def reset_password(user_id, token, new_password):
user = db.get_user(user_id=user_id)
if user is None:
return "User not found", 404
if user['password_lost'] == token:
db.update_user(user_id, password=new_password)
db.set_password_lost(user_id, empty=True)
return "Password changed", 200
else:
return "Invalid token", 401
def change_password(user_id, old_password, new_password):
user = db.get_user(user_id=user_id)
if user is None:
return "User not found", 404
if bcrypt.check_password_hash(user['password'], old_password):
db.update_user(user_id, password=new_password)
db.set_password_lost(user_id, empty=True)
return "Password changed", 200
else:
return "Invalid old password", 401
def lost_password(user_email):
user = db.get_user(email=user_email)
if user:
user_id = user['id']
token = db.set_password_lost(user_id)
if token is not None:
res = {
'token': token,
'uid': user_id,
'name': user['firstname'] + ' ' + user['lastname']
}
return res
return None
def send_tomorrow_events():
"""Emails about tomorrow events. Should be called by a scheduling system"""
check_domain()
tomorrow = datetime.date.today() + datetime.timedelta(days=1)
tomorrow_str = tomorrow.strftime("%Y-%m-%d")
tomorrow_nice = nice_date(tomorrow, settings.lang_locale)
events = db.get_events_list(tomorrow_str, tomorrow_str, fetch_start_before=False)
nb = len(events)
if nb == 0:
print("No event tomorrow")
return
elif nb == 1:
titre = "La sortie prévue pour demain"
desc = "la sortie prévue"
else:
titre = "Les sorties prévues pour demain"
desc = "les sorties prévues"
events_html = ''
for i, event in enumerate(events):
creator_id = event['creator_id']
user = db.get_user(user_id=creator_id)
creator_name = user['firstname'] + ' ' + user['lastname']
if i > 0:
events_html += "<hr />"
events_html += """
<div style="margin:20px 10px;">
<a href="{site}/user:{creator_id}">{creator_name}</a> a planifié la sortie <b><a href="{site}/event:{event_id}">{title}</a></b><br/>
{description}
</div>
""".format(site=domain, creator_id=creator_id, creator_name=html.escape(creator_name),
event_id=event['id'], title=html.escape(event['title'].strip()),
description=markdown.markdown(event.get('description', '') or ''))
all_users = db.list_users(notif_tomorrow_events=True)
recipients = compute_recipients(all_users)
messages = [
{
"Bcc": recipients,
"Subject": titre,
"HTMLPart": """
Voici {desc} pour le {tomorrow_nice} :<br/>
{events_html}
""".format(desc=html.escape(desc), tomorrow_nice=html.escape(tomorrow_nice), events_html=events_html)
}
]
send_emails(messages)
def authenticate(email, password, expires_delta):
user = db.get_user(email=email)
if user is None:
print('Email not found: %s' % email)
else:
LoginAPI.test_user_expiration(user)
if user['role'] in ['user', 'temporary', 'admin']:
if bcrypt.check_password_hash(user['password'], password):
return LoginAPI.get_token(user, expires_delta)
else:
print('Password hash does not match')
else:
print('%s is not approved to log-in' % email)
return None
def delete(self, user_id):
"""Delete a user"""
user = db.get_user(user_id=user_id)
claims = get_jwt()
if claims['role'] == 'admin' and user['role']=='new':
rowcount = db.delete_user(user_id)
if rowcount < 1:
abort(404, 'No user was deleted')
else:
return {'message': 'User really deleted'}, 200
if user_id != get_jwt_identity() and claims['role'] != 'admin':
abort(403, "You cannot delete someone else")
# We want to keep user messages (foreign keys)
db.update_user_role(user_id, "deleted")
# Note: a real delete would delete all user's messages and registration and events by CASCADE
return {'message': 'User deleted'}, 200
def get(self, user_id):
"""Get details of a user"""
props = db.get_user(user_id=user_id)
if type(props) is not dict:
abort(404, 'User not found')
return User(**filter_user_response(props))