def put(self, uid): '''Updates a user's password.''' current_password = request.json.get('current_password') token = request.json.get('token') user = User.query.get_or_404(uid) new_password = None # process current password if current_password: if not g.user: abort(401) if user.id != g.user.id: abort(403) if not user.check_password(current_password): abort(400, 'Invalid current password.') new_password = request.json.get('new_password') # process reset token elif token: payload = get_unverified_jwt_payload(token) if payload['sub'] != user.id: abort(400, 'Invalid token.') new_password = request.json.get('new_password') # handle password update if not new_password: abort(400, 'Invalid request.') if not is_valid_password(new_password): abort(400, 'Password does not meet complexity requirements.') user.password = new_password db.session.add(user) db.session.commit() return {'success': True}
def post(self): '''Creates an account.''' username = request.json.get('username') if User.query.filter_by(username=username).first(): abort(400, 'Username already exists.') email = request.json.get('email') if User.query.filter_by(email=email).first(): abort(400, 'Email already exists.') password = request.json.get('password') if not is_valid_password(password): abort(400, 'Password does not meet complexity requirements.') user = User(**request.json) db.session.add(user) db.session.commit() return {'success': True}, 201
def reset_password(): # validate flow control if not session.get('reset_id'): return reset_flow('Reset improperly initialized.') if request.method == 'POST': password = request.form['password'] if is_valid_password(password): user = User.query.get(session.pop('reset_id')) user.password = password db.session.add(user) db.session.commit() flash('Password reset. Please log in.') return redirect(url_for('auth.login')) else: flash('Password does not meet complexity requirements.') return render_template('reset_password.html')
def profile_change(): user = g.user password = request.values['password'] if password: if is_valid_password(password): user.password = password else: flash('Password does not meet complexity requirements.') user.avatar = request.values['avatar'] user.signature = request.values['signature'] user.name = request.values['name'] user.question = request.values['question'] user.answer = request.values['answer'] db.session.add(user) db.session.commit() flash('Account information changed.') return redirect(url_for('core.profile'))
def reset_password(): # enforce flow control if not session.get('reset_id'): flash('Reset improperly initialized.') return redirect(url_for('auth.reset_init')) if request.method == 'POST': password = request.form['password'] if is_valid_password(password): user = User.query.get(session.pop('reset_id')) user.password = password db.session.add(user) db.session.commit() flash('Password reset. Please log in.') return redirect(url_for('auth.login')) else: flash('Invalid password. 6 or more characters required.') return render_template('reset_password.html')
def profile(): user = g.user if request.values: password = request.values['password'] if password: if is_valid_password(password): user.password = password else: flash('Password does not meet complexity requirements.') user.avatar = request.values['avatar'] user.signature = request.values['signature'] user.name = request.values['name'] user.question = request.values['question'] user.answer = request.values['answer'] db.session.add(user) db.session.commit() flash('Account information changed.') return render_template('profile.html', user=user, questions=QUESTIONS)
def register(): if request.method == 'POST': username = request.form['username'] if not User.query.filter_by(username=username).first(): email = request.form['email'] if not User.query.filter_by(email=email).first(): password = request.form['password'] if is_valid_password(password): user = User(**request.form.to_dict()) db.session.add(user) db.session.commit() create_welcome_message(user) flash('Account created. Please log in.') return redirect(url_for('auth.login')) else: flash('Password does not meet complexity requirements.') else: flash('Email already exists.') else: flash('Username already exists.') return render_template('register.html', questions=QUESTIONS)