def lost_passwd(self, data): """ Send a reset link to user to recover its password """ error = False msg = "" # Check input format email_re = re.compile( r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$', re.IGNORECASE) # domain if email_re.match(data["recovery_email"]) is None: error = True msg = _("Invalid email format.") if not error: reset_hash = hashlib.sha512( str(random.getrandbits(256)).encode("utf-8")).hexdigest() user = self.database.users.find_one_and_update( {"email": data["recovery_email"]}, {"$set": { "reset": reset_hash }}) if user is None: error = True msg = _("This email address was not found in database.") else: try: subject = _("INGInious password recovery") body = _("""Dear {realname}, Someone (probably you) asked to reset your INGInious password. If this was you, please click on the following link : """).format(realname=user["realname"] ) + flask.request.url_root + "register?reset=" + reset_hash message = Message(recipients=[(user["realname"], data["recovery_email"])], subject=subject, body=body) mail.send(message) msg = _( "An email has been sent to you to reset your password." ) except Exception as ex: error = True msg = _( "Something went wrong while sending you reset email. Please contact the administrator." ) self._logger.error("Couldn't send email : {}".format( str(ex))) return msg, error
def register_user(self, data): """ Parses input and register user """ error = False msg = "" email_re = re.compile( r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$', re.IGNORECASE) # domain # Check input format if re.match(r"^[-_|~0-9A-Z]{4,}$", data["username"], re.IGNORECASE) is None: error = True msg = _("Invalid username format.") elif email_re.match(data["email"]) is None: error = True msg = _("Invalid email format.") elif len(data["passwd"]) < 6: error = True msg = _("Password too short.") elif data["passwd"] != data["passwd2"]: error = True msg = _("Passwords don't match !") elif self.app.terms_page is not None and self.app.privacy_page is not None and "term_policy_check" not in data: error = True msg = _("Please accept the Terms of Service and Data Privacy") if not error: existing_user = self.database.users.find_one( {"$or": [{"username": data["username"]}, {"email": data["email"]}]}) if existing_user is not None: error = True if existing_user["username"] == data["username"]: msg = _("This username is already taken !") else: msg = _("This email address is already in use !") else: passwd_hash = hashlib.sha512(data["passwd"].encode("utf-8")).hexdigest() activate_hash = hashlib.sha512(str(random.getrandbits(256)).encode("utf-8")).hexdigest() self.database.users.insert({"username": data["username"], "realname": data["realname"], "email": data["email"], "password": passwd_hash, "activate": activate_hash, "bindings": {}, "language": self.user_manager._session.get("language", "en"), "tos_accepted": True }) try: subject = _("Welcome on INGInious") body = _("""Welcome on INGInious ! To activate your account, please click on the following link : """) + flask.request.url_root + "register?activate=" + activate_hash message = Message(recipients=[(data["realname"], data["email"])], subject=subject, body=body) mail.send(message) msg = _("You are succesfully registered. An email has been sent to you for activation.") except Exception as ex: # Remove newly inserted user (do not add after to prevent email sending in case of failure) self.database.users.remove({"username": data["username"]}) error = True msg = _("Something went wrong while sending you activation email. Please contact the administrator.") self._logger.error("Couldn't send email : {}".format(str(ex))) return msg, error