Пример #1
0
def reset_email(userid, secret):
    logout_internal()
    user = User.query.filter_by(userid=userid).first()
    if not user:
        abort(404)
    resetreq = PasswordResetRequest.query.filter_by(user=user, reset_code=secret).first()
    if not resetreq:
        return render_message(title="Invalid reset link",
            message=Markup("The reset link you clicked on is invalid."))
    if resetreq.created_at < datetime.utcnow() - timedelta(days=1):
        # Reset code has expired (> 24 hours). Delete it
        db.session.delete(resetreq)
        db.session.commit()
        return render_message(title="Expired reset link",
            message=Markup("The reset link you clicked on has expired."))

    # Reset code is valid. Now ask user to choose a new password
    form = PasswordResetForm()
    if form.validate_on_submit():
        user.password = form.password.data
        db.session.delete(resetreq)
        db.session.commit()
        return render_message(title="Password reset complete", message=Markup(
            'Your password has been reset. You may now <a href="%s">login</a> with your new password.' % escape(url_for('login'))))
    return render_form(form=form, title="Reset password", formid='reset', submit="Reset password",
        message=Markup('Hello, <strong>%s</strong>. You may now choose a new password.' % user.fullname),
        ajax=True)
Пример #2
0
def reset():
    # User wants to reset password
    # Ask for username or email, verify it, and send a reset code
    form = PasswordResetRequestForm()
    if form.validate_on_submit():
        username = form.username.data
        user = form.user
        if '@' in username and not username.startswith('@'):
            # They provided an email address. Send reset email to that address
            email = username
        else:
            # Send to their existing address
            # User.email is a UserEmail object
            email = unicode(user.email)
        if not email:
            # They don't have an email address. Maybe they logged in via Twitter
            # and set a local username and password, but no email. Could happen.
            return render_message(title="Reset password", message=Markup(
            """
            We do not have an email address for your account and therefore cannot
            email you a reset link. Please contact
            <a href="mailto:%s">%s</a> for assistance.
            """ % (escape(app.config['SITE_SUPPORT_EMAIL']), escape(app.config['SITE_SUPPORT_EMAIL']))))
        resetreq = PasswordResetRequest(user=user)
        db.session.add(resetreq)
        send_password_reset_link(email=email, user=user, secret=resetreq.reset_code)
        db.session.commit()
        return render_message(title="Reset password", message=Markup(
            u"""
            You were sent an email at <code>%s</code> with a link to reset your password.
            Please check your email. If it doesn’t arrive in a few minutes,
            it may have landed in your spam or junk folder.
            The reset link is valid for 24 hours.
            """ % escape(email)))

    return render_form(form=form, title="Reset password", submit="Send reset code", ajax=True)
Пример #3
0
def confirm_email(md5sum, secret):
    emailclaim = UserEmailClaim.query.filter_by(md5sum=md5sum).first()
    if emailclaim is not None:
        # Claim exists
        if emailclaim.verification_code == secret:
            # Verification code matches
            if g.user == emailclaim.user:
                # Not logged in as someone else
                # Claim verified!
                useremail = emailclaim.user.add_email(emailclaim.email, primary=emailclaim.user.email is None)
                db.session.delete(emailclaim)
                db.session.commit()
                return render_message(title="Email address verified",
                    message=Markup("Hello %s! Your email address <code>%s</code> has now been verified." % (
                        escape(emailclaim.user.fullname), escape(useremail.email))))
            else:
                # Logged in as someone else. Abort
                abort(403)
        else:
            # Verification code doesn't match
            abort(403)
    else:
        # No such email claim
        abort(404)