def reset_password(self, request, token):
"""
Allows user to choose new password, if token provided is correct.
:param request: The request is passed through so we can access the form
contained inside it.
:param token: Token sent to user by email on the reset_password_via_email function.
:return: A view of the login page.
"""
reset_password_form = ResetPasswordWithEmailForm(request.form)
message = verify_token(
secret_key=current_app.config["SECRET_KEY"],
expiration=current_app.config["EMAIL_CONFIRMATION_EXPIRATION"],
token=token)
try:
(k_number, scheme_id) = message.split(
current_app.config["MESSAGE_SEPARATION_TOKEN"])
if not self._student_handler.user_exist(scheme_id, k_number):
flash("Invalid link")
return redirect("/forgot-my-password")
if request.method == "POST":
if reset_password_form.validate_on_submit():
new_password = reset_password_form.password.data
new_hashed_password = generate_password_hash(new_password)
self._student_handler.update_hash_password(
scheme_id, k_number, new_hashed_password)
flash("Password updated successfully")
return redirect("/login")
except Exception as e:
raise abort(500)
return render_template("reset_password.html",
reset_password_form=reset_password_form)
def signup_token(self, request, token):
"""
Parses a token to extract a scheme ID for the user to register to.
Made this way so users aren't able to directly manipulate the sign up
page through the URL.
:param request: The request is passed through so we can access the form
contained inside it.
:param token: Token represents a scheme_id that can be decrypted.
:return: A view of the signup page with scheme options limited to the
scheme id gotten from the token.
"""
scheme_id = verify_token(secret_key=current_app.config["SECRET_KEY"],
token=token,
expiration=1337331)
return self.signup(request, scheme_id=scheme_id)
def confirm_email(self, token):
"""
Activates users account on database, based on token sent by email.
:param token: Token sent to user by email, used to identify himself.
:return: A view of the login page showing the user that he was able
to activate his/her account.
"""
try:
message = verify_token(
secret_key=current_app.config["SECRET_KEY"],
expiration=current_app.config["EMAIL_CONFIRMATION_EXPIRATION"],
token=token)
except Exception as e:
self._log.exception("Could not verify token")
raise abort(403)
try:
if message:
# split message using token set in config
(k_number, scheme_id) = message.split(
current_app.config["MESSAGE_SEPARATION_TOKEN"])
user = Student(k_number=k_number, scheme_id=scheme_id)
if user.email_confirmed:
flash("Account already active.")
else:
user.activate()
flash("Account successfully activated.")
else:
flash("The token verification has failed")
except Exception as e:
self._log.exception("Could not activate account")
raise abort(500)
return redirect("/login")
def test_largetoken():
temp = auth_token.generate_token('12341245325', 'K123442343245124')
assert 'K123442343245124' == auth_token.verify_token('12341245325', temp)
def test_token():
temp = auth_token.generate_token('1234', 'K1234')
assert 'K1234' == auth_token.verify_token('1234', temp)