def resetPass():
if current_user.is_authenticated:
return redirect(url_for("home"))
form = forms.PasswordResetForm(request.form)
if request.method == "POST" and form.validate:
print "RESET PASSWORD "
given_email = form.email.data
user = User.query.filter_by(email=given_email).first()
if user:
send_email(" Reset Password ", "*****@*****.**", given_email,
user)
flash(" Confirmation Link has been sent.")
return render_template("forgot_pass.html", form=form)
def password_reset(token):
if not current_user.is_anonymous():
return redirect(url_for('main.index'))
form = forms.PasswordResetForm()
if form.validate_on_submit():
user = User.user_by_email(form.email.data)
if user is None:
return redirect(url_for('main.index'))
if user.reset_password(token, form.password.data):
flash('Your password has been updated.')
return redirect(url_for('auth.login'))
else:
return redirect(url_for('main.index'))
return render_template('auth/reset_password.html', form=form)
def pw_reset_page():
"""Process a password change request."""
ok_to_change = True
form = forms.PasswordResetForm()
if form.validate_on_submit():
# Make sure the old password is correct.
if login.current_user.ValidatePassword(form.old_password.data):
login.current_user.SetPassword(form.new_password.data)
login.current_user.Persist()
flask.flash('Password Updated.')
return flask.redirect(flask.url_for('.user_profile'))
else:
flask.flash('Invalid Password', 'error')
return flask.render_template('pw_reset.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
form = forms.PasswordResetForm(request.form)
secret_key = app.config['SECRET_KEY']
error = None
id = User.User.verify_reset_password_token(token, secret_key)
if id is None:
error = 'Invalid Token, may be expired.'
return url_for('index', error=error)
if form.validate_on_submit():
username = User.User.find_username_with_id(DATABASE, id)
user = User.User(username)
new_password = form.password.data
re_new_password = form.re_password.data
if new_password != re_new_password:
error = 'Passwords do not match'
return url_for('index', error=error)
if user.reset_password(new_password):
return redirect(url_for('login'))
error = 'New Password cannot be old password'
return url_for('index', error=error)
return render_template('reset_password.html', token=token, form=form)
def x_profile(request):
profile = models.Profile.objects.get(user=request.user)
if profile.email_code != '':
return HttpResponseRedirect(reverse('thankyou'))
plans = models.UserPlan.objects.all().order_by('fee')
user = request.user
form = forms.ProfileForm(initial={
'username': user.username,
'email': user.email,
'first_name': user.first_name,
'last_name': user.last_name
})
password_form = forms.PasswordResetForm()
error = ''
msg = ''
msg_type = ''
if request.method == 'POST':
if request.POST.get('resetpassword'):
old_pw = request.POST.get('old_password')
new_pw = request.POST.get('password')
user = authenticate(request, username=user.username, password=old_pw)
if user is None:
error = 'Password Incorrect'
msg = 'Password Incorrect'
msg_type = 'danger'
else:
user.set_password(new_pw)
user.save()
msg_type = 'success'
msg = 'Password Changed.'
else:
username = request.POST.get('username')
email = request.POST.get('email')
firstname = request.POST.get('first_name')
lastname = request.POST.get('last_name')
user.username = username
user.email = email
user.first_name = firstname
user.last_name = lastname
user.save()
msg_type = 'success'
msg = 'Saved Successfully'
login(request, user)
return render(request, 'profile.html', {
'msg': msg,
'msg_type': msg_type,
'user': request.user,
'form': form,
'plans': plans,
'current_plan': profile.plan,
'password_form': password_form,
'error': error
})
def account_reset(request):
if request.user.is_authenticated():
pass
else:
if request.method == 'GET':
# TODO: Error messages if key is not valid or email is wrong
# Reset password for user who has forgotten it
# Get user from request data
user_email = request.GET.get('user')
# Retrieve user from db
try:
user = User.objects.get(email=user_email)
except User.DoesNotExist:
return redirect('/accounts/forgot/?error=nouser')
# Get reset key from request data
reset_key_input = request.GET.get('key')
# No reset key, throw to login page
if reset_key_input is None:
return redirect('/accounts/forgot/?error=nokey')
# Match reset key
algorithm, iterations, salt, hashed = user.password.split('$', 3)
reset_key = make_password(user.email, salt, algorithm)
algorithm, iterations, salt, reset_key = reset_key.split('$', 3)
reset_key = reset_key[:-1]
# Alternative char for + and /
reset_key = reset_key.replace('+','-').replace('/','_')
# Match keys
if reset_key == reset_key_input:
# Reset keys match, render page for user to reset
# Store reset email in session
request.session['reset_email'] = user_email
form = forms.PasswordResetForm(initial={'email': user_email})
else:
# Key expired!
return redirect('/accounts/forgot/?error=keymismatch')
elif request.method == 'POST':
form = forms.PasswordResetForm(request.POST)
if form.is_valid():
# Perform real resetting of account
# Check if emails from form and session matches
if form.cleaned_data['email'] == request.session['reset_email']:
# Get user
try:
user = User.objects.get(email=request.session['reset_email'])
except User.DoesNotExist:
return redirect('/accounts/forgot/?error=nouser')
# Update password of user in system
user.set_password(form.cleaned_data['password'])
user.save()
# Success, login user and display success page
user = authenticate(username=user.username, password=form.cleaned_data['password'])
login(request, user)
return render(request, 'account/account.reset.success.html')
else:
return redirect('/accounts/forgot/?error=email')
return render(request, 'account/account.reset.form.html', {'form': form})
return send_confirmation_and_redirect(request,
form.cleaned_data['email'],
utils.RESET_TASK)
else:
form = forms.PasswordResetRequestForm()
return eb_render(request, 'accounts/request_password_change_form.html',
{'form': form})
def password_reset(request):
try:
email, email_hash = confirm_request_hash(request, utils.RESET_TASK)
except BadHash, e:
return e.response
if request.method == 'POST':
form = forms.PasswordResetForm(request.POST)
if form.is_valid():
try:
user = User.objects.get(is_active=True, email=email.lower())
except User.DoesNotExist:
# If we reach this point, then somebody managed to submit a
# hash for a user that's not registered yet.
raise http.Http404()
User.objects.set_password(user.id, form.cleaned_data['password1'])
request.session[
'login_message'] = 'Your password was changed successfully. Give it a shot by logging in below:'
return http.HttpResponseRedirect('/accounts/login/')
else:
form = forms.PasswordResetForm(initial={'e': email, 'h': email_hash})
return eb_render(request, 'accounts/password_change_form.html',
{'form': form})
