def post(self, *args, **kwargs): """ Sends the password reset to email """ user = User.by_email(self.get_argument("email", "")) if user is not None and len(options.mail_host) > 0 and len(user.email) > 0: reset_token = encode(urandom(16), "hex") passtoken = PasswordToken() passtoken.user_id = user.id passtoken.value = sha256(reset_token).hexdigest() self.dbsession.add(passtoken) self.dbsession.commit() receivers = [user.email] message = self.create_reset_message(user, reset_token) smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port) smtpObj.set_debuglevel(False) try: smtpObj.starttls() try: smtpObj.login(options.mail_username, options.mail_password) except smtplib.SMTPNotSupportedError as e: logging.warn("SMTP Auth issue (%s). Attempting to send anyway." % e) smtpObj.sendmail(options.mail_sender, receivers, message) finally: smtpObj.quit() logging.info("Password Reset sent for %s" % user.email) elif not len(options.mail_host) > 0: logging.info("Password Reset request failed: No Mail Host in Settings.") elif user is None or not len(user.email) > 0: logging.info("Password Reset request failed: Email does not exist.") self.render( "public/forgot.html", errors=None, info=["If the email exists, a password reset has been sent."], )
def form_validation(self): if (bool( re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$", self.get_argument("handle", ""))) is False): raise ValidationError("Invalid handle format") email = self.get_argument("email", None) if options.require_email and (not email or not len(email) > 0): raise ValidationError("Email address is required") if (email and bool( re.match( r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$", self.get_argument("email", ""), )) is False): raise ValidationError("Invalid email format") if (self.get_argument("playername", None) and bool( re.match(r"^[a-zA-Z0-9 ]{3,64}$", self.get_argument("playername", ""))) is False): raise ValidationError("Invalid playername format") if (User.by_handle(self.get_argument("handle", ""), case_sensitive=False) is not None): raise ValidationError("This handle is already registered") if User.by_email(self.get_argument("email", "")) is not None: raise ValidationError("This email address is already registered") if self.get_argument("pass1", "") != self.get_argument("pass2", ""): raise ValidationError("Passwords do not match")
def post(self, *args, **kwargs): """ Sends the password reset to email """ user = User.by_email(self.get_argument("email", "")) if user is not None and len(options.mail_host) > 0 and len( user.email) > 0: reset_token = encode(urandom(16), "hex") passtoken = PasswordToken() passtoken.user_id = user.id passtoken.value = sha256(reset_token).hexdigest() self.dbsession.add(passtoken) self.dbsession.commit() receivers = [user.email] message = self.create_message(user, reset_token) smtpObj = smtplib.SMTP(options.mail_host, port=options.mail_port) smtpObj.set_debuglevel(False) try: smtpObj.starttls() smtpObj.login(options.mail_username, options.mail_password) smtpObj.sendmail(options.mail_sender, receivers, message) finally: smtpObj.quit() self.render( "public/forgot.html", errors=None, info=["If the email exists, a password reset has been sent."], )
def post(self, *args, **kwargs): """ Checks submitted username and password """ user = User.by_handle(self.get_argument("account", "")) password_attempt = self.get_argument("password", "") if user is None: user = User.by_email(self.get_argument("account", "")) if user is not None: if user.validate_password(password_attempt): self.valid_login(user) else: self.failed_login() else: if password_attempt is not None: PBKDF2.crypt(password_attempt, "BurnTheHashTime") self.failed_login()