Exemplo n.º 1
0
def verify_photos():
    """Allow an admin to verify photos."""
    photo = models.Photo.query.filter(
        models.Photo.verified == None # pylint: disable=singleton-comparison
    ).join(
        models.User.query.join(
            models.Ticket.query.filter(
                models.Ticket.cancelled == False # pylint: disable=singleton-comparison
            ).subquery(),
            models.User.tickets
        ).union(
            models.User.query.filter(
                models.User.held_ticket != None
            )
        ).subquery(),
        models.Photo.user
    ).first()

    if not photo:
        flask.flash('No photos to be verified!', 'success')

        return flask.redirect(flask.url_for('admin.admin_home'))

    return flask.render_template(
        'admin_photos/verify_photos.html',
        photo=photo,
        random=util.generate_key(5)
    )
Exemplo n.º 2
0
    def __init__(self, owner, ticket_type, price):
        self.owner = owner
        self.ticket_type = ticket_type
        self.price = price

        self.expires = (datetime.datetime.utcnow() +
                        APP.config['TICKET_EXPIRY_TIME'])

        self.claim_code = '-'.join(
            util.generate_key(5, string.digits)
            for _ in xrange(3)
        ).decode('utf-8')
Exemplo n.º 3
0
    def __init__(self, email, password, forenames, surname, phone, college, affiliation, photo):
        self.email = email
        self.forenames = forenames
        self.surname = surname
        self.phone = phone
        self.college = college
        self.affiliation = affiliation
        self.photo = photo

        self.set_password(password)

        self.secret_key = util.generate_key(64)
        self.verified = False
        self.deleted = False
        self.role = "User"
        self.affiliation_verified = None

        self.battels = battels.Battels.query.filter(battels.Battels.email == email).first()
Exemplo n.º 4
0
def generate_barcodes(send_only_new):
    """Given a ticket, generate a 20 character long unique ID for each ticket.
    This will then be used in the QR code that we generate.

    This returns the tickets that will then be used by 'send_claim_codes'.

    """
    # Get all the tickets that need to have barcodes added to them
    tickets = []
    if send_only_new:
        tickets = models.Ticket.query.filter(
            # We have not sent them an email yet (it has not been "claimed")
            models.Ticket.barcode == None,
            # Ticket has a holder
            models.Ticket.holder_id != None,
            # The ticket is paid for.
            models.Ticket.paid,
            # The ticket has not been cancelled.
            models.Ticket.cancelled == False
        ).all()
    else:
        tickets = models.Ticket.query.filter(
            # Ticket has a holder
            models.Ticket.holder_id != None,
            # The ticket is paid for.
            models.Ticket.paid,
            # The ticket has not been cancelled.
            models.Ticket.cancelled == False
        ).all()

    for ticket in tickets:
        if not ticket.barcode: # Need to generate a bar code
            # Generate a unique key for this ticket.
            key = util.generate_key(20).decode('utf-8')
            # and add it
            ticket.barcode = key
            DB.session.commit()
    # Return the tickets
    return tickets
Exemplo n.º 5
0
def password_reset():
    """Display a form to start the password reset process.

    User enters their email, and is sent an email containing a link with a
    random key to validate their identity.
    """
    if flask.request.method == 'POST':
        user = models.User.get_by_email(flask.request.form['email'])

        if not user:
            APP.log_manager.log_event(
                'Attempted password reset for {0}'.format(
                    flask.request.form['email']
                )
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Attempted Account Access',
                'password_reset_fail.email'
            )
        else:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = (
                datetime.datetime.utcnow() +
                datetime.timedelta(minutes=30)
            )

            DB.session.commit()

            APP.log_manager.log_event(
                'Started password reset',
                [],
                user
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Confirm Password Reset',
                'password_reset_confirm.email',
                name=user.forenames,
                confirmurl=flask.url_for(
                    'front.reset_password',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                )
            )

        flask.flash(
            (
                'An email has been sent to {0} with detailing what to do '
                'next. Please check your email (including your spam folder) '
                'and follow the instructions given'
            ).format(
                flask.request.form['email']
            ),
            'info'
        )

        return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template('front/password_reset.html')
Exemplo n.º 6
0
def vouchers(page=1):
    """Manage vouchers.

    Handles the creation of discount vouchers, and allows their deletion.
    """
    form = {}

    if flask.request.method == "POST":
        form = flask.request.form

        success = True

        expires = None

        if "expires" in form and form["expires"] != "":
            try:
                expires = parser.parse(form["expires"])
                if expires < datetime.datetime.utcnow():
                    flask.flash("Expiry date cannot be in the past", "warning")
                    success = False
            except (KeyError, ValueError) as _:
                flask.flash("Could not parse expiry date", "warning")
                success = False

        if "voucher_type" not in form or form["voucher_type"] == "":
            flask.flash("You must select a discount type", "warning")
            success = False
        elif form["voucher_type"] == "Fixed Price":
            value = util.parse_pounds_pence(flask.request.form,
                                            "fixed_price_pounds",
                                            "fixed_price_pence")
        elif form["voucher_type"] == "Fixed Discount":
            value = util.parse_pounds_pence(flask.request.form,
                                            "fixed_discount_pounds",
                                            "fixed_discount_pence")

            if value == 0:
                flask.flash("Cannot give no discount", "warning")
                success = False
        else:
            try:
                value = int(form["fixed_discount"])
            except ValueError:
                value = 0

            if value == 0:
                flask.flash("Cannot give 0% discount", "warning")
                success = False
            elif value > 100:
                flask.flash("Cannot give greater than 100% discount",
                            "warning")
                success = False

        if not re.match("[a-zA-Z0-9]+", form["voucher_prefix"]):
            flask.flash(
                ("Voucher prefix must be non-empty and contain only "
                 "letters and numbers"),
                "warning",
            )
            success = False

        if success:
            num_vouchers = int(form["num_vouchers"])
            single_use = "single_use" in form and form["single_use"] == "yes"

            for _ in xrange(num_vouchers):
                key = util.generate_key(10)
                voucher = models.Voucher(
                    "{0}-{1}".format(form["voucher_prefix"], key),
                    expires,
                    form["voucher_type"],
                    value,
                    form["applies_to"],
                    single_use,
                )
                DB.session.add(voucher)

            DB.session.commit()

            flask.flash("Voucher(s) created successfully", "success")

            form = {}

    voucher_query = models.Voucher.query

    if "search" in flask.request.args:
        voucher_query = voucher_query.filter(
            models.Voucher.code.like("%{0}%".format(
                flask.request.args["search"])))

    voucher_results = voucher_query.paginate(page, 10)

    return flask.render_template("admin_vouchers/vouchers.html",
                                 form=form,
                                 vouchers=voucher_results)
Exemplo n.º 7
0
def vouchers(page=1):
    """Manage vouchers.

    Handles the creation of discount vouchers, and allows their deletion.
    """
    form = {}

    if flask.request.method == 'POST':
        form = flask.request.form

        success = True

        expires = None

        if 'expires' in form and form['expires'] != '':
            try:
                expires = parser.parse(form['expires'])
                if expires < datetime.datetime.utcnow():
                    flask.flash('Expiry date cannot be in the past', 'warning')
                    success = False
            except (KeyError, ValueError) as _:
                flask.flash('Could not parse expiry date', 'warning')
                success = False

        if 'voucher_type' not in form or form['voucher_type'] == '':
            flask.flash('You must select a discount type', 'warning')
            success = False
        elif form['voucher_type'] == 'Fixed Price':
            value = util.parse_pounds_pence(flask.request.form,
                                            'fixed_price_pounds',
                                            'fixed_price_pence')
        elif form['voucher_type'] == 'Fixed Discount':
            value = util.parse_pounds_pence(flask.request.form,
                                            'fixed_discount_pounds',
                                            'fixed_discount_pence')

            if value == 0:
                flask.flash('Cannot give no discount', 'warning')
                success = False
        else:
            try:
                value = int(form['fixed_discount'])
            except ValueError:
                value = 0

            if value == 0:
                flask.flash('Cannot give 0% discount', 'warning')
                success = False
            elif value > 100:
                flask.flash('Cannot give greater than 100% discount',
                            'warning')
                success = False

        if not re.match('[a-zA-Z0-9]+', form['voucher_prefix']):
            flask.flash(('Voucher prefix must be non-empty and contain only '
                         'letters and numbers'), 'warning')
            success = False

        if success:
            num_vouchers = int(form['num_vouchers'])
            single_use = 'single_use' in form and form['single_use'] == 'yes'

            for _ in xrange(num_vouchers):
                key = util.generate_key(10)
                voucher = models.Voucher(
                    '{0}-{1}'.format(form['voucher_prefix'],
                                     key), expires, form['voucher_type'],
                    value, form['applies_to'], single_use)
                DB.session.add(voucher)

            DB.session.commit()

            flask.flash('Voucher(s) created successfully', 'success')

            form = {}

    voucher_query = models.Voucher.query

    if 'search' in flask.request.args:
        voucher_query = voucher_query.filter(
            models.Voucher.code.like('%{0}%'.format(
                flask.request.args['search'])))

    voucher_results = voucher_query.paginate(page, 10)

    return flask.render_template('admin/vouchers.html',
                                 form=form,
                                 vouchers=voucher_results)
Exemplo n.º 8
0
    def __init__(self, leader):
        self.leader = leader
        self.members = [leader]

        self.code = util.generate_key(10)
Exemplo n.º 9
0
    def __init__(self, leader):
        self.leader = leader
        self.members = [leader]

        self.code = util.generate_key(10)
Exemplo n.º 10
0
def reset_password(user_id, secret_key):
    """Complete the password reset process.

    To reset their password, the user is sent an email with a link to this view.
    Upon clicking it, they are presented with a form to define a new password,
    which is saved when the form is submitted (to this view)
    """
    user = models.User.get_by_id(user_id)

    if user is None or user.secret_key != secret_key:
        if user is not None:
            user.secret_key = None
            user.secret_key_expiry = None

            DB.session.commit()

        flask.flash('Could not complete password reset. Please try again',
                    'error')

        return flask.redirect(flask.url_for('front.home'))

    if flask.request.method == 'POST':
        if flask.request.form['password'] != flask.request.form['confirm']:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = (datetime.datetime.utcnow() +
                                      datetime.timedelta(minutes=5))

            DB.session.commit()

            flask.flash('Passwords do not match, please try again', 'warning')

            return flask.redirect(
                flask.url_for(
                    'front.reset_password',
                    user_id=user.object_id,
                    secret_key=user.secret_key
                )
            )
        else:
            user.set_password(flask.request.form['password'])

            user.secret_key = None
            user.secret_key_expiry = None

            DB.session.commit()

            APP.log_manager.log_event(
                'Completed password reset',
                [],
                user
            )

            flask.flash('Your password has been reset, please log in.',
                        'success')

            return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template(
            'front/reset_password.html',
            user_id=user_id,
            secret_key=secret_key
        )
Exemplo n.º 11
0
def profile():
    """Allow the user to edit their personal details.

    Displays a form and processes it to update the users details.
    """
    if flask.request.method == 'POST':
        valid = True
        flashes = []

        if (
                flask.request.form['email'] != login.current_user.email and
                models.User.get_by_email(
                    flask.request.form['email']
                ) is not None
        ):
            flashes.append('That email address is already in use. ')
            valid = False

        if (
                'oldpassword' in flask.request.form and
                flask.request.form['oldpassword'] != ''
        ):
            if not login.current_user.check_password(
                    flask.request.form['oldpassword']
            ):
                flashes.append('Current password is not correct')
                valid = False

            if (
                    'password' not in flask.request.form or
                    'confirm' not in flask.request.form or
                    flask.request.form['password'] == '' or
                    (
                        flask.request.form['password'] !=
                        flask.request.form['confirm']
                    )
            ):
                flashes.append('New passwords do not match')
                valid = False

            if len(flask.request.form['password']) < 8:
                flashes.append('Password must be at least 8 characters long')
                valid = False

        if (
                'forenames' not in flask.request.form or
                flask.request.form['forenames'] == ''
        ):
            flashes.append('First Name cannot be blank')
            valid = False

        if (
                'surname' not in flask.request.form or
                flask.request.form['surname'] == ''
        ):
            flashes.append('Surname cannot be blank')
            valid = False

        if (
                'email' not in flask.request.form or
                flask.request.form['email'] == ''
        ):
            flashes.append('Email cannot be blank')
            valid = False

        if (
                'phone' not in flask.request.form or
                flask.request.form['phone'] == ''
        ):
            flashes.append('Phone cannot be blank')
            valid = False

        if (
                'college' not in flask.request.form or
                flask.request.form['college'] == '---'
        ):
            flashes.append('Please select a college')
            valid = False

        if (
                'affiliation' not in flask.request.form or
                flask.request.form['affiliation'] == '---'
        ):
            flashes.append('Please select an affiliation')
            valid = False

        if not valid:
            flask.flash(
                (
                    'There were errors in your provided details. Please fix '
                    'these and try again'
                ),
                'error'
            )
            for msg in flashes:
                flask.flash(msg, 'warning')
        else:
            if flask.request.form['email'] != login.current_user.email:
                login.current_user.new_email = flask.request.form['email']
                login.current_user.secret_key = util.generate_key(64)
                login.current_user.secret_key_expiry = (
                    datetime.datetime.utcnow() + datetime.timedelta(days=7))

                APP.email_manager.send_template(
                    flask.request.form['email'],
                    'Confirm your Email Address',
                    'email_change_confirm.email',
                    name=login.current_user.forenames,
                    confirmurl=flask.url_for(
                        'front.confirm_email',
                        user_id=login.current_user.object_id,
                        secret_key=login.current_user.secret_key,
                        _external=True
                    )
                )

                flask.flash(
                    (
                        'You must confirm your new email address to make '
                        'sure that we can contact you if necessary. Please '
                        'check your email for further instructions.'
                    ),
                    'info'
                )

            if (
                    'oldpassword' in flask.request.form and
                    flask.request.form['oldpassword'] != ''
            ):
                login.current_user.set_password(flask.request.form['password'])

            login.current_user.forenames = flask.request.form['forenames']
            login.current_user.surname = flask.request.form['surname']
            login.current_user.phone = flask.request.form['phone']

            affiliation_logic.update_affiliation(
                login.current_user,
                models.College.get_by_id(flask.request.form['college']),
                models.Affiliation.get_by_id(flask.request.form['affiliation'])
            )

            DB.session.commit()

            APP.log_manager.log_event(
                'Updated Details',
                [],
                login.current_user
            )

            flask.flash(
                'Your details have been updated',
                'success'
            )

            affiliation_logic.maybe_verify_affiliation(login.current_user)

    return flask.render_template(
        'dashboard/profile.html',
        colleges=models.College.query.all(),
        affiliations=models.Affiliation.query.all()
    )
Exemplo n.º 12
0
def profile():
    """Allow the user to edit their personal details.

    Displays a form and processes it to update the users details.
    """
    if flask.request.method == 'POST':
        valid = True
        flashes = []

        if (flask.request.form['email'] != login.current_user.email
                and models.User.get_by_email(
                    flask.request.form['email']) is not None):
            flashes.append('That email address is already in use. ')
            valid = False

        if ('oldpassword' in flask.request.form
                and flask.request.form['oldpassword'] != ''):
            if not login.current_user.check_password(
                    flask.request.form['oldpassword']):
                flashes.append('Current password is not correct')
                valid = False

            if ('password' not in flask.request.form
                    or 'confirm' not in flask.request.form
                    or flask.request.form['password'] == ''
                    or (flask.request.form['password'] !=
                        flask.request.form['confirm'])):
                flashes.append('New passwords do not match')
                valid = False

            if len(flask.request.form['password']) < 8:
                flashes.append('Password must be at least 8 characters long')
                valid = False

        if ('forenames' not in flask.request.form
                or flask.request.form['forenames'] == ''):
            flashes.append('First Name cannot be blank')
            valid = False

        if ('surname' not in flask.request.form
                or flask.request.form['surname'] == ''):
            flashes.append('Surname cannot be blank')
            valid = False

        if ('email' not in flask.request.form
                or flask.request.form['email'] == ''):
            flashes.append('Email cannot be blank')
            valid = False

        if ('phone' not in flask.request.form
                or flask.request.form['phone'] == ''):
            flashes.append('Phone cannot be blank')
            valid = False

        if ('college' not in flask.request.form
                or flask.request.form['college'] == '---'):
            flashes.append('Please select a college')
            valid = False

        if ('affiliation' not in flask.request.form
                or flask.request.form['affiliation'] == '---'):
            flashes.append('Please select an affiliation')
            valid = False

        if not valid:
            flask.flash(
                ('There were errors in your provided details. Please fix '
                 'these and try again'), 'error')
            for msg in flashes:
                flask.flash(msg, 'warning')
        else:
            if flask.request.form['email'] != login.current_user.email:
                login.current_user.new_email = flask.request.form['email']
                login.current_user.secret_key = util.generate_key(64)
                login.current_user.secret_key_expiry = (
                    datetime.datetime.utcnow() + datetime.timedelta(days=7))

                APP.email_manager.send_template(
                    flask.request.form['email'],
                    'Confirm your Email Address',
                    'email_change_confirm.email',
                    name=login.current_user.forenames,
                    confirmurl=flask.url_for(
                        'front.confirm_email',
                        user_id=login.current_user.object_id,
                        secret_key=login.current_user.secret_key,
                        _external=True))

                flask.flash(
                    ('You must confirm your new email address to make '
                     'sure that we can contact you if necessary. Please '
                     'check your email for further instructions.'), 'info')

            if ('oldpassword' in flask.request.form
                    and flask.request.form['oldpassword'] != ''):
                login.current_user.set_password(flask.request.form['password'])

            login.current_user.forenames = flask.request.form['forenames']
            login.current_user.surname = flask.request.form['surname']
            login.current_user.phone = flask.request.form['phone']

            affiliation_logic.update_affiliation(
                login.current_user,
                models.College.get_by_id(flask.request.form['college']),
                models.Affiliation.get_by_id(
                    flask.request.form['affiliation']))

            DB.session.commit()

            APP.log_manager.log_event('Updated Details', [],
                                      login.current_user)

            flask.flash('Your details have been updated', 'success')

            affiliation_logic.maybe_verify_affiliation(login.current_user)

    return flask.render_template('dashboard/profile.html',
                                 colleges=models.College.query.all(),
                                 affiliations=models.Affiliation.query.all())
Exemplo n.º 13
0
def email_confirm():
    """Retry email confirmation.

    If the user somehow manages to lose the email confirmation message, they can
    use this view to have it resent.
    """
    if flask.request.method == 'POST':
        user = models.User.get_by_email(flask.request.form['email'])

        if not user:
            APP.log_manager.log_event(
                'Attempted email confirm for {0}'.format(
                    flask.request.form['email']
                )
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Attempted Account Access',
                'email_confirm_fail.email'
            )
        else:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = None

            DB.session.commit()

            APP.log_manager.log_event(
                'Requested email confirm',
                [],
                user
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Confirm your Email Address',
                'email_confirm.email',
                name=user.forenames,
                confirmurl=flask.url_for(
                    'front.confirm_email',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                ),
                destroyurl=flask.url_for(
                    'front.destroy_account',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                )
            )

        flask.flash(
            (
                'An email has been sent to {0} with detailing what to do '
                'next. Please check your email (including your spam folder) '
                'and follow the instructions given'
            ).format(
                flask.request.form['email']
            ),
            'info'
        )

        return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template('front/email_confirm.html')
Exemplo n.º 14
0
def vouchers(page=1):
    """Manage vouchers.

    Handles the creation of discount vouchers, and allows their deletion.
    """
    form = {}

    if flask.request.method == 'POST':
        form = flask.request.form

        success = True

        expires = None

        if 'expires' in form and form['expires'] != '':
            try:
                expires = parser.parse(form['expires'])
                if expires < datetime.datetime.utcnow():
                    flask.flash(
                        'Expiry date cannot be in the past',
                        'warning'
                    )
                    success = False
            except (KeyError, ValueError) as _:
                flask.flash(
                    'Could not parse expiry date',
                    'warning'
                )
                success = False

        if 'voucher_type' not in form or form['voucher_type'] == '':
            flask.flash(
                'You must select a discount type',
                'warning'
            )
            success = False
        elif form['voucher_type'] == 'Fixed Price':
            value = util.parse_pounds_pence(flask.request.form,
                                            'fixed_price_pounds',
                                            'fixed_price_pence')
        elif form['voucher_type'] == 'Fixed Discount':
            value = util.parse_pounds_pence(flask.request.form,
                                            'fixed_discount_pounds',
                                            'fixed_discount_pence')

            if value == 0:
                flask.flash(
                    'Cannot give no discount',
                    'warning'
                )
                success = False
        else:
            try:
                value = int(form['fixed_discount'])
            except ValueError:
                value = 0

            if value == 0:
                flask.flash(
                    'Cannot give 0% discount',
                    'warning'
                )
                success = False
            elif value > 100:
                flask.flash(
                    'Cannot give greater than 100% discount',
                    'warning'
                )
                success = False

        if not re.match('[a-zA-Z0-9]+', form['voucher_prefix']):
            flask.flash(
                (
                    'Voucher prefix must be non-empty and contain only '
                    'letters and numbers'
                ),
                'warning'
            )
            success = False

        if success:
            num_vouchers = int(form['num_vouchers'])
            single_use = 'single_use' in form and form['single_use'] == 'yes'

            for _ in xrange(num_vouchers):
                key = util.generate_key(10)
                voucher = models.Voucher(
                    '{0}-{1}'.format(
                        form['voucher_prefix'],
                        key
                    ),
                    expires,
                    form['voucher_type'],
                    value,
                    form['applies_to'],
                    single_use
                )
                DB.session.add(voucher)

            DB.session.commit()

            flask.flash(
                'Voucher(s) created successfully',
                'success'
            )

            form = {}

    voucher_query = models.Voucher.query

    if 'search' in flask.request.args:
        voucher_query = voucher_query.filter(
            models.Voucher.code.like(
                '%{0}%'.format(
                    flask.request.args['search']
                )
            )
        )

    voucher_results = voucher_query.paginate(
        page,
        10
    )

    return flask.render_template(
        'admin_vouchers/vouchers.html',
        form=form,
        vouchers=voucher_results
    )
Exemplo n.º 15
0
def update_email():
    """Allow the user to update their email address."""
    if flask.request.method != "POST":
        return flask.redirect(
            flask.request.referrer or flask.url_for("dashboard.profile")
        )

    flashes = []

    if (
        flask.request.form["email"] != login.current_user.email
        and models.User.get_by_email(flask.request.form["email"]) is not None
    ):
        flashes.append("That email address is already in use. ")

    if "email" not in flask.request.form or flask.request.form["email"] == "":
        flashes.append("Email cannot be blank")

    if flashes:
        flask.flash(
            (
                "There were errors in your provided details. Please fix "
                "these and try again"
            ),
            "error",
        )

        for msg in flashes:
            flask.flash(msg, "warning")

        return flask.redirect(
            flask.request.referrer or flask.url_for("dashboard.profile")
        )

    if flask.request.form["email"] != login.current_user.email:
        login.current_user.new_email = flask.request.form["email"]
        login.current_user.secret_key = util.generate_key(64)
        login.current_user.secret_key_expiry = datetime.datetime.utcnow() + datetime.timedelta(
            days=7
        )

        APP.email_manager.send_template(
            flask.request.form["email"],
            "Confirm your Email Address",
            "email_change_confirm.email",
            name=login.current_user.forenames,
            confirmurl=flask.url_for(
                "front.confirm_email",
                user_id=login.current_user.object_id,
                secret_key=login.current_user.secret_key,
                _external=True,
            ),
        )

        flask.flash(
            (
                "You must confirm your new email address to make "
                "sure that we can contact you if necessary. Please "
                "check your email for further instructions."
            ),
            "info",
        )

        DB.session.commit()

        APP.log_manager.log_event("Updated email address", user=login.current_user)
    else:
        flask.flash("Your email has not been changed.", "info")

    return flask.redirect(flask.request.referrer or flask.url_for("dashboard.profile"))
Exemplo n.º 16
0
def update_email():
    """Allow the user to update their email address."""
    if flask.request.method != 'POST':
        return flask.redirect(flask.request.referrer or
                              flask.url_for('dashboard.profile'))

    flashes = []

    if (
            flask.request.form['email'] != login.current_user.email and
            models.User.get_by_email(flask.request.form['email']) is not None
    ):
        flashes.append('That email address is already in use. ')

    if (
            'email' not in flask.request.form or
            flask.request.form['email'] == ''
    ):
        flashes.append('Email cannot be blank')

    if flashes:
        flask.flash(
            (
                'There were errors in your provided details. Please fix '
                'these and try again'
            ),
            'error'
        )

        for msg in flashes:
            flask.flash(msg, 'warning')

        return flask.redirect(flask.request.referrer or
                              flask.url_for('dashboard.profile'))

    if flask.request.form['email'] != login.current_user.email:
        login.current_user.new_email = flask.request.form['email']
        login.current_user.secret_key = util.generate_key(64)
        login.current_user.secret_key_expiry = (
            datetime.datetime.utcnow() + datetime.timedelta(days=7))

        APP.email_manager.send_template(
            flask.request.form['email'],
            'Confirm your Email Address',
            'email_change_confirm.email',
            name=login.current_user.forenames,
            confirmurl=flask.url_for(
                'front.confirm_email',
                user_id=login.current_user.object_id,
                secret_key=login.current_user.secret_key,
                _external=True
            )
        )

        flask.flash(
            (
                'You must confirm your new email address to make '
                'sure that we can contact you if necessary. Please '
                'check your email for further instructions.'
            ),
            'info'
        )

        DB.session.commit()

        APP.log_manager.log_event(
            'Updated email address',
            user=login.current_user
        )
    else:
        flask.flash('Your email has not been changed.', 'info')

    return flask.redirect(flask.request.referrer or
                          flask.url_for('dashboard.profile'))
Exemplo n.º 17
0
def reset_password(user_id, secret_key):
    """Complete the password reset process.

    To reset their password, the user is sent an email with a link to this view.
    Upon clicking it, they are presented with a form to define a new password,
    which is saved when the form is submitted (to this view)
    """
    user = models.User.get_by_id(user_id)

    if user is None or user.secret_key != secret_key:
        if user is not None:
            user.secret_key = None
            user.secret_key_expiry = None

            DB.session.commit()

        flask.flash('Could not complete password reset. Please try again',
                    'error')

        return flask.redirect(flask.url_for('front.home'))

    if flask.request.method == 'POST':
        if flask.request.form['password'] != flask.request.form['confirm']:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = (datetime.datetime.utcnow() +
                                      datetime.timedelta(minutes=5))

            DB.session.commit()

            flask.flash('Passwords do not match, please try again', 'warning')

            return flask.redirect(
                flask.url_for(
                    'front.reset_password',
                    user_id=user.object_id,
                    secret_key=user.secret_key
                )
            )
        else:
            user.set_password(flask.request.form['password'])

            user.secret_key = None
            user.secret_key_expiry = None

            DB.session.commit()

            APP.log_manager.log_event(
                'Completed password reset',
                user=user
            )

            flask.flash('Your password has been reset, please log in.',
                        'success')

            return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template(
            'front/reset_password.html',
            user_id=user_id,
            secret_key=secret_key
        )
Exemplo n.º 18
0
def password_reset():
    """Display a form to start the password reset process.

    User enters their email, and is sent an email containing a link with a
    random key to validate their identity.
    """
    if flask.request.method == 'POST':
        user = models.User.get_by_email(flask.request.form['email'])

        if not user:
            APP.log_manager.log_event(
                'Attempted password reset for {0}'.format(
                    flask.request.form['email']
                )
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Attempted Account Access',
                'password_reset_fail.email'
            )
        else:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = (
                datetime.datetime.utcnow() +
                datetime.timedelta(minutes=30)
            )

            DB.session.commit()

            APP.log_manager.log_event(
                'Started password reset',
                user=user
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Confirm Password Reset',
                'password_reset_confirm.email',
                name=user.forenames,
                confirmurl=flask.url_for(
                    'front.reset_password',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                )
            )

        flask.flash(
            (
                'An email has been sent to {0} with detailing what to do '
                'next. Please check your email (including your spam folder) '
                'and follow the instructions given'
            ).format(
                flask.request.form['email']
            ),
            'info'
        )

        return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template('front/password_reset.html')
Exemplo n.º 19
0
def email_confirm():
    """Retry email confirmation.

    If the user somehow manages to lose the email confirmation message, they can
    use this view to have it resent.
    """
    if flask.request.method == 'POST':
        user = models.User.get_by_email(flask.request.form['email'])

        if not user:
            APP.log_manager.log_event(
                'Attempted email confirm for {0}'.format(
                    flask.request.form['email']
                )
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Attempted Account Access',
                'email_confirm_fail.email'
            )
        else:
            user.secret_key = util.generate_key(64)
            user.secret_key_expiry = None

            DB.session.commit()

            APP.log_manager.log_event(
                'Requested email confirm',
                user=user
            )

            APP.email_manager.send_template(
                flask.request.form['email'],
                'Confirm your Email Address',
                'email_confirm.email',
                name=user.forenames,
                confirmurl=flask.url_for(
                    'front.confirm_email',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                ),
                destroyurl=flask.url_for(
                    'front.destroy_account',
                    user_id=user.object_id,
                    secret_key=user.secret_key,
                    _external=True
                )
            )

        flask.flash(
            (
                'An email has been sent to {0} with detailing what to do '
                'next. Please check your email (including your spam folder) '
                'and follow the instructions given'
            ).format(
                flask.request.form['email']
            ),
            'info'
        )

        return flask.redirect(flask.url_for('front.home'))
    else:
        return flask.render_template('front/email_confirm.html')