def is_admin(app, db, form, token_reset=None): if 'username' not in form: return None, False if 'password' not in form: return None, False username, password = form['username'], form['password'] password = pwd_context.hash(password) if token_reset is None: kwargs = dict(name=username, password=password) else: kwargs = dict(name=username, token_reset=token_reset, password_reset=password) req = db.session.query(Users).filter_by(**kwargs).first() if token_reset is not None: req.password = password req.token_reset = '' req.password_reset = '' db.session.commit() return req, True if req is not None: return req, True """ First connexion """ kwargs = dict(name=username) req = db.session.query(Users).filter_by(**kwargs).first() if req is not None: req.password = password db.session.commit() return req, True else: return None, False
def send_email_reset_password(app, db, form): fields = ['name', 'email'] options = [ get_user(field, form, db) for field in fields ] if options == [None]*len(options): return False, None option = [ i for i in options if i != None ][0] email = option.email new_password = ''.join(random.choice(string.ascii_letters) for i in range(25)) token = ''.join(random.choice(string.ascii_letters) for i in range(25)) new_password_hash = pwd_context.hash(new_password) option.token_reset = token option.password_reset = new_password_hash db.session.commit() url = "https://cassiopee.hackademint.org" subject = "Cassiopee HackademINT: Forgot Your Password?" body = ("Hello {0},\nYou asked for a password reset on {2}.\nIf you did " "not asked for " "it just ignore this message.\nIf you really want to reset it, you " "can login at {2}/login/{3} with the following password: {1}\nThe " "password will be updated with this new value only if you connect " "to this link with your new password, otherwise, it does not " "change your settings.\n\n---- Powered by Flask ----\n" ".".format(option.name, new_password, url, token)) msg = Message(subject=subject, body=body, sender=MAIL_USERNAME, recipients=[email]) mail.send(msg) return True, email
def add_admin(app, db, form): checks = [ (field in form.keys()) for field in ['name', 'email', 'password']] if False in checks: return False kwargs = {'name': form['name']} user = db.session.query(Users).filter_by(**kwargs).first() if user is not None: return False kwargs = {'email': form['email']} user = db.session.query(Users).filter_by(**kwargs).first() if user is not None: return False kwargs = {'name': form['name'], 'email': form['email'], 'password': pwd_context.hash(form['password'])} user = Users(**kwargs) db.session.add(user) db.session.commit() return True
def update_password(app, db, form): checks = [ (field in form.keys()) for field in ['password', 'previous_password']] if False in checks: flash('An error occurred while trying to update your password.', 'error') return False if not is_password_verified(db, form['previous_password']): flash('Wrong previous password.', 'error') return False kwargs = dict(name=current_user.name) req = db.session.query(Users).filter_by(**kwargs).first() if req is not None: req.password = pwd_context.hash(password) db.session.commit() flash('Your password has been updated successfully.', 'success') return True else: flash('An error occurred while trying to update your password.', 'error') return False
def is_password_verified(db, password): password = pwd_context.hash(password) kwargs = dict(name = current_user.name, password = password) req = db.session.query(Users).filter_by(**kwargs).first() return req is not None