def request_password_reset(request):
"""Emails a user a link to reset their password.
Checks that a teamname was submitted to the function and grabs the relevant team info from the db.
Generates a secure token and inserts it into the team's document as 'passresttoken'.
A link is emailed to the registered email address with the random token in the url. The user can go to this
link to submit a new password, if the token submitted with the new password matches the db token the password
is hashed and updated in the db.
"""
teamname = request.form.get('teamname', None)
if teamname is None or teamname == '':
return {"success": 0, "message": "Teamname cannot be emtpy."}
team = db.teams.find_one({'teamname': teamname})
if team is None:
return {"success": 0, "message": "No registration found for '%s'." % teamname}
teamEmail = team['email']
token = common.sec_token()
db.teams.update({'tid': team['tid']}, {'$set': {'passrestoken': token}})
msgBody = """
We recently received a request to reset the password for the following 'CTF Platform' account:\n\n - %s\n\n
Our records show that this is the email address used to register the above account. If you did not request to reset the password for the above account then you need not take any further steps. If you did request the password reset please follow the link below to set your new password. \n\n https://example.com/passreset#%s \n\n Best of luck! \n\n ~The 'CTF Platform' Team
""" % (teamname, token)
send_email(teamEmail, "'CTF Platform' Password Reset", msgBody)
return {"success": 1, "message": "A password reset link has been sent to the email address provided during registration."}
def request_password_reset(request):
"""Emails a user a link to reset their password.
Checks that a teamname was submitted to the function and grabs the relevant team info from the db.
Generates a secure token and inserts it into the team's document as 'passresttoken'.
A link is emailed to the registered email address with the random token in the url. The user can go to this
link to submit a new password, if the token submitted with the new password matches the db token the password
is hashed and updated in the db.
"""
teamname = request.form.get('teamname', None)
if teamname is None or teamname == '':
return {"success": 0, "message": "用户名不能为空."}
teamname = teamname.encode('utf8').strip()
team = db.teams.find_one({'teamname': teamname})
if team is None:
return {"success": 0, "message": "未找到用户'%s'." % teamname}
teamEmail = team['email']
token = common.sec_token()
db.teams.update({'tid': team['tid']}, {'$set': {'passrestoken': token}})
msgBody = """
We recently received a request to reset the password for the following 'ACTF' account:\n\n - %s\n\n
Our records show that this is the email address used to register the above account. If you did not request to reset the password for the above account then you need not take any further steps. If you did request the password reset please follow the link below to set your new password. \n\n http://%s/passreset#%s \n\n Best of luck! \n\n ~The 'ACTF' Team
""" % (teamname, site_domain, token)
send_email(teamEmail, "'ACTF' Password Reset", msgBody)
return {"success": 1, "message": "密码重设邮件已被发送. 请注意查收."}
def request_password_reset(request):
"""Emails a user a link to reset their password.
Checks that a teamname was submitted to the function and grabs the relevant team info from the db.
Generates a secure token and inserts it into the team's document as 'passresttoken'.
A link is emailed to the registered email address with the random token in the url. The user can go to this
link to submit a new password, if the token submitted with the new password matches the db token the password
is hashed and updated in the db.
"""
teamname = request.form.get('teamname', None)
if teamname is None or teamname == '':
return {"success": 0, "message": "Teamname cannot be emtpy."}
team = db.teams.find_one({'teamname': teamname})
if team is None:
return {
"success": 0,
"message": "No registration found for '%s'." % teamname
}
teamEmail = team['email']
token = common.sec_token()
db.teams.update({'tid': team['tid']}, {'$set': {'passrestoken': token}})
msgBody = """
We recently received a request to reset the password for the following 'CTF Platform' account:\n\n - %s\n\n
Our records show that this is the email address used to register the above account. If you did not request to reset the password for the above account then you need not take any further steps. If you did request the password reset please follow the link below to set your new password. \n\n https://example.com/passreset#%s \n\n Best of luck! \n\n ~The 'CTF Platform' Team
""" % (teamname, token)
send_email(teamEmail, "'CTF Platform' Password Reset", msgBody)
return {
"success":
1,
"message":
"A password reset link has been sent to the email address provided during registration."
}
def prepare_verify_email(team_name, team_email):
"""Prepares for verifying the email address with the team name.
Generates a secure token and inserts it into the team's document as 'emailverifytoken'.
A link is emailed to the registered email address with the random token in the url. The user can go to this
link to verify the email address.
"""
team = db.teams.find_one({'teamname': team_name})
assert(team != None)
token = common.sec_token()
db.teams.update({'tid': team['tid']}, {'$set': {'emailverifytoken': token}})
msg_body = """
We recently received a request of registration for the following 'ACTF' account:\n\n - %s\n\n
Our records show that this is the email address used to register the above account. If you did not request to register with the above account then you need not take any further steps. If you did request the registration please follow the link below to verify your email address. \n\n http://%s/api/verify?token=%s \n\n Best of luck! \n\n ~The 'ACTF' Team
""" % (team_name, site_domain, token)
send_email(team_email, "'ACTF' Email Verify", msg_body)
return
