def update_password(itsid):
password_details = Password.query.get_or_404(itsid)
if password_details.user != current_user:
abort(403)
form = PasswordForm()
if form.validate_on_submit():
message = form.password.data # Users real password
message = message.encode('latin-1') # processed
encrypted_text = CIPHER.encrypt(message) # Got the value
encrypted_text = encrypted_text.decode()
password_details.site = form.site.data
password_details.password = encrypted_text
password_details.hint = form.hint.data
db.session.commit()
flash("Password Updated Successfully!", 'success')
return redirect(url_for('passwords'))
elif request.method == "GET":
form.site.data = password_details.site
form.hint.data = password_details.hint
return render_template("create_passwords.html",
title='Update Password',
form=form,
legend='Update')
def activate(key, token):
"""Activate Method."""
try:
element = User.objects.filter(deleted=False, id=key,
code=token).first()
except Exception:
flash("Usuario no Existe", "error")
return redirect(url_for("index"))
if element.state == 'confirmed':
flash(u"Contraseña Actualizada Anteriormente", "info")
return redirect(url_for('auth.login'))
if element.state == "email_reset":
element.state = "confirmed"
element.save()
flash(u"Correo Actualizado", "success")
return redirect(url_for('auth.login'))
form = PasswordForm(request.form, element)
if request.method == 'GET':
return render_template("auth/password.html", form=form)
if form.validate_on_submit():
state = element.state
password = form.password.data
element.password = password
element.generate_password()
element.state = "confirmed"
element.save()
flash(u"Contraseña Actualizada", "success")
if state == 'confirm':
flash(u"Cuenta Activada", "info")
return redirect(url_for('auth.login'))
return render_template("auth/password.html", form=form)
def changepswd(request):
if(islogin(request)==False):
return HttpResponseRedirect("/")
emailid = request.session.get("email",None)
name = request.session.get("name",None)
if request.method =="POST":
form = PasswordForm(request.POST)
if form.is_valid():
try:
user = RegisteredUsers.objects.get(email=emailid)
user.pswd = form.cleaned_data["new_pswd"]
user.save()
c= {}
c.update(csrf(request))
c.update({"emailid":emailid,"user":name})
c.update({"updated":True})
return render_to_response("changepswd.html",c)
except:
return HttpResponse("Error in Connection with Database , Try again ")
else:
c={}
c.update(csrf(request))
c.update({"passwordform":form})
c.update({"emailid":emailid,"user":name})
#return HttpResponse(str(vars(form)))
return render_to_response("changepswd.html",c)
c={}
c.update(csrf(request))
c.update({"emailid":emailid})
return render_to_response("changepswd.html",c)
def password(request):
"""
View that changes the password on the LDAP server.
"""
member = retrieve_member(request)
if request.method == 'POST':
form = PasswordForm(request.POST, request=request)
if form.is_valid():
new_password = form.cleaned_data['password1']
# change the password for the Wifi
member.set('sambaLMPassword', smbpasswd.lmhash(new_password))
member.set('sambaNTPassword', smbpasswd.nthash(new_password))
member.save()
# change the LDAP password
member.change_password(new_password)
key = store_ldap_password(request, new_password)
request.session.save()
new_form = PasswordForm()
response = render(request, 'password.html',
{'message': _('Your password was changed. Thank you!'),
'form': new_form, 'member': member.to_dict()})
response.set_cookie('sessionkey', key)
return response
else:
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
else:
form = PasswordForm()
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
def change_password(user_id):
form = PasswordForm()
cursor = g.db.execute('SELECT * FROM user WHERE id=? ', [user_id])
res = cursor.fetchone()
if res is None:
return render_template('404.html') # 没有改用户 404
if int(session.get('user_id')) == int(user_id):
if request.method == 'POST' and form.validate_on_submit():
old_password = request.form.get('old_password')
new_password = request.form.get('new_password')
new_password_repeat = request.form.get('new_password_repeat')
if new_password != new_password_repeat:
flash(
message=
'Please enter the same password in both new password fields.'
)
return render_template('change_password.html', form=form)
if md5_user_psw(res[1], old_password) == res[2]: # 密码正确
g.db.execute('UPDATE user SET pass_hash=? WHERE id=?',
[md5_user_psw(res[1], new_password), user_id])
return redirect(
url_for('user_profile', user_id=session['user_id']))
else:
flash(message='Password error')
return render_template('change_password.html', form=form)
else:
return render_template('change_password.html', form=form)
def changePassword():
form = PasswordForm()
if session['type'] == 'Student' or session['type'] == 'Faculty':
if form.validate_on_submit():
with sql.connect('courseSystem.db') as db:
c = db.cursor()
if session['type'] == 'Student':
find_users = """SELECT * FROM Student S WHERE S.email = ?"""
else:
find_users = """SELECT * FROM Professor P WHERE P.email = ?"""
c.execute(find_users, (session['user'], ))
results = c.fetchall()
if results and checkpw(str.encode(form.password.data), results[0][1]) and\
(form.newPassword.data == form.confirm.data):
if session['type'] == 'Student':
changePassword = """UPDATE Student
SET password=?
WHERE email=?"""
else:
changePassword = """UPDATE Professor
SET password=?
WHERE email=?"""
print(form.newPassword.data)
c.execute(changePassword,
(hashpw(str.encode(form.newPassword.data),
gensalt(4)), session['user']))
db.commit()
c.close()
return redirect(url_for('userhome'))
return render_template('changePassword.html', form=form)
elif session['type'] == 'Admin':
return render_template('changePassword.html')
else:
return render_template('home.html')
def change_pass():
form = PasswordForm()
if form.validate_on_submit():
flash(f'Your password was updated successfully.', 'success')
return redirect(url_for('user.home'))
return render_template('user-change-pass.html', form=form)
def reset_with_token(token):
""" Resets a user's password, verifying that their token is correct, and
then encrypting their new password and logging them in. """
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
#get form data
form = PasswordForm()
if form.validate_on_submit():
user = model.User.query.filter_by(email=email).first_or_404()
password = form.password.data
# securely store password
password_hash = pbkdf2_sha256.encrypt(password,
rounds=200000,
salt_size=16)
user.password = password_hash
model.db.session.add(user)
model.db.session.commit()
# login user
login_user(user)
return redirect("/")
else:
return render_template("/reset_with_token.html",
form=form,
token=token)
def process_password_reset_token(token):
try:
password_reset_serializer = URLSafeTimedSerializer(
current_app.config['SECRET_KEY'])
email = password_reset_serializer.loads(token,
salt='password-reset-salt',
max_age=3600)
except BadSignature as e:
flash('The password reset link is invalid or has expired.', 'danger')
return redirect(url_for('users.login'))
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
if user is None:
flash('Invalid email address!', 'danger')
return redirect(url_for('users.login'))
user.set_password(form.password.data)
database.session.add(user)
database.session.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('users.login'))
return render_template('users/reset_password_with_token.html', form=form)
def password_reset(payload=None):
client=currentSession()
form = PasswordForm(request.form)
if request.method == 'POST':
decrypted = ""
reset_id = form["reset_id"].data
if not form.validate():
return render_template('passwordreset.html', form=form, client=client, msg=None, decrypted=decrypted)
else:
# update password
if reset_id:
client.user = client.getUserById(reset_id)
client.user.set_password(form.password.data)
database.db_session.add(client.user)
database.db_session.commit()
client.saveSession()
msg = "password has been changed. please login again."
else:
msg = "user not found."
return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted)
else:
msg = None
e = Crypto()
decrypted = e.decrypt(payload, True)
if utilities.validate_uuid4(decrypted) == False:
# timestamp has expired.
msg = decrypted
return render_template('passwordreset.html', form=form, client=client, msg=msg, decrypted=decrypted)
def changepswd(request):
if (islogin(request) == False):
return HttpResponseRedirect("/")
emailid = request.session.get("email", None)
name = request.session.get("name", None)
if request.method == "POST":
form = PasswordForm(request.POST)
if form.is_valid():
try:
user = RegisteredUsers.objects.get(email=emailid)
user.pswd = form.cleaned_data["new_pswd"]
user.save()
c = {}
c.update(csrf(request))
c.update({"emailid": emailid, "user": name})
c.update({"updated": True})
return render_to_response("changepswd.html", c)
except:
return HttpResponse(
"Error in Connection with Database , Try again ")
else:
c = {}
c.update(csrf(request))
c.update({"passwordform": form})
c.update({"emailid": emailid, "user": name})
#return HttpResponse(str(vars(form)))
return render_to_response("changepswd.html", c)
c = {}
c.update(csrf(request))
c.update({"emailid": emailid})
return render_to_response("changepswd.html", c)
def password(user_id):
user = User.query.get(user_id)
if not user or (current_user != user):
return redirect(url_for('Common.index'))
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
old_password = form.old_password.data
new_password = form.new_password.data
confirm_password = form.confirm_password.data
old_password = hashlib.md5(old_password).hexdigest()
if old_password != user.password:
flash('旧密码错误', 'error')
elif new_password != confirm_password:
flash('密码不一致', 'error')
else:
new_password = hashlib.md5(new_password).hexdigest()
user.password = new_password
user.save()
flash('修改密码成功', 'success')
else:
flash('请按格式填写表单', 'error')
return render_template('user/password.html', user=user, form=form)
def login3():
if 'pno' not in session.keys():
flash('enter pno first')
return redirect(url_for('login'))
for key in ['firstname', 'lastname']:
if key not in session.keys():
flash('enter name first')
return redirect(url_for('login2'))
form = PasswordForm()
if form.validate_on_submit():
password = form.password.data
pno = session['pno']
firstname = session['firstname']
lastname = session['lastname']
user = User.get_by_pno(pno)
user.firstname = firstname
user.lastname = lastname
user.password = password
db.session.add(user)
db.session.commit()
login_user(user)
remove_ban(request_obj=request.remote_addr)
return redirect(url_for('index'))
return render_template('login.html', form=form)
def login():
form = PasswordForm()
if form.validate_on_submit():
session.clear()
session['admin_logged'] = True
return redirect(url_for('admin.home'))
return render_template('admin/login.html', form=form)
def makePasswordQRcode():
form = PasswordForm()
if form.validate_on_submit():
s = str(form.password.data)
QR = pyqrcode.create(s)
myfile = os.path.join(app.static_folder, "QR.png")
QR.png(myfile, scale=5)
return redirect(url_for('QRcodedisplay'))
return render_template('makePasswordQRcode.html', title='Maker', form=form)
def setPassword():
form = PasswordForm(request.form)
if request.method == "POST" and form.validate():
hashedpwd = hashpw(form.pwd.data, gensalt(log_rounds=13))
current_user.update(set__pwd=hashedpwd)
current_user.save()
flash("Password was changed successfully")
return redirect('/settings')
return render_template("newpassword.html", form=form, upform=UploadForm())
def password():
form = PasswordForm()
if form.validate_on_submit():
form.populate_obj(user)
user.password = form.new_password.data
db.session.commit()
flash('Password updated.', 'success')
return render_template('user/password.html', form=form)
def password():
form = PasswordForm()
if form.validate_on_submit():
form.populate_obj(user)
user.password = form.new_password.data
db.session.commit()
flash('Password updated.', 'success')
return render_template('user/password.html', form=form)
def password():
form = PasswordForm()
if request.method == 'POST':
if form.validate():
session['admin'] = 1
return redirect(url_for('rsvp'))
else:
#session.pop('admin', None)
#return redirect(url_for('index'))
return redirect(url_for('logout'))
return render_template('password.html', form=form)
def edit():
user = current_user
form = PasswordForm()
if request.method == 'POST' and form.validate():
user.password = form.password.data
db_session.add(user)
db_session.commit()
flash('Password updated successfully!')
return redirect('/')
return render_template('edit_user.html', form=form)
def password():
form = PasswordForm()
if form.validate_on_submit():
if not current_user.check_password(form.current_password.data):
flash('Current Password wrong', 'danger')
return redirect(url_for('password.password'))
current_user.set_password(form.new_password.data)
current_user.save()
commit()
logout_user()
flash('Password change successful. Please login again', 'success')
return redirect(url_for('login.login'))
return render_template('password.html', form=form)
def user_password_change():
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
user = current_user
user.password = generate_password_hash(form.password.data,
method='sha256')
db.session.add(user)
db.session.commit()
flash("Password changed !", "INFO")
return redirect(url_for('account'))
return render_template('new-password.html', form=form)
def password(request, user_id):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects.get(id=user_id)
user.set_password(request.POST['password'])
user.save()
return redirect('/')
else:
form = PasswordForm()
user = User.objects.get(id=user_id)
return render(request, 'form.html', {'form': form, 'user': user})
def changePassword(request):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = request.user
user.set_password(request.POST.get('password'))
return HttpResponseRedirect('/profile')
else:
form = PasswordForm()
return render(request, 'change_password.html', context={
'form': form,
})
def login(request):
password_form = PasswordForm()
if request.method == "POST":
password_form = PasswordForm(request.POST)
if password_form.is_valid() and password_form.cleaned_data['password'] == settings.SITE_PASSWORD:
response = HttpResponseRedirect('/')
response.set_cookie('password', value=password_form.cleaned_data['password'], max_age=60*60*24*60) # 60 days
return response
context = {
'password_form': password_form
, 'hide_sidebar': True
}
return HttpResponse(loader.get_template("login.html").render(RequestContext(request,context)))
def change_password(username):
"""Change/Update password"""
form = PasswordForm(request.form)
if request.method == 'GET':
return render_template("password.html")
if request.method == 'POST' and form.validate():
current_user = User.query.filter(User.user_id == session['id']).first()
current_user.password = form.password.data
picture = current_user.picture
db.session.commit()
return render_template('password.html', form=form)
def change_password(username):
"""Change/Update password"""
form = PasswordForm(request.form)
if request.method =='GET':
return render_template("password.html")
if request.method == 'POST' and form.validate():
current_user = User.query.filter(User.user_id==session['id']).first()
current_user.password = form.password.data
picture = current_user.picture
db.session.commit()
return render_template('password.html', form=form)
def index():
form = PasswordForm()
if form.validate_on_submit():
print(form.password.data)
if form.password.data == "password":
return redirect(url_for("home"))
else:
message = "wrong password"
return render_template("password.html", form=form, message=message)
return render_template("password.html", form=form)
def reset_with_token(token):
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = mongo_db.users.User.find_one({'email' : email})
user.password = generate_password_hash(form.password.data)
user.save()
return redirect(url_for('login'))
return render_template('reset_with_token.html', form=form, token=token)
def intern_profile():
"""Profile page with ability to change password"""
form = PasswordForm()
# Form submitted?
if form.validate_on_submit():
# Fetch current user's data
user_data = User.query.filter_by(id = g.user.id).first()
# Check if old password was correct
if check_password_hash(user_data.password, form.password.data):
# Generate new password
user_data.password = generate_password_hash(form.newpassword.data)
# Done, commit to database
db.session.commit()
flash('Password changed!')
return redirect(url_for('intern_profile'))
return render_template('intern/profile.html', form = form)
def password():
form = PasswordForm()
errors = []
if request.method == "POST":
password = form.newPassword.data
confirmPassword = form.confirmPassword.data
email = session["email"]
if not funcs.lengthCheck(password, MIN_LENGTH):
errors.append(PASSWORD_MESSAGES["length"])
if not funcs.lowerCheck(password, MIN_LOWER):
errors.append(PASSWORD_MESSAGES["lower"])
if not funcs.upperCheck(password, MIN_UPPER):
errors.append(PASSWORD_MESSAGES["upper"])
if not funcs.numCheck(password, MIN_NUM):
errors.append(PASSWORD_MESSAGES["num"])
if not funcs.symbolCheck(password, MIN_SYMBOL):
errors.append(PASSWORD_MESSAGES["symbol"])
if not funcs.newCheck(password, email):
errors.append(PASSWORD_MESSAGES["new"])
if not funcs.sameCheck(password, confirmPassword):
errors.append(PASSWORD_MESSAGES["same"])
if len(errors) == 0:
#assign password to user in DB
funcs.addPassword(password, email)
#remove the 'email' session variable since we
#can use the UserID to identify the user now.
session.pop("email", default=None)
session["user"] = funcs.getID(email)
return redirect(url_for("index"))
return render_template("password.html",
form=form, errors=errors, msgDict=PASSWORD_MESSAGES)
def view_password():
user_name = session.get('user_name')
if not user_name:
flash('Unauthorized access!', 'danger')
return redirect(url_for('view_index'))
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(name=user_name).first()
if user.verify_password(form.current_password.data):
user.set_password(form.new_password.data)
db.session.commit()
flash('Password update successful!', 'success')
return redirect(url_for('view_home'))
else:
flash('Incorrect password!', 'warning')
return render_template('password.html', form=form)
def edit_password(request, pw_pk=None):
new = False
password = get_object_or_404(Password, pk=pw_pk)
ldap_groups = get_ldap_groups(request.user.username)
ldap_groups_choices = [(lg, lg) for lg in ldap_groups]
if request.method == 'POST':
form = PasswordForm(request.POST, instance=password,
ldap_groups_choices=ldap_groups_choices)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("index"))
elif request.method == 'GET':
form = PasswordForm(instance=password,
ldap_groups_choices=ldap_groups_choices)
return direct_to_template(request, 'edit_password.html', {'form': form, 'ldapGroups': LdapGroup.objects.all(), 'new': new})
def change_password(type, id):
if type == "Student":
user = Student.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Student', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Student', id=id))
return render_template('student_password.html', form=form)
elif type == "Professor":
user = Professor.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Professor', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Professor', id=id))
return render_template('prof_password.html', form=form)
elif type == "Administrator":
user = Administrator.query.get(id)
# if user.is_authenticated:
# return redirect(url_for('index', type="Student", id=id))
form = PasswordForm()
if form.validate_on_submit():
if user is None or not password_manager.verify_password(
form.password.data, user.password):
flash('Invalid password')
return redirect(
url_for('change_password', type='Administrator', id=id))
user.password = password_manager.hash_password(form.np.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('index', type='Administrator', id=id))
return render_template('admin_password.html', form=form)
else:
return render_template('error.html')
def password(request, user_id):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects.get(id=user_id)
user.set_password(request.POST['password'])
user.save()
# 記錄系統事件
if is_event_open(request) :
log = Log(user_id=request.user.id, event=u'修改<'+user.first_name+u'>密碼成功')
log.save()
return redirect('homepage')
else:
form = PasswordForm()
user = User.objects.get(id=user_id)
return render_to_response('account/password.html',{'form': form, 'user':user}, context_instance=RequestContext(request))
def settings(request):
tf = timezone_form(request)
if request.method == 'POST':
if 'password' == request.POST.get('action'):
pf = PasswordForm(request.POST)
if pf.is_valid():
ok = request.user.check_password(
pf.cleaned_data['old_password'])
if ok:
request.user.set_password(
pf.cleaned_data['new_password'])
messages.success(request, 'Password was changed.')
return redirect(request.path)
else:
pf.add_error('old_password', 'Wrong old password')
elif 'tz' == request.POST.get('action'):
pf = PasswordForm()
if tf.is_valid():
tz = tf.save()
messages.success(request,
'Timezone set to {}'.format(tz.timezone))
return redirect(request.path)
else:
pf = PasswordForm()
else:
pf = PasswordForm()
return render(request, 'settings.html', {'password_form': pf,
'tz_form': tf})
def password(request, template_name='django_yubico/password.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"""
Displays the password form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name,
settings.LOGIN_REDIRECT_URL)
for key in SESSION_KEYS:
# Make sure all the required session keys are present
value = request.session.get(key, None)
if value is None:
return HttpResponseRedirect(reverse('yubico_django_login'))
user_id = request.session[YUBIKEY_SESSION_USER_ID]
auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND]
user = User.objects.get(pk=user_id)
user.backend = auth_backend
if request.method == 'POST':
form = PasswordForm(request.POST, user=user)
if form.is_valid():
auth_login(request=request, user=user)
reset_user_session(session=request.session)
return HttpResponseRedirect(redirect_to)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \
YUBIKEY_PASSWORD_ATTEMPTS:
# Maximum number of attemps has been reached. Require user to
# start from scratch.
reset_user_session(session=request.session)
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user=user)
dictionary = {'form': form, redirect_field_name: redirect_to}
return render_to_response(template_name, dictionary,
context_instance=RequestContext(request))
def auth(username):
""" Log in """
if 'username' in session and session['username'] == username:
return redirect(url_for('home')+username+'/edit')
else:
person = PeopleModel.get_by_key_name(username.lower())
if person:
form = PasswordForm()
if form.validate_on_submit():
if check_password_hash(person.password, form.password.data):
session['username'] = username
return redirect(url_for('home')+username+'/edit')
else:
flash(u'Das eingegebene Passwort war leider Falsch. Probier es noch einmal')
return redirect(url_for('home')+username+'/auth')
return render_template('auth.html', name=username, form=form)
else:
abort(404)
def user_password(request, user_id, response_format='html'):
"User change password form"
profile = get_object_or_404(User, pk=user_id)
if request.POST:
if 'cancel' not in request.POST:
form = PasswordForm(profile.user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id]))
else:
return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id]))
else:
form = PasswordForm(profile.user)
return render_to_response('core/administration/user_password',
{'profile': profile, 'form': form},
context_instance=RequestContext(request), response_format=response_format)
def reset_with_token(token):
try:
email = security.ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first_or_404()
user.pwdhash = form.password.data
user.set_password(user.pwdhash)
db.session.add(user)
db.session.commit()
return redirect(url_for('signin'))
return render_template('reset_with_token.html', form=form, token=token)
def reset_password():
if request.method == "POST":
form = PasswordForm(request.form)
if form.validate():
ul = serv.login(g.user['email'],form.oldpassword.data)
if ul:
ul.reset_password(form.newpassword.data)
try:
g.db.flush()
g.db.commit()
success = u"重设密码成功"
except Exception, e:
g.db.rollback()
log.error(e.message)
errors = [u"未知异常"]
else:
errors = [u"登陆密码输入不正确"]
else:
errors = [v[0] for k, v in form.errors.iteritems()]
def password(request, template_name='django_yubico/password.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"""
Displays the password form and handles the login action.
"""
redirect_to = settings.LOGIN_REDIRECT_URL
for key in SESSION_KEYS:
# Make sure all the required session keys are present
value = request.session.get(key, None)
if value is None:
return HttpResponseRedirect(reverse('yubico_django_login'))
user_id = request.session[YUBIKEY_SESSION_USER_ID]
auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND]
user = User.objects.get(pk=user_id)
user.backend = auth_backend
if request.method == 'POST':
form = PasswordForm(request.POST, user=user)
if form.is_valid():
auth_login(request=request, user=user)
reset_user_session(session=request.session)
return HttpResponseRedirect(redirect_to)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \
YUBIKEY_PASSWORD_ATTEMPTS:
# Maximum number of attemps has been reached. Require user to
# start from scratch.
reset_user_session(session=request.session)
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user=user)
dictionary = {'form': form, redirect_field_name: redirect_to}
return render_to_response(template_name, dictionary,
context_instance=RequestContext(request))
def reset_password():
if request.method == "POST":
form = PasswordForm(request.form)
if form.validate():
ul = serv.login(g.user['email'], form.oldpassword.data)
if ul:
ul.reset_password(form.newpassword.data)
try:
g.db.flush()
g.db.commit()
success = u"重设密码成功"
except Exception, e:
g.db.rollback()
log.error(e.message)
errors = [u"未知异常"]
else:
errors = [u"登陆密码输入不正确"]
else:
errors = [v[0] for k, v in form.errors.iteritems()]
def reset_with_token(token):
"""
reset password with email token
@param token: unique token
@type token: str
@return: refreshed page indicating success or failure
"""
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if form.validate_on_submit():
user = User.get(email)
password = form.password.data
user.change_password(user.set_password(password))
login_user(user)
flash('Password changed successfully!')
return redirect(url_for('main'))
return render_template('reset_with_token.html', form=form, token=token)
def new_password():
form = PasswordForm()
if form.validate_on_submit():
message = form.password.data # Users real password
message = message.encode('latin-1') # processed
encrypted_text = CIPHER.encrypt(message) # Got the value
encrypted_text = encrypted_text.decode()
password = Password(site=form.site.data,
password=encrypted_text,
hint=form.hint.data,
user=current_user)
db.session.add(password)
db.session.commit()
flash("Password Added", 'success')
return redirect(url_for('passwords'))
return render_template("create_passwords.html",
title="New Password",
form=form,
legend='Add')
def delete_user(username):
user = User.query.filter_by(username=username).first()
if user:
form = PasswordForm()
password = form.password.data
if form.validate_on_submit():
if User.authenticate(username, password):
session.pop("user_id")
db.session.delete(user)
db.session.commit()
flash("User has been deleted.")
return redirect("/")
else:
flash("Invalid password, loser.")
return render_template("delete.html", form=form)
else:
return render_template("delete.html", form=form)
else:
flash("Thou must be logged in to do that.")
return redirect("/"), 401
def password(request,
template_name = 'django_yubico/password.html',
redirect_field_name = REDIRECT_FIELD_NAME):
"""Displays the password form and handles the login action."""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not request.session.get(YUBIKEY_SESSION_USER) or not request.session.get(YUBIKEY_ATTEMPT_COUNTER):
return HttpResponseRedirect(reverse('yubico_django_login'))
if request.method == 'POST':
form = PasswordForm(request.POST, user = request.session[YUBIKEY_SESSION_USER])
if form.is_valid():
auth_login(request, request.session[YUBIKEY_SESSION_USER])
try:
del(request.session[YUBIKEY_SESSION_USER])
except KeyError:
pass
try:
del(request.session[YUBIKEY_ATTEMPT_COUNTER])
except KeyError:
pass
return HttpResponseRedirect(redirect_to or settings.LOGIN_REDIRECT_URL)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_ATTEMPT_COUNTER] > YUBIKEY_PASSWORD_ATTEMPTS:
del(request.session[YUBIKEY_SESSION_USER])
del(request.session[YUBIKEY_ATTEMPT_COUNTER])
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user = request.session[YUBIKEY_SESSION_USER])
return render_to_response(template_name, {'form': form, redirect_field_name: redirect_to}, \
context_instance = RequestContext(request))
def password_reset(payload=None):
form = PasswordForm()
if request.method == 'POST':
if not form.validate():
return render_template('passwordreset.html', form=form, user=get_user(), msg=None)
else:
# update password
reset_id = form.reset_id.data
user = User.query.get(reset_id)
if user:
user.set_password(form.password.data)
db.session.commit()
msg = "password has been changed. please login again."
else:
msg = "user not found."
return render_template('passwordreset.html', form=form, user=get_user(), msg=msg)
else:
e = crypto.crypto()
decrypted = e.decrypt(payload, True)
p = User.query.get(decrypted)
if p:
return render_template('passwordreset.html', form=form, user=p, msg=None)
else:
return render_template('passwordreset.html', form=form, user=get_user(), msg=decrypted)
