예제 #1
0
def change_password(token=None):
    if not token and not flask.session.get("logged_in_email"):
        return flask.redirect("/login")

    if flask.request.method == "POST":
        form_data = flask.request.form.to_dict()

        new_pass = form_data["new_pass"]
        check_pass = form_data["check_pass"]

        if token:
            staff_member = database.find("staff", token=token)
            staff_member = staff_member.next()

        else:
            old_pass = form_data["old_pass"]

            email = flask.session["logged_in_email"]
            staff_member = database.find("staff", email=email)
            staff_member = staff_member.next()

            try:
                assert sugar.check_hash(old_pass, staff_member["password"])
            except AssertionError:
                flask.flash("Wrong password.", "error")
                return

        try:
            assert sugar.check_hash(new_pass, sugar.make_hash(check_pass))
        except AssertionError:
            flask.flash("New passwords do not match.", "error")
            return {"token": token}

        try:
            assert new_pass != u""
        except AssertionError:
            flask.flash("Please enter a new password.", "error")
        else:
            session = database.get_session()

            staff_row = database.get_or_404("staff", id=staff_member.id)
            staff_schema = StaffSchema.from_flat(staff_row)

            staff_schema["password"].set(sugar.make_hash(new_pass))

            if staff_schema.validate():
                staff_row.update(staff_schema.flatten())
                session.save(staff_row)
                session.commit()

                flask.flash("Password changed sucessfuly.", "success")

                if token:
                    login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home"))
                    return flask.redirect(login_url)

    return {"token": token}
예제 #2
0
def reset_password():
    email_to_reset_password = flask.request.form.get("email", "")

    if flask.request.method == "POST":
        try:
            staff_member = [i for i in database.find("staff", email=email_to_reset_password)]
            assert len(staff_member) == 1
            staff_member = staff_member[0]
        except AssertionError:
            flask.flash(u"Your email does not exist in our database.", "error")
        else:
            auth_token = sugar.generate_token(email_to_reset_password)

            session = database.get_session()

            staff_row = database.get_or_404("staff", id=staff_member.id)
            staff_schema = StaffSchema.from_flat(staff_row)

            staff_schema["token"].set(auth_token)

            if staff_schema.validate():
                staff_row.update(staff_schema.flatten())
                session.save(staff_row)
                session.commit()

            app = flask.current_app
            mail = Mail(app)

            settings_url = app.config.get("HOSTNAME")
            mail_msg_link = "%s/%s/change-password" % (settings_url, auth_token)

            msg_subject = "Reset your Cites password"
            msg_sender = app.config.get("DEFAULT_MAIL_SENDER")
            msg_recipients = [email_to_reset_password]
            msg_body = str(
                "Forgot your password?\n\nCites received a request "
                "to reset the password for your account.\n"
                "If you want to reset your "
                "password, click on the link below (or copy and "
                "paste the URL into your browser):\n\n%s\n\nThis "
                "link takes you to a secure page where you can "
                "change your password.\nIf you don't want to "
                "reset your password, please ignore this "
                "message. Your password will not be reset."
                "\n\nThe Cites Team" % (mail_msg_link)
            )

            msg = Message(msg_subject, sender=msg_sender, recipients=msg_recipients, body=msg_body)

            mail.send(msg)

            flash_message = str(
                "We've sent password reset instructions to your "
                "email address. Please also check your email's "
                "spam filter."
            )
            flask.flash(flash_message, "success")