def register():
"""Request an account"""
form = forms.RegistrationRequestForm()
if form.validate_on_submit():
request = models.RegistrationRequest(
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
phone=form.phone.data,
message=form.message.data,
)
models.db.session.add(request)
models.db.session.commit()
util.send_email('*****@*****.**',
"Förfrågan om nytt konto på Strequelistan",
flask.render_template('auth/register_email.jinja2',
request=request)
)
flask.flash(_l("QM har uppmärksammats om din förfrågan."), 'info')
return flask.redirect(flask.url_for('auth.login'))
return flask.render_template('auth/register.html', form=form)
def reset():
"""View for requesting password reset.
If a non-registred email address is entered, do nothing but tell
user that an email has been sent. This way we do not expose what
email addresses are registred.
If a registred email address is entered, get the id of the user the
email address is registred to and create a timestamped token with
the id. The token is sent as a part of a link to the email of that
user.
The view which the link leads to checks that the token is intact and
has not been tampered with, checks its age, and checks if the
password has been changed after the token was created. This means:
* Tokens are time limited.
* Multiple tokens can be valid at the same time, which prevents
confusion for the user.
* If the password is changed, using a token or in some other way,
all tokens generated before that change become invalid.
* Tokens are therefore single use.
* Tokens are not stored anywhere other than in the email sent to
user.
"""
reset_flash = (_l("Om {} är en registrerad adress så har vi skickat en "
"återställningslänk till den."))
ts = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
form = forms.ExistingEmailForm()
if form.validate_on_submit():
user = models.User.query.filter_by(email=form.email.data).first()
token = ts.dumps(user.id, salt='recover-key')
recover_url = flask.url_for('.reset_token', token=token,
_external=True)
email_body = flask.render_template('auth/password_reset_email.jinja2',
name=user.first_name,
link=recover_url)
subject = "Återställ ditt lösenord hos Strequelistan"
util.send_email(user.email, subject, email_body)
flask.flash(reset_flash.format(form.email.data), 'info')
return flask.redirect(flask.url_for('.login'))
elif form.email.data:
flask.flash(reset_flash.format(form.email.data), 'info')
return flask.redirect(flask.url_for('.login'))
elif form.errors:
flask.flash(_l("Vänligen skriv in din e-epostaddress"), 'error')
return flask.render_template('auth/reset.html', form=form)
def spam():
users = (models.User.query.order_by(
models.User.first_name).filter(models.User.balance < 0))
if flask.request.method == 'POST':
subject = "Hälsning från QM"
for user in users:
mail = flask.render_template('admin/negative_balance_mail.jinja2',
user=user)
util.send_email(user.email, subject, mail)
flask.flash("Spammade {} personer!".format(users.count()), 'success')
return flask.render_template('admin/spam.html', users=users)
def spam():
users = (models.User.query.order_by(
models.User.balance.asc()).filter(models.User.balance < 0))
if flask.request.method == 'POST':
subject = "Hälsning från QM"
for user in users:
mail = flask.render_template(
'strequeadmin/negative_balance_mail.jinja2', user=user)
util.send_email(user.email, subject, mail)
flask.flash(_("Skickade %(nr)i saldopåminnelser!", nr=users.count()),
'success')
return flask.render_template('strequeadmin/spam.html', users=users)
def verify_email(user, email):
"""Create an email verification email.
The user id and the requested email address is hashed and included as a
token in a link referring to the verification page. The link is sent to the
requested email address.
The token is timestamped, when verifying we can check the age.
"""
ts = URLSafeTimedSerializer(flask.current_app.config["SECRET_KEY"])
token = ts.dumps([user.id, email], 'verify-email')
verify_link = flask.url_for('auth.verify_token', token=token,
_external=True)
email_body = flask.render_template('auth/email_verification.jinja2',
link=verify_link)
subject = "Verifiera din e-postaddress på Strequelistan"
util.send_email(email, subject, email_body)