def change_password(token=None):
if not token and not flask.session.get("logged_in_email"):
return flask.redirect("/login")
if flask.request.method == "POST":
form_data = flask.request.form.to_dict()
new_pass = form_data["new_pass"]
check_pass = form_data["check_pass"]
if token:
staff_member = database.find("staff", token=token)
staff_member = staff_member.next()
else:
old_pass = form_data["old_pass"]
email = flask.session["logged_in_email"]
staff_member = database.find("staff", email=email)
staff_member = staff_member.next()
try:
assert sugar.check_hash(old_pass, staff_member["password"])
except AssertionError:
flask.flash("Wrong password.", "error")
return
try:
assert sugar.check_hash(new_pass, sugar.make_hash(check_pass))
except AssertionError:
flask.flash("New passwords do not match.", "error")
return {"token": token}
try:
assert new_pass != u""
except AssertionError:
flask.flash("Please enter a new password.", "error")
else:
session = database.get_session()
staff_row = database.get_or_404("staff", id=staff_member.id)
staff_schema = StaffSchema.from_flat(staff_row)
staff_schema["password"].set(sugar.make_hash(new_pass))
if staff_schema.validate():
staff_row.update(staff_schema.flatten())
session.save(staff_row)
session.commit()
flask.flash("Password changed sucessfuly.", "success")
if token:
login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home"))
return flask.redirect(login_url)
return {"token": token}
def reset_password():
email_to_reset_password = flask.request.form.get("email", "")
if flask.request.method == "POST":
try:
staff_member = [i for i in database.find("staff", email=email_to_reset_password)]
assert len(staff_member) == 1
staff_member = staff_member[0]
except AssertionError:
flask.flash(u"Your email does not exist in our database.", "error")
else:
auth_token = sugar.generate_token(email_to_reset_password)
session = database.get_session()
staff_row = database.get_or_404("staff", id=staff_member.id)
staff_schema = StaffSchema.from_flat(staff_row)
staff_schema["token"].set(auth_token)
if staff_schema.validate():
staff_row.update(staff_schema.flatten())
session.save(staff_row)
session.commit()
app = flask.current_app
mail = Mail(app)
settings_url = app.config.get("HOSTNAME")
mail_msg_link = "%s/%s/change-password" % (settings_url, auth_token)
msg_subject = "Reset your Cites password"
msg_sender = app.config.get("DEFAULT_MAIL_SENDER")
msg_recipients = [email_to_reset_password]
msg_body = str(
"Forgot your password?\n\nCites received a request "
"to reset the password for your account.\n"
"If you want to reset your "
"password, click on the link below (or copy and "
"paste the URL into your browser):\n\n%s\n\nThis "
"link takes you to a secure page where you can "
"change your password.\nIf you don't want to "
"reset your password, please ignore this "
"message. Your password will not be reset."
"\n\nThe Cites Team" % (mail_msg_link)
)
msg = Message(msg_subject, sender=msg_sender, recipients=msg_recipients, body=msg_body)
mail.send(msg)
flash_message = str(
"We've sent password reset instructions to your "
"email address. Please also check your email's "
"spam filter."
)
flask.flash(flash_message, "success")