def lost_password():
""" Method to allow a user to change his/her password assuming the email
is not compromised.
"""
form = forms.LostPasswordForm()
if form.validate_on_submit():
username = form.username.data
user_obj = pagure.lib.query.search_user(
flask.g.session, username=username
)
if not user_obj:
flask.flash("Username invalid.", "error")
return flask.redirect(flask.url_for("auth_login"))
elif user_obj.token:
current_time = datetime.datetime.utcnow()
invalid_period = user_obj.updated_on + datetime.timedelta(
minutes=3
)
if current_time < invalid_period:
flask.flash(
"An email was sent to you less than 3 minutes ago, "
"did you check your spam folder? Otherwise, "
"try again after some time.",
"error",
)
return flask.redirect(flask.url_for("auth_login"))
token = pagure.lib.login.id_generator(40)
user_obj.token = token
flask.g.session.add(user_obj)
try:
flask.g.session.commit()
send_lostpassword_email(user_obj)
flask.flash("Check your email to finish changing your password")
except SQLAlchemyError: # pragma: no cover
flask.g.session.rollback()
flask.flash(
"Could not set the token allowing changing a password.",
"error",
)
_log.exception("Password lost change - Error setting token.")
return flask.redirect(flask.url_for("auth_login"))
return flask.render_template("login/password_change.html", form=form)
def lost_password():
""" Method to allow a user to change his/her password assuming the email
is not compromised.
"""
form = forms.LostPasswordForm()
if form.validate_on_submit():
username = form.username.data
user_obj = pagure.lib.search_user(SESSION, username=username)
if not user_obj:
flask.flash('Username invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.token:
current_time = datetime.datetime.utcnow()
invalid_period = user_obj.updated_on + \
datetime.timedelta(minutes=3)
if current_time < invalid_period:
flask.flash(
'An email was sent to you less than 3 minutes ago, '
'did you check your spam folder? Otherwise, '
'try again after some time.', 'error')
return flask.redirect(flask.url_for('auth_login'))
token = pagure.lib.login.id_generator(40)
user_obj.token = token
SESSION.add(user_obj)
try:
SESSION.commit()
send_lostpassword_email(user_obj)
flask.flash('Check your email to finish changing your password')
except SQLAlchemyError as err: # pragma: no cover
SESSION.rollback()
flask.flash(
'Could not set the token allowing changing a password.',
'error')
APP.logger.debug('Password lost change - Error setting token.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'login/password_change.html',
form=form,
)
def lost_password():
""" Method to allow a user to change his/her password assuming the email
is not compromised.
"""
form = forms.LostPasswordForm()
if form.validate_on_submit():
username = form.username.data
user_obj = pagure.lib.search_user(SESSION, username=username)
if not user_obj:
flask.flash('Username invalid.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif user_obj.token:
flask.flash(
'Invalid user, did you confirm the creation with the url '
'provided by email? Or did you already ask for a password '
'change?', 'error')
return flask.redirect(flask.url_for('auth_login'))
token = pagure.lib.login.id_generator(40)
user_obj.token = token
SESSION.add(user_obj)
try:
SESSION.commit()
send_lostpassword_email(user_obj)
flask.flash('Check your email to finish changing your password')
except SQLAlchemyError as err:
SESSION.rollback()
flask.flash(
'Could not set the token allowing changing a password.',
'error')
APP.logger.debug('Password lost change - Error setting token.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'login/password_change.html',
form=form,
)