def _do_registration(form, service=None, send_sms=True, send_email=True): if user_api_client.is_email_unique(form.email_address.data): user = user_api_client.register_user(form.name.data, form.email_address.data, form.mobile_number.data, form.password.data) # TODO possibly there should be some exception handling # for sending sms and email codes. # How do we report to the user there is a problem with # sending codes apart from service unavailable? # at the moment i believe http 500 is fine. if send_email: user_api_client.send_verify_email(user.id, user.email_address) if send_sms: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) session['expiry_date'] = str(datetime.utcnow() + timedelta(hours=1)) session['user_details'] = {"email": user.email_address, "id": user.id} else: if send_email: user = user_api_client.get_user_by_email(form.email_address.data) user_api_client.send_already_registered_email(user.id, user.email_address) session['expiry_date'] = str(datetime.utcnow() + timedelta(hours=1)) session['user_details'] = {"email": user.email_address, "id": user.id}
def new_password(token): from notifications_utils.url_safe_token import check_token try: token_data = check_token( token, current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], current_app.config["TOKEN_MAX_AGE_SECONDS"], ) except SignatureExpired: flash("The link in the email we sent you has expired. Enter your email address to resend.") return redirect(url_for(".forgot_password")) email_address = json.loads(token_data)["email"] user = user_api_client.get_user_by_email(email_address) if user.password_changed_at and datetime.strptime( user.password_changed_at, "%Y-%m-%d %H:%M:%S.%f" ) > datetime.strptime(json.loads(token_data)["created_at"], "%Y-%m-%d %H:%M:%S.%f"): flash("The link in the email has already been used") return redirect(url_for("main.index")) form = NewPasswordForm() if form.validate_on_submit(): user_api_client.send_verify_code(user.id, "sms", user.mobile_number) session["user_details"] = {"id": user.id, "email": user.email_address, "password": form.new_password.data} return redirect(url_for("main.two_factor")) else: return render_template("views/new-password.html", token=token, form=form, user=user)
def check_and_resend_verification_code(): user = user_api_client.get_user_by_email(session['user_details']['email']) user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) if user.state == 'pending': return redirect(url_for('main.verify')) else: return redirect(url_for('main.two_factor'))
def _do_registration(form, send_sms=True, send_email=True, organisation_id=None): if user_api_client.is_email_already_in_use(form.email_address.data): user = user_api_client.get_user_by_email(form.email_address.data) if send_email: user_api_client.send_already_registered_email( user.id, user.email_address) session['expiry_date'] = str(datetime.utcnow() + timedelta(hours=1)) session['user_details'] = {"email": user.email_address, "id": user.id} else: user = user_api_client.register_user(form.name.data, form.email_address.data, form.mobile_number.data or None, form.password.data, form.auth_type.data) if send_email: user_api_client.send_verify_email(user.id, user.email_address) if send_sms: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) session['expiry_date'] = str(datetime.utcnow() + timedelta(hours=1)) session['user_details'] = {"email": user.email_address, "id": user.id} if organisation_id: session['organisation_id'] = organisation_id
def check_and_resend_text_code(): user = user_api_client.get_user_by_email(session['user_details']['email']) if user.state == 'active': # this is a verified user and therefore redirect to page to request resend without edit mobile return render_template('views/verification-not-received.html') form = TextNotReceivedForm(mobile_number=user.mobile_number) if form.validate_on_submit(): user_api_client.send_verify_code(user.id, 'sms', to=form.mobile_number.data) user = user_api_client.update_user_attribute(user.id, mobile_number=form.mobile_number.data) return redirect(url_for('.verify')) return render_template('views/text-not-received.html', form=form)
def check_and_resend_text_code(): user = user_api_client.get_user_by_email(session['user_details']['email']) if user.state == 'active': # this is a verified user and therefore redirect to page to request resend without edit mobile return render_template('views/verification-not-received.html') form = TextNotReceivedForm(mobile_number=user.mobile_number) if form.validate_on_submit(): user_api_client.send_verify_code(user.id, 'sms', to=form.mobile_number.data) user.mobile_number = form.mobile_number.data user_api_client.update_user(user) return redirect(url_for('.verify')) return render_template('views/text-not-received.html', form=form)
def new_password(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) except SignatureExpired: flash( 'The link in the email we sent you has expired. Enter your email address to resend.' ) return redirect(url_for('.forgot_password')) email_address = json.loads(token_data)['email'] user = user_api_client.get_user_by_email(email_address) if user.password_changed_at and datetime.strptime(user.password_changed_at, '%Y-%m-%d %H:%M:%S.%f') > \ datetime.strptime(json.loads(token_data)['created_at'], '%Y-%m-%d %H:%M:%S.%f'): flash('The link in the email has already been used') return redirect(url_for('main.index')) form = NewPasswordForm() if form.validate_on_submit(): user_api_client.reset_failed_login_count(user.id) session['user_details'] = { 'id': user.id, 'email': user.email_address, 'password': form.new_password.data } # TODO: remove this after alpha, when templates are sorted if user.id == NOTIFY_USER_ID: return log_in_user(user.id) if user.auth_type == 'email_auth': # they've just clicked an email link, so have done an email auth journey anyway. Just log them in. return log_in_user(user.id) else: # send user a 2fa sms code user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect(url_for('main.two_factor')) else: return render_template('views/new-password.html', token=token, form=form, user=user)
def resend_email_verification(): user = user_api_client.get_user_by_email(session['user_details']['email']) user_api_client.send_verify_email(user.id, user.email_address) return render_template('views/resend-email-verification.html', email=user.email_address)