def update_user_info(userID):
try:
cur = mysql.connection.cursor()
first_name = request.get_json()['first_name']
last_name = request.get_json()['last_name']
email = request.get_json()['email']
password = bcrypt.generate_password_hash(
request.get_json()['password']).decode('utf-8')
username = request.get_json()['username']
cur.execute("UPDATE heroku_012605fb848c7a7.users SET first_name = '" +
str(first_name) + "',last_name = '" + str(last_name) +
"',email = '" + str(email) + "',password = '******',username = '******'WHERE id = " + str(userID) + ";")
mysql.connection.commit()
updated = {
'first_name': first_name,
'last_name': last_name,
'email': email,
'password': password,
'username': username
}
post_log('PUT /users/<int:userID>')
return Response(json.dumps({
"updated": updated,
"code": 201
}),
mimetype='application/json')
except Exception as e:
print(e)
return {
"Error": "Unable to update this user.",
"error message": str(e)
}
def reset_password(user_id, token):
if request.method == 'GET':
return render_template('reset.html', user_id=user_id, token=token)
else:
cur_id = request.form['user_id']
try:
email = safe.loads(token,
salt='email-confirm',
max_age=PASSWORD_TOKEN_EXPIRED)
print(email)
user = User.query.filter_by(email=email).first()
if user == None or user.verified != True:
flash('You are not a user !', 'danger')
return redirect(url_for('login'))
new_password = request.form['newPassword']
confirm_password = request.form['confirmPassword']
if new_password != confirm_password:
flash('Confirm Password doesn\'t match', 'danger')
redirect(url_for('reset_password', user_id=cur_id,
token=token))
hashed_password = bcrypt.generate_password_hash(
new_password).decode('utf-8')
user.password = hashed_password
db.session.commit()
except SignatureExpired:
flash('token expired!', 'danger')
return redirect(url_for('login'))
return redirect(url_for('login'))
def reset_password():
try:
cur = mysql.connection.cursor()
email = request.get_json()['email']
if '@' not in email:
return {"Error": "Not a valid email"}
password = request.get_json()['password']
confirmed_password = request.get_json()['confirmed_password']
input_reset_key = request.get_json()['reset_key']
cur.execute(
"SELECT password_reset_key FROM heroku_012605fb848c7a7.users WHERE email = %(email)s",
{'email': email})
raw_reset_key_in_DB = str(cur.fetchone())
mod_reset_key_in_DB = raw_reset_key_in_DB
chars_to_delete = "(',)"
for character in chars_to_delete:
mod_reset_key_in_DB = mod_reset_key_in_DB.replace(character, "")
encrypted_password = bcrypt.generate_password_hash(password).decode(
'utf-8')
if (mod_reset_key_in_DB == input_reset_key):
if (password == confirmed_password):
cur.execute(
"UPDATE heroku_012605fb848c7a7.users SET password_reset_key = NULL;"
)
cur.execute(
"UPDATE heroku_012605fb848c7a7.users SET password = '******' WHERE email = %(email)s",
{'email': email})
#cur.execute("UPDATE heroku_012605fb848c7a7.users SET password = '******' WHERE (email = '"+str(email)+"');")
mysql.connection.commit()
post_log('POST /reset-password')
return {"Allow": "yes"}
else:
return {
"Error": "Passwords do not match!",
"Allow": "No",
"Password": password,
"Conf Pass": confirmed_password
}
else:
return {
"Error":
str(mod_reset_key_in_DB) + "/" + str(input_reset_key) + "/" +
str(encrypted_password)
}
except Exception as e:
return {"Error": str(e), "Allow": "no"}
def register():
form = RegisterationForm()
if form.validate_on_submit():
already_user = User.query.filter_by(email=form.username.data).first()
if already_user:
flash('That user was taken. Please choose a different one!',
'danger')
else:
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(email=form.username.data, password=hashed_password)
db.session.add(user)
db.session.commit()
flash(f'Account created for {form.username.data}!', 'success')
return redirect(url_for('home'))
return render_template('register.html', title='Register', form=form)
def change_password():
cur_id = request.form['clientID']
user = User.query.filter_by(id=cur_id).first()
cur_password = request.form['curPassword']
new_password = request.form['newPassword']
confirm_password = request.form['confirmPassword']
if new_password != confirm_password:
flash('Confirm Password doesn\'t match', 'danger')
if bcrypt.check_password_hash(user.password, cur_password):
hashed_password = bcrypt.generate_password_hash(new_password).decode(
'utf-8')
user.password = hashed_password
db.session.commit()
else:
flash('Wrong Password!', 'danger')
return redirect(url_for('client_detail_page'))
def create_user():
try:
cur = mysql.connection.cursor()
first_name = request.get_json()['first_name']
last_name = request.get_json()['last_name']
email = request.get_json()['email']
username = request.get_json()['username']
cur.execute(
"SELECT email FROM heroku_012605fb848c7a7.users WHERE email = %(email)s",
{'email': email})
emailFound = cur.fetchone()
cur.execute(
"SELECT email FROM heroku_012605fb848c7a7.users WHERE username = %(username)s",
{'username': username})
usernameFound = cur.fetchone()
if '@' not in email:
return {"Error": "Not a valid email"}
if (emailFound or usernameFound):
post_log('POST /users FAILED')
return {"Error": "Can't add already existing email or username"}
else:
password = bcrypt.generate_password_hash(
request.get_json()['password']).decode('utf-8')
cur.execute(
"INSERT INTO heroku_012605fb848c7a7.accounts_in_limbo (first_name, last_name, email, password, username) VALUES ('"
+ first_name + "', '" + last_name + "', '" + email + "', '" +
password + "', '" + username + "');")
mysql.connection.commit()
port = 465 # For SSL
smtp_server = "smtp.gmail.com"
sender = "*****@*****.**"
Email_Password = "******"
conf_key = randomPassword()
##START
cur.execute(
"UPDATE heroku_012605fb848c7a7.accounts_in_limbo SET confirmation_key = '"
+ conf_key + "' WHERE email = %(email)s", {'email': email})
mysql.connection.commit() #necessary for data modification
message = MIMEMultipart("alternative")
message["subject"] = "Finish Registering for BITEBODY.XYZ"
message["From"] = sender
message["To"] = email
html = """\
<html>
<body>
<p>Thank you for signing up for a BITEBODY account! <br>
<a href="https://www.bitebody.xyz/finalize-registration">CLICK RIGHT HERE </a>
to complete your account registration!
Your registration code is:<b>{conf_key}</b> <br />
Make sure to enter it when prompted.
</p>
</body>
</html>
""".format(conf_key=conf_key)
# Turn these into plain/html MIMEText objects
#part1 = MIMEText(text, "plain")
part2 = MIMEText(html, "html")
# Add HTML/plain-text parts to MIMEMultipart message
# The email client will try to render the last part first
#message.attach(part1)
message.attach(part2)
# Create a secure SSL context
context = ssl.create_default_context()
with smtplib.SMTP_SSL(smtp_server, port,
context=context) as server:
server.login(sender, Email_Password)
server.sendmail(sender, email, message.as_string())
# TODO: Send email here
##END
# cur.execute("INSERT INTO heroku_012605fb848c7a7.users (first_name, last_name, email, password, username) VALUES ('"
# + first_name + "', '"
# + last_name + "', '"
# + email + "', '"
# + password + "', '"
# + username + "');")
# mysql.connection.commit()
posted = {
'first_name': first_name,
'last_name': last_name,
'email': email,
'password': password,
'username': username
}
post_log('POST /users')
return Response(json.dumps({
"posted": posted,
"code": 201
}),
mimetype='application/json')
except Exception as e:
print(e)
return {"Error": "Unable to create this user.", "ErrorMessage": str(e)}
def set_password(self, password_hash):
self.password_hash = bcrypt.generate_password_hash(password_hash)
def hash_password(mapper, connection, target):
from manage import bcrypt
target.password = bcrypt.generate_password_hash(
target.password).decode('utf-8')
