password'] = hashlib.md5(form.password.data).hexdigest()
mongo.db.users.save(user)
logging.debug('Reset password success for %s', user['username'])
return redirect(url_for('index'))
app.add_url_rule('/password-reset',
view_func=PasswordReset.as_view('post_forgot_password'))
app.add_url_rule('/password-reset/<id>',
view_func=PasswordReset.as_view('get_forgot_password'))
def post(self, year, month):
logging.debug('POST /calc-cache')
if 'user_id' not in session:
abort(401)
user = mongo.db.users.find_one(ObjectId(session['user_id']))
key = '%s%s' % (year, month)
if not 'calc_cache' in user:
user['calc_cache'] = {}
idata = request.get_json()
user['calc_cache'][key] = {}
if not 'defaults' in user['calc_cache']:
user['calc_cache']['defaults'] = {}
if 'income' in idata:
income = idata['income']
user['calc_cache'][key]['income'] = income
user['calc_cache']['defaults']['income'] = income
if 'expenses' in idata:
expenses = idata['expenses']
user['calc_cache'][key]['expenses'] = expenses
user['calc_cache']['defaults']['expenses'] = expenses
mongo.db.users.save(user)
return make_json_response({'msg': 'Saved.'})
app.add_url_rule('/calc-cache/<int:year>/<int:month>', view_func=Calculator.as_view('calculator'))
if 'user_id' not in session:
abort(401)
user_id = session['user_id']
bill = request.get_json()
logging.debug('Looking for bill %s', id)
if mongo.db.bills.find_one(ObjectId(id)) is None:
logging.debug('Not found')
return ('Bill not found', 400)
logging.debug('Found')
bill['user_id'] = user_id
bill['due'] = parser.parse(bill['due'])
bill['_id'] = ObjectId(id)
mongo.db.bills.save(bill, True)
bill['_id'] = str(id)
bill['due'] = str(bill['due'])
return make_json_response(bill)
def delete(self, id):
logging.debug('%s /bills/%s/', request.method, id)
if 'user_id' not in session:
abort(401)
if mongo.db.bills.find_one(ObjectId(id)) is None:
return ('Bill not found', 400)
mongo.db.bills.remove(ObjectId(id))
return ('', 204)
app.add_url_rule('/bills', view_func=Bills.as_view('bills_1'))
app.add_url_rule('/bills/<id>', view_func=Bills.as_view('bills_2'))
def get(self):
logging.debug('GET /login')
return render_template('login.html')
def post(self):
logging.debug('POST /login')
logging.debug('looking for user %s', request.form['username'])
user = mongo.db.users.find_one(
{'username': request.form['username']}
)
if user is None:
logging.debug('not found via username')
user = mongo.db.users.find_one(
{'email': request.form['username']}
)
if user is None or user['password'] != hashlib.md5(request.form['password']).hexdigest():
if user is None:
logging.debug('not found via email')
else:
logging.debug('invalid credentials')
return render_template('login.html', error='Invalid credentials.')
logging.debug('initializing session for %s', user['username'])
session['user_id'] = str(user['_id'])
session.permanent = True
user['last_login'] = datetime.utcnow()
mongo.db.users.save(user)
return redirect(url_for('index'))
app.add_url_rule('/login', view_func=Login.as_view('login'))
import logging
from flask import redirect, session
from flask.views import MethodView
from budgeter import app
class Logout(MethodView):
def post(self):
logging.debug('POST /logout')
session.pop('user_id', None)
return redirect('/')
app.add_url_rule('/logout', view_func=Logout.as_view('logout'))