def reset_token(token):
title = 'Reset Password'
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if not user:
flash('Invalid or expired token.')
return redirect(url_for('account.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
if bcrypt.check_password_hash(user.password, form.password.data):
flash('The password you entered is already set.')
return redirect(url_for('account.reset_token', token=token))
user.password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
db.session.commit()
flash('Password has been updated.')
return redirect(url_for('account.login'))
return render_template('account/password_reset_token.html',
title=title,
form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('account.login'))
return render_template('account/reset_password.html',
form=form)
def post(self):
self.d['form'] = ResetPasswordForm(self)
if self.d['form'].validate():
plaintext = self.d['form'].password.data
enc_password = enc_login_passwd(plaintext)
self.d['USER'].password = enc_password
root_passwd = enc_shadow_passwd(plaintext)
self.d['USER'].profile.set_secret('root_shadow_passwd', root_passwd)
self.db2.commit()
# TODO: set reset password request completed
applys = self.db2.query(UserResetpass).filter(
UserResetpass.key == self.key ).all()
for A in applys:
A.completed = datetime.now()
self.db2.commit()
self.save_session( self.d['USER'].id )
url = self.reverse_url('account:index')
return self.redirect( url )
self.render( 'account/reset_password_complete.html', **self.d )
def reset_password(token):
"""Reset an existing user's password."""
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
flash('Invalid email address.', 'form-error')
return redirect(url_for('main.index'))
if user.reset_password(token, form.new_password.data):
flash('Your password has been updated.', 'form-success')
return redirect(url_for('account.login'))
else:
flash('The password reset link is invalid or has expired.',
'form-error')
return redirect(url_for('main.index'))
return render_template('account/reset_password.html', form=form)
def post(self):
form = ResetPasswordForm(self)
if form.validate():
user = self.current_user
enc_password = enc_login_passwd(form.password.data)
user.password = enc_password
root_passwd = enc_shadow_passwd(form.password.data)
user.profile.set_secret('root_shadow_passwd', root_passwd)
self.db2.commit()
url = self.application.reverse_url('account:index')
return self.redirect( url )
self.render( 'account/reset_password.html', title = self.trans(_('Reset Password')),
form = form )
def get_reset_password(self):
d = {
'title':
self.trans(_('Reset Password For "%s"')) % self.user.username,
'U': self.user,
'form': ResetPasswordForm(self)
}
self.render('admin/user/reset_password.html', **d)
def post_reset_password(self):
form = ResetPasswordForm(self)
if form.validate():
salt = md5(str(random.random())).hexdigest()[:12]
hsh = encrypt_password(salt, form.password.data)
enc_password = "******" % (salt, hsh)
self.user.password = enc_password
self.db2.commit()
url = self.reverse_url('admin:user')
url += '?id=%s&action=view' % self.user.id
return self.redirect( url )
self.render( 'admin/user/reset_password.html', title = self.trans(_('Reset Password')),
form = form, U = self.user )
def post(self):
form = ResetPasswordForm(self.request.arguments)
if form.validate():
salt = md5(str(random.random())).hexdigest()[:12]
hsh = encrypt_password(salt, form.password.data)
enc_password = "******" % (salt, hsh)
user = self.db2.query(User).get( self.current_user.id )
user.password = enc_password
self.db2.commit()
url = self.application.reverse_url('account:index')
return self.redirect( url )
self.render( 'account/reset_password.html', title = _('Reset Password'),
form = form )
def post_reset_password(self):
form = ResetPasswordForm(self.request.arguments)
if form.validate():
salt = md5(str(random.random())).hexdigest()[:12]
hsh = encrypt_password(salt, form.password.data)
enc_password = "******" % (salt, hsh)
self.user.password = enc_password
self.db2.commit()
url = self.reverse_url('admin:user')
url += '?id=%s&action=view' % self.user.id
return self.redirect(url)
self.render('admin/user/reset_password.html',
title=_('Reset Password'),
form=form,
USER=self.user)
def reset_token(token):
title = 'Reset Password'
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if not user:
flash('Invalid or expired token.', 'danger')
return redirect(url_for('account.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
if bcrypt.check_password_hash(user.password.encode(), form.password.data):
flash('The password you entered is already set.', 'danger')
return redirect(url_for('account.reset_token', token=token))
file_contents = ''
if form.master_key_file.data:
file_contents = form.master_key_file.data.stream.readline().decode('utf-8')
if not form.master_key.data and not file_contents and form.lost_master_key.data:
wipe_user_data(user)
master_key = generate_pswrd(length=32, special=False)
user.master_key = encrypt(get_key(form.password.data), master_key)
flash('User data has been permanently erased! Master key has been reset.', 'warning')
elif not check_master_key(form.master_key.data, user) and not check_master_key(file_contents, user):
flash('Master key invalid or not provided!', 'danger')
return redirect(url_for('account.reset_token', token=token))
else:
user.master_key = encrypt(get_key(form.password.data), form.master_key.data)
user.password = bcrypt.generate_password_hash(form.password.data)
db.session.commit()
flash('Password has been updated.', 'success')
return redirect(url_for('account.login'))
return render_template('account/password_reset_token.html', title=title, form=form)
def post(self):
self.d['form'] = ResetPasswordForm( self.request.arguments )
if self.d['form'].validate():
salt = md5(str(random.random())).hexdigest()[:12]
hsh = encrypt_password(salt, self.d['form'].password.data)
enc_password = "******" % (salt, hsh)
self.d['USER'].password = enc_password
self.db2.commit()
# TODO: set reset password request completed
applys = self.db2.query(UserResetpass).filter(
UserResetpass.key == self.key ).all()
for A in applys:
A.completed = datetime.utcnow()
self.db2.commit()
self.save_session( self.d['USER'].id )
url = self.reverse_url('account:index')
return self.redirect( url )
self.render( 'account/reset_password_complete.html', **self.d )
def get_reset_password(self):
self.render('admin/user/reset_password.html',
title=_('Reset Password'),
form=ResetPasswordForm(),
USER=self.user)
def get(self):
self.d['form'] = ResetPasswordForm(self)
self.render( 'account/reset_password_complete.html', **self.d )
def get(self):
form = ResetPasswordForm(self)
self.render( 'account/reset_password.html', title = self.trans(_('Reset Password')),
form = form )