def new(user_id):
token_key = genRandomString(32)
token_value = genRandomString(128)
token_hash = hashPassword(token_value)
WebsocketToken.create(token_key=token_key,
token_hash=token_hash,
user_id=user_id)
return token_key, token_value
def changePassword():
if g.user is None:
redirect("/login?needToLogin")
oldPassword = request.args['old_password']
if not checkPassword(g.user.password, oldPassword):
return json.dumps({"result": "incorrect old password"})
newPassword = request.args['new_password']
g.user.password = hashPassword(newPassword)
g.user.save()
g.user.logout()
return json.jsonify(result="success")
def resetPassword2():
if 'token' not in request.args:
return redirect("/")
token = request.args['token']
with database.atomic():
try:
token_obj = ForgotToken.get((ForgotToken.token == token) & (
ForgotToken.timestamp >= timeSubtract(days=1)))
except DoesNotExist:
return redirect("/login?invalidToken")
user = token_obj.user_id
newPassword = genRandomString(20)
user.password = hashPassword(newPassword)
user.save()
token_obj.delete_instance()
mailContent = render_template("authentication/forgot2Email.html",
newPassword=newPassword)
async_ops.sendMail(user.email, "New password", mailContent)
return redirect("/login?resetSuccess")
def add(username, password, email, realname):
password = hashPassword(password)
User.create(username=username,
password=password,
email=email,
realname=realname)