def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"),
code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"),
code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def login_forgot_pass_submit():
""" Forgot their password. Grab their username and send them a reset email.
"""
if "cancel" in request.form:
flash("Password reset cancelled.")
return redirect(url_for("login_local"))
username = sanitize_username(request.form.get('username', None))
if username == "admin":
flash("""The admin account cannot do an email password reset,
please see the Installation instructions.""")
return redirect(url_for("login_forgot_pass"))
if username:
user_id = Users2.uid_by_uname(username)
else:
user_id = None
if not user_id:
flash("Unknown username ")
return redirect(url_for("login_forgot_pass"))
user = Users2.get_user(user_id)
if not user['source'] == "local":
flash("Your password is not managed by OASIS, "
"please contact IT Support.")
return redirect(url_for("login_forgot_pass"))
code = Users.gen_confirm_code()
Users.set_confirm_code(user_id, code)
email = user['email']
if not email:
flash("We do not appear to have an email address on file for "
"that account.")
return redirect(url_for("login_forgot_pass"))
text_body = render_template(os.path.join("email", "forgot_pass.txt"), code=code)
html_body = render_template(os.path.join("email", "forgot_pass.html"), code=code)
send_email(user['email'],
from_addr=None,
subject="OASIS Password Reset",
text_body=text_body,
html_body=html_body)
return render_template("login_forgot_pass_submit.html")
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form and 'password' in form and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"),
code=code)
html_body = render_template(os.path.join("email", "confirmation.html"),
code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)
def login_signup_submit():
""" They've entered some information and want an account.
Do some checks and send them a confirmation email if all looks good.
"""
# TODO: How do we stop someone using this to spam someone?
if not OaConfig.open_registration:
abort(404)
form = request.form
if not ('username' in form
and 'password' in form
and 'confirm' in form
and 'email' in form):
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
username = sanitize_username(form['username'])
password = form['password']
confirm = form['confirm']
email = form['email']
if username == "" or password == "" or confirm == "" or email == "":
flash("Please fill in all fields")
return redirect(url_for("login_signup"))
if not confirm == password:
flash("Passwords don't match")
return redirect(url_for("login_signup"))
# basic checks in case they entered their street address or something
# a fuller check is too hard or prone to failure
if "@" not in email or "." not in email:
flash("Email address doesn't appear to be valid")
return redirect(url_for("login_signup"))
existing = Users2.uid_by_uname(username)
if existing:
flash("An account with that name already exists, "
"please try another username.")
return redirect(url_for("login_signup"))
code = Users.gen_confirm_code()
newuid = Users.create(uname=username,
passwd="NOLOGIN",
email=email,
givenname=username,
familyname="",
acctstatus=1,
studentid="",
source="local",
confirm_code=code,
confirm=False)
Users2.set_password(newuid, password)
text_body = render_template(os.path.join("email", "confirmation.txt"), code=code)
html_body = render_template(os.path.join("email", "confirmation.html"), code=code)
send_email(email,
from_addr=None,
subject="OASIS Signup Confirmation",
text_body=text_body,
html_body=html_body)
return render_template("login_signup_submit.html", email=email)