def activate(token): """ Activates the user account so long as the token is valid. """ # Attempt to get the data from the token data = check_token(token) if data is not None and data.get('action') == 'activate': # Attempt to activate the users account user = get_user(data.get('uid')) # This does not need a branching check as it should never fail! # The check is there for safety. An auth token can not live longer # than a newly created user. if user is not None: # pragma: no branch be_activate(user.get('_id')) # If we have got to this point. Send a welcome e-mail :) send_mail( 'Pjuu Account Notifcation - Welcome!', [user.get('email')], text_body=render_template('emails/welcome.txt'), html_body=render_template('emails/welcome.html') ) flash('Your account has now been activated', 'success') return redirect(url_for('auth.signin')) # The token is either out of date or has been tampered with flash('Invalid token', 'error') return redirect(url_for('auth.signin'))
def delete_account(): """ View the user uses to delete their account. Once the user has submitted the form and their password has been validated there is no turning back. They will receive an e-mail to confirm the account deletion. """ form = ConfirmPasswordForm(request.form) if request.method == 'POST': if authenticate(current_user['username'], form.password.data): uid = current_user['uid'] email = current_user['email'] # Log the current user out logout() # Delete the account be_delete_account(uid) # Inform the user that the account has/is being deleted flash('Your account has been deleted<br />Thanks for using us', 'information') # Send the user their last ever email on Pjuu send_mail( 'Pjuu Account Notification - Account Deletion', [email], text_body=render_template('emails/account_deletion.txt'), html_body=render_template('emails/account_deletion.html') ) # Send user back to login return redirect(url_for('signin')) else: flash('Oops! wrong password', 'error') return render_template('delete_account.html', form=form)
def change_password(): """ The view a user uses to change their password. This will change their password straight away once they have authenticated, it will then send them a confirmation e-mail. """ form = ChangePasswordForm(request.form) if request.method == 'POST': if form.validate(): # User authenticates in the form # Update the users password! be_change_password(current_user['uid'], form.new_password.data) flash('We\'ve updated your password', 'success') # Inform the user via e-mail that their password has changed send_mail( 'Pjuu Account Notification - Password Changed', [current_user['email']], text_body=render_template('emails/password_change.txt'), html_body=render_template('emails/password_change.html') ) else: flash('Oh no! There are errors in your form', 'error') return render_template('change_password.html', form=form)
def signup(): """ """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_account(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail('Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token)) flash( 'Yay! You\'ve signed up<br/>' 'We\'ve sent an e-mail to {}<br/>' 'Please activate your account'.format(form.email.data), 'success') return redirect(url_for('auth.signin')) flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def change_email(): """ This view allows the user to change their their email address. It will send a token to the new address for the user to confirm they own it. The email will contain a link to confirm_email() """ form = ChangeEmailForm(request.form) if request.method == 'POST': if form.validate(): # User validates in the form # Get an authentication token token = generate_token({ 'action': 'change_email', 'uid': current_user['uid'], 'email': form.new_email.data} ) # Send a confirmation to the new email address send_mail( 'Pjuu Account Notification - Confirm Email Change', [form.new_email.data], text_body=render_template('emails/email_change.txt', token=token), html_body=render_template('emails/email_change.html', token=token) ) flash('We\'ve sent you an email, please confirm this', 'success') else: flash('Oh no! There are errors in your form', 'error') return render_template('change_email.html', form=form)
def confirm_email(token): """ View to actually change the users password. This is the link they will sent during the email change procedure. If the token is valid the users password will be changed and a confirmation will be sent to the new email address. """ # Attempt to get the data from the token data = check_token(token) if data is not None and data.get('action') == 'change_email': # Change the users e-mail uid = data.get('uid') # We will email the address stored in the token. This may help us # identify if there is any miss match email = data.get('email') # This could only happen if the user deletes there account then presses # the confirm email link that is sent to them. if uid and email: # pragma: no branch be_change_email(uid, email) send_mail( 'Pjuu Account Notification - Email Address Changed', [email], text_body=render_template('emails/confirm_email.txt'), html_body=render_template('emails/confirm_email.html') ) flash('We\'ve updated your e-mail address', 'success') return redirect(url_for('change_email')) # The token is either out of date or has been tampered with flash('Invalid token', 'error') return redirect(url_for('change_email'))
def activate(token): """ Activates the user account so long as the token is valid. """ # Attempt to get the data from the token data = check_token(token) if data is not None and data.get('action') == 'activate': # Attempt to activate the users account uid = data.get('uid') # This should be impossible to happen. The user would have to live a # millisecond longer than the auth token they are sent to activate # there account and at the very last nano-second try and activate. # Not going to get. if uid and get_user(uid): # pragma: no branch be_activate(uid) # If we have got to this point. Send a welcome e-mail :) send_mail( 'Pjuu Account Notifcation - Welcome!', [get_email(uid)], text_body=render_template('emails/welcome.txt'), html_body=render_template('emails/welcome.html') ) flash('Your account has now been activated', 'success') return redirect(url_for('signin')) # The token is either out of date or has been tampered with flash('Invalid token', 'error') return redirect(url_for('signin'))
def forgot(): """ View to allow the user to recover their password. This will send an email to the users email address so long as the account is found. It will not tell the user if the account was located or not. """ form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': uid = get_uid(form.username.data) if uid: # Only send e-mails to user which exist. token = generate_token({'action': 'reset', 'uid': uid}) send_mail( 'Pjuu Account Notification - Password Reset', [get_email(uid)], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token) ) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('signin')) return render_template('forgot.html', form=form)
def forgot(): """Allow users to get a password reset link""" form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': if form.validate(): user = get_user(get_uid(form.username.data, non_active=True)) if user is not None: # Only send e-mails to user which exist. token = generate_token({ 'action': 'reset', 'uid': user.get('_id') }) send_mail( 'Pjuu Account Notification - Password Reset', [user.get('email')], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token) ) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('auth.signin')) else: flash('Please enter a username or e-mail address', 'error') return render_template('forgot.html', form=form)
def signup(): """ """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_account(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail( 'Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token) ) flash('Yay! You\'ve signed up<br/>' 'We\'ve sent an e-mail to {}<br/>' 'Please activate your account'.format(form.email.data), 'success') return redirect(url_for('auth.signin')) flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def activate(token): """ Activates the user account so long as the token is valid. """ # Attempt to get the data from the token data = check_token(token) if data is not None and data.get('action') == 'activate': # Attempt to activate the users account user = get_user(data.get('uid')) # This does not need a branching check as it should never fail! # The check is there for safety. An auth token can not live longer # than a newly created user. if user is not None: # pragma: no branch be_activate(user.get('_id')) # If we have got to this point. Send a welcome e-mail :) send_mail('Pjuu Account Notifcation - Welcome!', [user.get('email')], text_body=render_template('emails/welcome.txt'), html_body=render_template('emails/welcome.html')) flash('Your account has now been activated', 'success') return redirect(url_for('auth.signin')) # The token is either out of date or has been tampered with flash('Invalid token', 'error') return redirect(url_for('auth.signin'))
def delete_account(): """ """ form = ConfirmPasswordForm(request.form) if request.method == 'POST': if authenticate(current_user['username'], form.password.data): uid = current_user['_id'] email = current_user['email'] # Log the current user out be_signout() # Delete the account be_delete_account(uid) # Inform the user that the account has/is being deleted flash('Your account is being deleted<br />Thanks for using us', 'information') # Send the user their last ever email on Pjuu send_mail( 'Pjuu Account Notification - Account Deletion', [email], text_body=render_template('emails/account_deletion.txt'), html_body=render_template('emails/account_deletion.html')) # Send user back to login return redirect(url_for('auth.signin')) else: flash('Oops! wrong password', 'error') return render_template('delete_account.html', form=form)
def confirm_email(token): """ """ # Attempt to get the data from the token data = check_token(token) if data is not None and data.get('action') == 'change_email': # Change the users e-mail uid = data.get('uid') # We will email the address stored in the token. This may help us # identify if there is any miss match email = data.get('email') # This could only happen if the user deletes there account then presses # the confirm email link that is sent to them. if uid and email: # pragma: no branch be_change_email(uid, email) send_mail('Pjuu Account Notification - Email Address Changed', [email], text_body=render_template('emails/confirm_email.txt'), html_body=render_template('emails/confirm_email.html')) flash('We\'ve updated your e-mail address', 'success') return redirect(url_for('auth.change_email')) # The token is either out of date or has been tampered with flash('Invalid token', 'error') return redirect(url_for('auth.change_email'))
def change_email(): """ """ form = ChangeEmailForm(request.form) if request.method == 'POST': if form.validate(): # User validates in the form # Get an authentication token token = generate_token({ 'action': 'change_email', 'uid': current_user['_id'], 'email': form.new_email.data }) # Send a confirmation to the new email address send_mail('Pjuu Account Notification - Confirm Email Change', [form.new_email.data], text_body=render_template('emails/email_change.txt', token=token), html_body=render_template('emails/email_change.html', token=token)) flash('We\'ve sent you an email, please confirm this', 'success') else: flash('Oh no! There are errors in your form', 'error') return render_template('change_email.html', form=form)
def forgot(): """Allow users to get a password reset link""" form = ForgotForm(request.form) # We always go to /signin after a POST if request.method == 'POST': user = get_user(get_uid(form.username.data, non_active=True)) if user is not None: # Only send e-mails to user which exist. token = generate_token({'action': 'reset', 'uid': user.get('_id')}) send_mail('Pjuu Account Notification - Password Reset', [user.get('email')], text_body=render_template('emails/forgot.txt', token=token), html_body=render_template('emails/forgot.html', token=token)) flash('If we\'ve found your account we\'ve e-mailed you', 'information') return redirect(url_for('auth.signin')) return render_template('forgot.html', form=form)
def signup(): """ The view a user uses to sign up for Pjuu. This will generate the activation email and send it to the new user so long as the form is correct. """ form = SignUpForm(request.form) if request.method == 'POST': if form.validate(): # User successfully signed up, create an account uid = create_user(form.username.data, form.email.data, form.password.data) # Lets check the account was created # This would only fail in the event of a race condition if uid: # pragma: no branch token = generate_token({'action': 'activate', 'uid': uid}) # Send an e-mail to activate their account send_mail( 'Pjuu Account Notification - Activation', [form.email.data], text_body=render_template('emails/activate.txt', token=token), html_body=render_template('emails/activate.html', token=token) ) flash('Yay! You\'ve signed up<br/>Please check your e-mails ' 'to activate your account', 'success') return redirect(url_for('signin')) # This will fire if the form is invalid or if there is a race # condition with 2 users trying to enter the same username or password # at exactly the same time. flash('Oh no! There are errors in your form. Please try again.', 'error') return render_template('signup.html', form=form)
def change_password(): """ The view a user uses to change their password. This will change their password straight away once they have authenticated, it will then send them a confirmation e-mail. """ form = ChangePasswordForm(request.form) if request.method == 'POST': if form.validate(): # User authenticates in the form # Update the users password! be_change_password(current_user['_id'], form.new_password.data) flash('We\'ve updated your password', 'success') # Inform the user via e-mail that their password has changed send_mail('Pjuu Account Notification - Password Changed', [current_user['email']], text_body=render_template('emails/password_change.txt'), html_body=render_template('emails/password_change.html')) else: flash('Oh no! There are errors in your form', 'error') return render_template('change_password.html', form=form)