def update_user_info(userID): try: cur = mysql.connection.cursor() first_name = request.get_json()['first_name'] last_name = request.get_json()['last_name'] email = request.get_json()['email'] password = bcrypt.generate_password_hash( request.get_json()['password']).decode('utf-8') username = request.get_json()['username'] cur.execute("UPDATE heroku_012605fb848c7a7.users SET first_name = '" + str(first_name) + "',last_name = '" + str(last_name) + "',email = '" + str(email) + "',password = '******',username = '******'WHERE id = " + str(userID) + ";") mysql.connection.commit() updated = { 'first_name': first_name, 'last_name': last_name, 'email': email, 'password': password, 'username': username } post_log('PUT /users/<int:userID>') return Response(json.dumps({ "updated": updated, "code": 201 }), mimetype='application/json') except Exception as e: print(e) return { "Error": "Unable to update this user.", "error message": str(e) }
def reset_password(user_id, token): if request.method == 'GET': return render_template('reset.html', user_id=user_id, token=token) else: cur_id = request.form['user_id'] try: email = safe.loads(token, salt='email-confirm', max_age=PASSWORD_TOKEN_EXPIRED) print(email) user = User.query.filter_by(email=email).first() if user == None or user.verified != True: flash('You are not a user !', 'danger') return redirect(url_for('login')) new_password = request.form['newPassword'] confirm_password = request.form['confirmPassword'] if new_password != confirm_password: flash('Confirm Password doesn\'t match', 'danger') redirect(url_for('reset_password', user_id=cur_id, token=token)) hashed_password = bcrypt.generate_password_hash( new_password).decode('utf-8') user.password = hashed_password db.session.commit() except SignatureExpired: flash('token expired!', 'danger') return redirect(url_for('login')) return redirect(url_for('login'))
def reset_password(): try: cur = mysql.connection.cursor() email = request.get_json()['email'] if '@' not in email: return {"Error": "Not a valid email"} password = request.get_json()['password'] confirmed_password = request.get_json()['confirmed_password'] input_reset_key = request.get_json()['reset_key'] cur.execute( "SELECT password_reset_key FROM heroku_012605fb848c7a7.users WHERE email = %(email)s", {'email': email}) raw_reset_key_in_DB = str(cur.fetchone()) mod_reset_key_in_DB = raw_reset_key_in_DB chars_to_delete = "(',)" for character in chars_to_delete: mod_reset_key_in_DB = mod_reset_key_in_DB.replace(character, "") encrypted_password = bcrypt.generate_password_hash(password).decode( 'utf-8') if (mod_reset_key_in_DB == input_reset_key): if (password == confirmed_password): cur.execute( "UPDATE heroku_012605fb848c7a7.users SET password_reset_key = NULL;" ) cur.execute( "UPDATE heroku_012605fb848c7a7.users SET password = '******' WHERE email = %(email)s", {'email': email}) #cur.execute("UPDATE heroku_012605fb848c7a7.users SET password = '******' WHERE (email = '"+str(email)+"');") mysql.connection.commit() post_log('POST /reset-password') return {"Allow": "yes"} else: return { "Error": "Passwords do not match!", "Allow": "No", "Password": password, "Conf Pass": confirmed_password } else: return { "Error": str(mod_reset_key_in_DB) + "/" + str(input_reset_key) + "/" + str(encrypted_password) } except Exception as e: return {"Error": str(e), "Allow": "no"}
def register(): form = RegisterationForm() if form.validate_on_submit(): already_user = User.query.filter_by(email=form.username.data).first() if already_user: flash('That user was taken. Please choose a different one!', 'danger') else: hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user = User(email=form.username.data, password=hashed_password) db.session.add(user) db.session.commit() flash(f'Account created for {form.username.data}!', 'success') return redirect(url_for('home')) return render_template('register.html', title='Register', form=form)
def change_password(): cur_id = request.form['clientID'] user = User.query.filter_by(id=cur_id).first() cur_password = request.form['curPassword'] new_password = request.form['newPassword'] confirm_password = request.form['confirmPassword'] if new_password != confirm_password: flash('Confirm Password doesn\'t match', 'danger') if bcrypt.check_password_hash(user.password, cur_password): hashed_password = bcrypt.generate_password_hash(new_password).decode( 'utf-8') user.password = hashed_password db.session.commit() else: flash('Wrong Password!', 'danger') return redirect(url_for('client_detail_page'))
def create_user(): try: cur = mysql.connection.cursor() first_name = request.get_json()['first_name'] last_name = request.get_json()['last_name'] email = request.get_json()['email'] username = request.get_json()['username'] cur.execute( "SELECT email FROM heroku_012605fb848c7a7.users WHERE email = %(email)s", {'email': email}) emailFound = cur.fetchone() cur.execute( "SELECT email FROM heroku_012605fb848c7a7.users WHERE username = %(username)s", {'username': username}) usernameFound = cur.fetchone() if '@' not in email: return {"Error": "Not a valid email"} if (emailFound or usernameFound): post_log('POST /users FAILED') return {"Error": "Can't add already existing email or username"} else: password = bcrypt.generate_password_hash( request.get_json()['password']).decode('utf-8') cur.execute( "INSERT INTO heroku_012605fb848c7a7.accounts_in_limbo (first_name, last_name, email, password, username) VALUES ('" + first_name + "', '" + last_name + "', '" + email + "', '" + password + "', '" + username + "');") mysql.connection.commit() port = 465 # For SSL smtp_server = "smtp.gmail.com" sender = "*****@*****.**" Email_Password = "******" conf_key = randomPassword() ##START cur.execute( "UPDATE heroku_012605fb848c7a7.accounts_in_limbo SET confirmation_key = '" + conf_key + "' WHERE email = %(email)s", {'email': email}) mysql.connection.commit() #necessary for data modification message = MIMEMultipart("alternative") message["subject"] = "Finish Registering for BITEBODY.XYZ" message["From"] = sender message["To"] = email html = """\ <html> <body> <p>Thank you for signing up for a BITEBODY account! <br> <a href="https://www.bitebody.xyz/finalize-registration">CLICK RIGHT HERE </a> to complete your account registration! Your registration code is:<b>{conf_key}</b> <br /> Make sure to enter it when prompted. </p> </body> </html> """.format(conf_key=conf_key) # Turn these into plain/html MIMEText objects #part1 = MIMEText(text, "plain") part2 = MIMEText(html, "html") # Add HTML/plain-text parts to MIMEMultipart message # The email client will try to render the last part first #message.attach(part1) message.attach(part2) # Create a secure SSL context context = ssl.create_default_context() with smtplib.SMTP_SSL(smtp_server, port, context=context) as server: server.login(sender, Email_Password) server.sendmail(sender, email, message.as_string()) # TODO: Send email here ##END # cur.execute("INSERT INTO heroku_012605fb848c7a7.users (first_name, last_name, email, password, username) VALUES ('" # + first_name + "', '" # + last_name + "', '" # + email + "', '" # + password + "', '" # + username + "');") # mysql.connection.commit() posted = { 'first_name': first_name, 'last_name': last_name, 'email': email, 'password': password, 'username': username } post_log('POST /users') return Response(json.dumps({ "posted": posted, "code": 201 }), mimetype='application/json') except Exception as e: print(e) return {"Error": "Unable to create this user.", "ErrorMessage": str(e)}
def set_password(self, password_hash): self.password_hash = bcrypt.generate_password_hash(password_hash)
def hash_password(mapper, connection, target): from manage import bcrypt target.password = bcrypt.generate_password_hash( target.password).decode('utf-8')