def validate(self):
# Remove fields depending on configuration
user_manager = current_app.user_manager
if user_manager.USER_ENABLE_USERNAME:
delattr(self, 'email')
else:
delattr(self, 'username')
# Validate field-validators
if not super(LoginForm, self).validate():
return False
if self.validate_user():
return True
# Handle unsuccessful authentication
# Email, Username or Email/Username depending on settings
if user_manager.USER_ENABLE_USERNAME and user_manager.USER_ENABLE_EMAIL:
username_or_email_field = self.username
username_or_email_text = (_('Username/Email'))
elif user_manager.USER_ENABLE_USERNAME:
username_or_email_field = self.username
username_or_email_text = (_('Username'))
else:
username_or_email_field = self.email
username_or_email_text = (_('Email'))
# Always show 'incorrect username/email or password' error message for additional security
message = _('Incorrect %(username_or_email)s and/or Password',
username_or_email=username_or_email_text)
username_or_email_field.errors.append(message)
self.password.errors.append(message)
return False # Unsuccessful authentication
def confirm_email_view(self, token: str) -> Any:
""" Verify the password reset token, Prompt for new password, and set the
user's password."""
if current_user.is_authenticated:
logout_user()
data_items = self.token_manager.verify_token(
token, self.USER_CONFIRM_EMAIL_EXPIRATION)
user = None
if data_items:
user, user_email = self.db_manager.get_user_and_user_email_by_id(
data_items[0])
if not user or not user_email:
flash(_('Invalid confirmation token.'), 'error')
return redirect(url_for('user.login'))
if user.password != '':
flash(_('Confirmation token has been used and password set.'),
'error')
return redirect(url_for('user.login'))
# Initialize form
form = UserRegisterForm(request.form)
# Process valid POST
if request.method == 'POST' and form.validate():
# Hash password
new_password = form.new_password.data
password_hash = self.hash_password(new_password)
# Update user.password
user_email.password = password_hash
# Set UserEmail.email_confirmed_at
user_email.email_confirmed_at = datetime.utcnow()
# Save user
self.db_manager.save_user_and_user_email(user, user_email)
self.db_manager.commit()
# Send confirmed_email signal
#signals.user_confirmed_email.send(current_app._get_current_object(), user=user)
#signals.user_changed_password.send(current_app._get_current_object(), user=user)
# Flash a system message
flash(_('Your email has been confirmed.'), 'success')
# Auto-login after confirm or redirect to login page
safe_next_url = self._get_safe_next_url(
'next', self.USER_AFTER_CONFIRM_ENDPOINT)
return self._do_login_user(user, safe_next_url) # auto-login
# Process GET or invalid POST
return render_template('login/register_set_password.html', form=form)
class GuestCodeRegisterForm(RegisterForm):
guest_code = StringField(
"Guest Code",
validators=[
validators.DataRequired(_("Guest Code Required")),
validators.Length(
min=6,
max=6,
message=_("Guest Code must be exactly 6 characters")),
guest_code_exists,
],
)
class CustomRegisterForm(RegisterForm):
# Add a country field to the Register form
company = StringField(_('Company'), validators=[DataRequired()])
def password_validator(form, field):
password = list(field.data)
if len(password) < 6:
raise ValidationError(
_("Password must have at least 6 characters"))
class CustomRegisterForm(RegisterForm):
# Add a country field to the Register form
first_name = StringField(_('Vorname'),
validators=[validators.DataRequired()])
last_name = StringField(_('Nachname'),
validators=[validators.DataRequired()])
def guest_code_exists(form, field) -> None:
user_manager = current_app.user_manager
session = user_manager.db.session
guest_code = field.data
if Party.get_by_guest_code(guest_code, session) is None:
raise ValidationError(_("Unknown Guest Code"))