def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP Socket error: {}\nYour password has not been changed.'
).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP error: {}\nYour password has not been changed.'
).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'Error: {}\nYour password has not been changed.').
format(e), 'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(
get_url(_security.post_reset_view)
or get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
return redirect(url_for('frontend.forgot_password') + '?invalid')
elif expired:
send_reset_password_instructions(user)
return redirect(url_for('frontend.forgot_password') + '?expired')
elif request.method == 'GET':
return redirect(url_for('frontend.reset_password', token=token))
form = _security.reset_password_form()
if form.validate_on_submit():
after_this_request(_commit)
update_password(user, form.newPassword.data)
login_user(user)
else:
return jsonify({'errors': form.errors}), HTTPStatus.BAD_REQUEST
return jsonify({
'token': user.get_auth_token(),
'user': user,
})
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=config_value('RESET_PASSWORD_WITHIN')))
if invalid or expired:
return redirect(url_for('login.forgot_password'))
form = ResetPasswordForm()
if form.validate_on_submit():
update_password(user, form.new_password.data)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(
get_url(config_value('POST_RESET_VIEW'))
or get_url(config_value('POST_LOGIN_VIEW')))
else:
current_app.logger.error('Form did not validate: {}'.format(
form.errors))
flash(form.errors, 'error')
return render_template('login/reset_password.html',
reset_password_form=form,
reset_password_token=token)
def post(self):
data = parser.parse_args()
print("We are here")
if not data['password'] or not data['token']:
return {
'message': 'Provide Password and the token sent',
"loggedIn": False
}, 401
expired, invalid, user = reset_password_token_status(data['token'])
if expired:
return {
'message': 'The password reset token provided has expired',
"loggedIn": False
}, 401
if invalid:
return {
'message': 'Invalid token provided',
"loggedIn": False
}, 401
if not user:
return {
'message': 'Could not find a user for that account',
"loggedIn": False
}, 401
print("Updating password for", user.username)
update_password(user, data['password'])
return {
'message':
'The password for your account has been successfully updated'
}
def update_password(self):
"""Used in conjunction with reset password to set password to a known value"""
schema = RELS['v1.AuthView:update'][request.method]
args = reset_password_options.parse_args()
try:
validate(args, schema, format_checker=FormatChecker())
except ValidationError as e:
return dict(status=400, message=e.message), 400
token = args.get('token')
expired, invalid, user = reset_password_token_status(token)
if invalid or not user:
return dict(status=409, message="Invalid reset token"), 409
if expired:
return dict(status=409, message="Reset token has expired"), 409
update_password(user, args.get('password'))
user.reset_secret()
send_password_reset_notice(user)
#SEE 90720022, Login the user
login_user(user)
user.save() #saving the user as a precaution, want the log data
return {'status': 200, 'message': 'Password updated', 'user': generate_response_dict(user=user)}
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'Error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(get_url(_security.post_reset_view) or
get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def post(self, **kwargs):
expired, invalid, user = reset_password_token_status(kwargs['token'])
if expired:
abort(422, 'Password reset token expired.')
elif invalid:
abort(422, 'Invalid password reset token.')
else:
user.password = kwargs['password']
db.session.commit()
return {'message': 'Password reset succesfully.'}
def get_user(self, token=None, **kwargs):
"""Retrieve a user by the provided arguments."""
# Verify the token
expired, invalid, user = reset_password_token_status(token)
if invalid:
_abort(get_message('INVALID_RESET_PASSWORD_TOKEN')[0])
if expired:
_abort(
get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=current_security.reset_password_within)[0])
return user
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_ERROR).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(PASS_ERROR).format(e), 'danger')
has_error = True
if not has_error:
after_this_request(view_commit)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['_auth_source_manager_obj'] = auth_obj.as_dict()
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
flash(
gettext('You successfully reset your password but'
' your account is locked. Please contact '
'the Administrator.'), 'warning')
return redirect(get_post_logout_redirect())
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['auth_source_manager'] = auth_obj.as_dict()
return redirect(
get_url(_security.post_reset_view)
or get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
