def confirm_email(token):
"""Checks if the email verification is successful.
If succesful email_confirmed is set to 1 and user is now able to login.
Returns:
JSON responde based on succes/failure.
"""
try:
# Create the secret key based on our little secret :)
secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])
# Confirm key is in pool and has not expired yet.
email = secret.loads(token, max_age=3600,
salt=current_app.config['EMAIL_REGISTER_SALT'])
# If user exists update the status 'email_confirmed' to 1.
# The user will now be able to login.
if users.exists(email=email):
users.update({'email_confirmed': 1}, email=email)
# Redirect the user to the login page, trigger
# 'registration complete' process.
return redirect(
get_central_ip() +
'?message=registration_complete')
else:
return bad_json_response('No user with the email ' + email
+ ' exists.')
except SignatureExpired:
message = 'The token has expired, please try registering again.'
return redirect(get_central_ip() + '?message=' + message)
except BadTimeSignature:
message = 'The token did not match. Are you trying to hack FedNet? Q_Q'
return redirect(get_central_ip() + '?message=' + message)
def confirm_forgotpass():
"""Handles password resetting via email.
Returns:
JSON reponse based on succes/failure.
"""
try:
token = request.form['token']
password = request.form['password']
# Create the secret key based on our little secret :)
secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])
# Confirm key is in pool and has not expired yet.
# Extract email from secret.
email = secret.loads(token, max_age=3600,
salt=current_app.config['EMAIL_FORGOTPASS_SALT'])
# Error if no user with given email is found.
if not users.exists(email=email):
return bad_json_response('No user with the email ' + email
+ ' exists.')
# Encrypt password for storage in database.
password = sha256_crypt.encrypt(request.form['password'])
users.update({'password': password}, email=email)
return good_json_response('Change password succesfull')
except SignatureExpired:
message = 'The token has expired, please try requesting a new password.'
return redirect(get_central_ip() + '?message=' + message)
except BadTimeSignature:
message = (
'The token did not match. Are you trying to hack some user? Q_Q'
)
return redirect(get_central_ip() + '?message=' + message)
def wrapper(*args, **kwargs):
try:
# Decode token (base64).
header = None
if get_server_type() == ServerType.CENTRAL:
header = request.cookies['access_token_cookie']
else:
header = request.headers['authorization']
# Get the identity and save as username.
parts = header.split('.')
decoded = base64.b64decode(parts[1] + '=============') \
.decode('utf-8')
username = json.loads(decoded)['identity']
# Get the correct pub key.
if get_server_type() == ServerType.CENTRAL:
# Get the pubkey using own API call.
from app.api.central.server import get_pub_key
pub = get_pub_key(username)
else:
# Get the pubkey by call to the central server.
pub = requests.get(get_central_ip() + '/api/server/pub_key',
params={
'username': username
}).json()['data']
current_app.config['JWT_PUBLIC_KEY'] = pub
except BaseException:
# Show login on exception.
return render_template('login.html')
# Let the JWT extended library check the token.
try:
verify_jwt_in_request()
except:
return render_template('logout.html')
return fn(*args, **kwargs)
def registered():
"""Look up if the given username is a registered username in FedNet.
Returns:
JSON reponse that succeeds if the username is registered and
fails if the user is not registered.
"""
username = request.args.get('username')
if username is None:
return bad_json_response("Bad request: Missing parameter 'username'.")
if not users.exists(username=username):
return bad_json_response('Username not found (in data server)')
# This request checks if the given username is registered.
r = requests.get(
get_central_ip() + '/api/user/registered',
params={
'username': username
}
).json()
return good_json_response(r)
def forgotpass():
"""Handles forgotten password, sends email to recover.
Returns:
JSON response based on succes/failure.
"""
username = request.form['username']
if not username:
return bad_json_response("Bad request: Missing parameter 'username'.")
# Retrieve email for given username.
# Also retrieve firstname and lastname for personal message.
firstname, lastname, send_to = users.export_one('firstname', 'lastname',
'email', username=username)
# If no user is found give an error.
if not firstname or not lastname or not username:
return bad_json_response('Error retrieving the user.')
# stuur mail met new ww link
# Construct message object with receipient and sender
msg = EmailMessage()
msg['Subject'] = 'FedNet - Change your password.'
msg['From'] = current_app.config['EMAIL_ADDRESS']
msg['To'] = send_to
# Create the secret key based on our little secret :)
secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])
# Create token based on a user their email and salt to prevent same token.
token = secret.dumps(send_to,
salt=current_app.config['EMAIL_FORGOTPASS_SALT'])
# Create link with token and username so central knows how to handle it.
parameters = '?username='******'&token=' + token
link = get_central_ip() + '/forgotPassword' + parameters
# Load the HTML template for the email, and embed the information needed.
with open('app/templates/email_template/forgot-password.html') as f:
html = f.read()
html = html.replace('LINK_HERE', link)
html = html.replace('USERNAME_HERE', username)
html = html.replace('NAME_HERE', firstname + ' ' + lastname)
msg.add_alternative(html, subtype='html')
# Add image to the contents of the email.
with open('app/static/images/LogoBackOpaque.png', 'rb') as img:
# Know the Content-Type of the image.
maintype, subtype = mimetypes.guess_type(img.name)[0].split('/')
# Attach it to the email. The cid='0' is linked to the cid in the html,
# which loads it.
msg.get_payload()[0].add_related(img.read(), maintype=maintype,
subtype=subtype, cid='0')
# Connect to the mailserver from google and send the e-mail.
with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp:
smtp.login(current_app.config['EMAIL_ADDRESS'],
current_app.config['EMAIL_PASSWORD'])
smtp.send_message(msg)
return good_json_response('success')