Exemplo n.º 1
0
    def Get(self, data):

        data["resetcode"] = resetcode.as_long(data["code"])
        print data["resetcode"]
        self.execute(
            """SELECT *
                        FROM resetcodes
                        WHERE code = %(resetcode)s
                            AND user_email = %(email)s
                            AND expires > NOW()""",
            data,
        )
        if self.rowcount() != 1:
            print data
            error("404 reset code not found")

        self.execute(
            """SELECT user_username, user_id
                        FROM users
                        WHERE user_email = %(email)s""",
            data,
        )
        row = self.fetchone()
        if row is None:
            error("404 Email not found or bad code")
        # could give them a session token at this point, but let's make them choose a new password first
        return JSON(row)
Exemplo n.º 2
0
    def Post(self, data):
        row = None
        if data["code"] is None:
            self.execute(
                """SELECT user_password
                            FROM users
                            WHERE user_id = %(user_id)s""",
                data,
            )
            if self.rowcount() != 1:
                error("401 Incorrect user_id")
            row = self.fetchone()
            checkPassword(row["user_password"], data["oldpassword"])

        if data["oldpassword"] is None:
            data["resetcode"] = resetcode.as_long(data["code"])
            self.execute(
                """SELECT COUNT(*)
                            FROM resetcodes
                            WHERE user_id = %(user_id)s
                            AND code = %(resetcode)s
                            AND expires > NOW()""",
                data,
            )
            if self.rowcount() != 1:
                error("401 Reset code expired")
            row = self.fetchone()

            self.execute(
                """DELETE
                            FROM resetcodes
                            WHERE user_id = %(user_id)s""",
                data,
            )
            if self.rowcount() != 1:
                error("500 can't remove reset code!?")

        if row is None:
            error("401 need password or reset code!")

        # new password?
        if data["password"] is not None:
            data["hashed"] = bcrypt.hashpw(data["password"], bcrypt.gensalt(12))
        else:
            data["hashed"] = row["user_password"]  # no, keep the old one

        # update user record with new details
        self.execute(
            """UPDATE users
                        SET user_email = %(email)s,
                            user_password = %(hashed)s,
                            user_username = %(username)s
                        WHERE user_id = %(user_id)s""",
            data,
        )
        if self.rowcount() == 1:
            email(data["username"], data["email"], details_changed_template, data)

        return JSON(
            {
                "changed": self.rowcount() == 1,
                "token": create_token({"user_id": data["user_id"]}),
                "user_id": data["user_id"],
                "user_username": data["username"],
                "user_email": data["email"],
            }
        )