def password_request_reset(): logging_prefix = logger_prefix + "password_request_reset() - " log.info(logging_prefix + "Starting") try: form = forms.userEmailForm(request.form) search_form = forms.searchForm() if request.method == 'POST': if form.validate(): email = form.user_email.data #make sure the email exists in the system conn=get_mysql().cursor(DictCursor) conn.execute("SELECT id FROM users WHERE email = %s", (email,)) user = conn.fetchone() conn.close() if user: expiration_ts = int(time.time()) + 3600 password_reset_hash = sha256(SALTS['user'],str(user['id']) + str(expiration_ts)) #set this value in the database, so it can be expired after the password is changed conn=get_mysql().cursor(DictCursor) conn.execute("INSERT INTO password_reset_hashes (user_id,hash) VALUES (%s,%s)", (user['id'],password_reset_hash)) get_mysql().commit() conn.close() password_reset_link = "/user/password/reset/{}/{}/{}/".format(user['id'],expiration_ts,password_reset_hash) sendPasswordResetEmail(email, password_reset_link) flash("An email has been sent to '{}' with a link to reset your password. This link expires in 1 hour.".format(email),'success') else: flash("The email you entered was not found", "danger") else: print(form.errors) except Exception as e: error = "There was an error completing your request. Details: {}".format(e) flash(error,'danger') log.exception(logging_prefix + error) return render_template("password_reset.html", page_title="Reset Your Password", page_type="REQUEST", form=form, search_form=search_form )
def reverify(): logging_prefix = logger_prefix + "reverify() - " log.info(logging_prefix + "Starting") try: form = forms.userEmailForm(request.form) search_form = forms.searchForm() if request.method == 'POST': if form.validate(): email = form.user_email.data #make sure the email exists in the system conn=get_mysql().cursor(DictCursor) conn.execute("SELECT verification_hash FROM users WHERE email = %s", (email,)) user = conn.fetchone() conn.close() if user: sendAccountVerificationEmail(email, user['verification_hash']) flash("A verification email has been sent to '{}' with a link to verify your account.".format(email),'success') else: flash("The email you entered was not found", "danger") else: print(form.errors) except Exception as e: error = "There was an error completing your request. Details: {}".format(e) flash(error,'danger') log.exception(logging_prefix + error) return render_template("account_reverify.html", page_title="Verify Account", form=form, search_form=search_form )