def new(user_id): token_key = genRandomString(32) token_value = genRandomString(128) token_hash = hashPassword(token_value) WebsocketToken.create(token_key=token_key, token_hash=token_hash, user_id=user_id) return token_key, token_value
def changePassword(): if g.user is None: redirect("/login?needToLogin") oldPassword = request.args['old_password'] if not checkPassword(g.user.password, oldPassword): return json.dumps({"result": "incorrect old password"}) newPassword = request.args['new_password'] g.user.password = hashPassword(newPassword) g.user.save() g.user.logout() return json.jsonify(result="success")
def resetPassword2(): if 'token' not in request.args: return redirect("/") token = request.args['token'] with database.atomic(): try: token_obj = ForgotToken.get((ForgotToken.token == token) & ( ForgotToken.timestamp >= timeSubtract(days=1))) except DoesNotExist: return redirect("/login?invalidToken") user = token_obj.user_id newPassword = genRandomString(20) user.password = hashPassword(newPassword) user.save() token_obj.delete_instance() mailContent = render_template("authentication/forgot2Email.html", newPassword=newPassword) async_ops.sendMail(user.email, "New password", mailContent) return redirect("/login?resetSuccess")
def add(username, password, email, realname): password = hashPassword(password) User.create(username=username, password=password, email=email, realname=realname)