def reset_pwd(request):
if request.method == 'POST':
form = ResetPasswordForm(request.POST.copy())
if form.is_valid():
oldpassword = form.cleaned_data["oldpassword"]
user = auth.authenticate(username=request.user.username,
password=oldpassword)
if user == request.user:
newpassword2 = form.cleaned_data["newpassword2"]
user.set_password(newpassword2)
user.save()
return render_to_response(
'accounts/profile_reset_password.html', {
'form': form,
'sidebar_index': 'reset_pwd',
'reset_success': 'Y'
},
context_instance=RequestContext(request))
error_msg = ["原密码错误"]
form.errors['oldpassword'] = ErrorList(error_msg)
else:
form = ResetPasswordForm()
return render_to_response('accounts/profile_reset_password.html', {
'form': form,
'sidebar_index': 'reset_pwd'
},
context_instance=RequestContext(request))
def password_reset_done(request, pk):
try:
user_reset_password = UserResetPassword.objects.get(user_id=pk)
response = ''
success_message = ''
except UserResetPassword.DoesNotExist:
return HttpResponse("User does not exist.")
if request.method == 'POST':
reset_password_form = ResetPasswordForm(data=request.POST)
if reset_password_form.is_valid():
password = request.POST['new_password']
success_message = utils.reset_password(user_reset_password,
password)
else:
# ResetPasswordForm.errors
response = messages.PASSWORD_MISMATCH
else:
reset_password_form = ResetPasswordForm()
return render(
request, 'reset_password.html', {
'form': reset_password_form,
'response': response,
'success_message': success_message
})
def reset_password(request):
"""
View for resetting a user's password
"""
if request.method == 'POST':
form = ResetPasswordForm(request.POST)
if form.is_valid():
# Generate password
new_password = User.objects.make_random_password(
length=16,
allowed_chars=
'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789')
user = User.objects.get(
username__exact=form.cleaned_data.get('username'),
email__exact=form.cleaned_data.get('email'))
# Send password reset mail
text = get_template('mail/reset_password.txt')
html = get_template('mail/reset_password.haml')
mail_context = Context({
'username':
form.cleaned_data.get('username'),
'new_password':
new_password
})
text_content = text.render(mail_context)
html_content = html.render(mail_context)
message = EmailMultiAlternatives('Element43 password reset',
text_content,
settings.DEFAULT_FROM_EMAIL,
[form.cleaned_data.get('email')])
message.attach_alternative(html_content, "text/html")
message.send()
# Save new password
user.set_password(new_password)
user.save()
# Add success message
messages.info(
request,
'A new password has been sent to your e-mail address.')
# Redirect home
return HttpResponseRedirect(reverse('home'))
else:
form = ResetPasswordForm()
rcontext = RequestContext(request, {})
return render_to_response('reset_password.haml', {'form': form}, rcontext)
def reset_password(request):
if request.method == 'GET':
form = ResetPasswordForm()
return render(request, 'reset_password.html', {'form': form})
else:
form = ResetPasswordForm(request.POST)
try:
username_or_email = request.POST['username_or_email'].lower(
).strip()
user = User.objects.filter(
username=username_or_email) | User.objects.filter(
email=username_or_email)
user = user[0]
except:
errors = form.add_error("", "User not found")
data = {'form': form}
return render(request, 'reset_password.html', data)
# if user already has a profile attached
if hasattr(user,
'profile') and user.profile.password_reset_token != None:
dt = timezone.now() - user.profile.password_reset_token_expiration
hours = dt.seconds / 60 / 60
if hours >= 1:
user.profile.password_reset_token = uuid.uuid4()
user.profile.password_reset_token_expiration = timezone.now()
user.profile.save()
send_reset_email(request, user)
messages.success(request, 'Reset password email sent.')
return redirect('main_index')
else:
errors = form.add_error(
"", "The recover link has already been requested")
data = {'form': form}
# wait one hour before ask for another reset password token
return render(request, 'reset_password.html', data)
if hasattr(user,
'profile') and user.profile.password_reset_token == None:
# update existing profile
profile = user.profile
addNewProfile = False
else:
#create new profile
profile = Profile()
addNewProfile = True
profile.password_reset_token = uuid.uuid4()
profile.password_reset_token_expiration = timezone.now()
if addNewProfile == True:
user.profile = profile
profile.save() # save profile
user.save() # save userp
# send confirmation email
send_reset_email(request, user)
messages.success(request, 'Reset password email sent.')
return redirect('main_index')
def reset_password(request, template_name, extra_context=None):
if request.method == 'POST':
form = ResetPasswordForm(request.POST)
if form.is_valid():
user = User.objects.get(username=form.cleaned_data['username'])
user.set_password(form.cleaned_data['new_password'])
return JSONResponse({})
else:
return JSONError(utils.dump_form_errors(form))
else:
form = ResetPasswordForm()
return render_to_response(template_name, {'form': form},
context_instance=RequestContext(request))
def password_reset(request):
if request.method == "POST":
password_reset_form = ResetPasswordForm(request.POST)
if password_reset_form.is_valid():
email = password_reset_form.save()
return direct_to_template(request, "account/password_reset_done.html", {
"email": email,
})
else:
password_reset_form = ResetPasswordForm()
return direct_to_template(request, "account/password_reset.html", {
"password_reset_form": password_reset_form,
})
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('admin'))
user = User.varify_reset_token(token)
if user is None:
flash('that is invalid or expired token ', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
register = Register(name=form.name.data,
username=form.username.data,
email=form.email.data,
password=form.password.data,
country=form.country.data,
city=form.city.data,
contact=form.contact.data,
address=form.address.data,
zipcode=form.zipcode.data)
db.session.add(register)
flash(f'Welcome {form.name.data} Thank you for registering', 'success')
db.session.commit()
return redirect(url_for('customerLogin'))
return render_template('customer/reset_token.html',
title='Reset Password',
form=form)
def reset():
token = request.args.get('token')
if not token:
log_message(f'no token attempted reset')
abort(404)
try:
user = User.deserialize(token)
except SignatureExpired:
flash('Expired Token', 'danger')
log_message('expired token reset attempt')
return redirect(url_for('main.index'))
except BadSignature:
flash('Invalid token', 'danger')
log_message('bad signature reset attempt')
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
log_message(f'user_id: {user.id} changed password')
user.change_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Password reset', 'success')
login_user(user)
return redirect(url_for('dash.index'))
return render_template('auth/reset.html.j2', form=form)
def reset_password():
form = ResetPasswordForm(request.form)
if request.method == "POST" and form.validate():
token = form.token.data
s = Signer(app.config['SECRET_KEY'])
try:
email = s.unsign(token)
except BadSignature:
return render_template("reset_invalid_token.html")
user = User.query.filter_by(email=email).first()
if user:
user.set_password(form.password.data)
print user.password
login_user(user)
return redirect("/")
else:
return render_template("reset_invalid_token.html")
token = request.args.get('token', None)
if not token:
return render_template("reset_invalid_token.html")
return render_template("reset_password.html", form=form, token=token)
def resetpassword():
form = ResetPasswordForm()
if request.method == 'GET':
return render_template('modify.html', form=form)
else:
if form.validate_on_submit():
with g.db as cur:
sql2 = 'select * from usertable where user_id="{0}" and user_password="******"'.format(
form.user_id.data, form.user_password.data)
cur.execute(sql2)
infos = [dict(id=row[0]) for row in cur.fetchall()]
if infos == []:
flash('Invalid!')
else:
with g.db as cur:
sql = """update usertable set user_password= '******' where user_id='{1}'
""".format(form.user_newpassword.data, form.user_id.data)
cur.execute(sql)
flash('You have resetpassword!')
else:
flash(form.errors)
return redirect(url_for('show_todo_list'))
def reset_password():
form = ResetPasswordForm()
if request.method == 'GET':
forgot_password_token = request.args.get('token')
user = User.query.filter(User.forgotPasswordToken == forgot_password_token).first()
if not user:
abort(404)
return render_template('reset_password.html', form=form, token=user.forgotPasswordToken)
if request.method == 'POST':
if form.validate_on_submit():
if form.password.data != form.retype_password.data:
flash("Entered passwords did not match")
user = User.query.filter(User.forgotPasswordToken == request.form.get('token').strip()).first()
if user:
user.set_password(form.retype_password.data)
user.forgotPasswordToken = ""
db.session.commit()
return redirect(url_for("api.home"))
else:
abort(404)
abort(405)
def reset_password():
form = ResetPasswordForm()
if form.validate_on_submit():
# Query "users" database for hash using lookup
user = db.execute("SELECT * FROM user WHERE user_id = :user_id",
user_id=session.get("user_id"))
# Ensure current password is entered correctly
if not check_password_hash(user[0]["hashed_pw"],
form.current_password.data):
flash('Current Password is invalid. Please re-enter', 'danger')
return redirect("/account_settings")
else:
# Hash new password
hashed_pw = generate_password_hash(form.new_password.data)
# Update password in "user" table
update_hash = db.execute(
"UPDATE user SET hashed_pw = :hashed_pw WHERE user_id = :user_id",
user_id=int(session.get("user_id")),
hashed_pw=hashed_pw)
# flash message
flash('Password has been updated successfully!', 'success')
else:
flash("Sorry, we're unable to reset your password.", 'danger')
return redirect("/account_settings")
def password_reset(token):
email = confirm_token(token)
user = User.query.filter_by(email=email).first()
if user and user.reset:
form = ResetPasswordForm(request.form)
kwargs = {
'page_title': 'Reset Password',
'form_title': 'Reset Your Password',
'action': url_for('password_reset', token=token),
'primary_button': 'Submit',
'links': [('Need help?', '#')]
}
if form.validate_on_submit():
user.password = bcrypt.generate_password_hash(form.password.data)
user.reset = False
db.session.commit()
flash(
'Your password has been successfully reset. You can log in now.',
'success')
return redirect(url_for('homepage'))
return render_template('formbuilder.html', form=form, **kwargs)
else:
flash('The reset password link is invalid or has expired.', 'danger')
return redirect(url_for('homepage'))
def reset_token(token):
'''This function will update the new password for the user.'''
username = session['username']
valid = verify_reset_token(token)
con = mysql.connect()
cursor = con.cursor()
if valid is False:
flash('This URL has expired', 'warning')
return redirect(url_for('forgot_password'))
form = ResetPasswordForm()
userDetails = request.form
if form.validate_on_submit():
password = bcrypt.generate_password_hash(str(
userDetails['password'])).decode('utf-8')
res = cursor.execute("SELECT * from USERS WHERE Email = %s;",
(username))
if int(res) > 0:
cursor.execute("UPDATE USERS SET Password = %s WHERE Email = %s",
(password, username))
con.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('login'))
else:
print("Record Not found")
flash("Email id does not exist", "error")
con.close()
return render_template('reset_token.html',
title='Reset Password',
form=form)
def reset_password_link_page(urlsafe_string):
try:
temp_url = TemporaryUrl.get_by_id(int(urlsafe_string))
except Exception as e:
logging.info(e)
return render_template('not_found_page.html'), 404
if not temp_url.isActive():
logging.info('password reset link expired')
return render_template('not_found_page.html'), 404
if not temp_url.user_key:
logging.info('Reset link with no user key')
return render_template('not_found_page.html'), 404
form = ResetPasswordForm()
if form.validate_on_submit():
user = temp_url.user_key.get()
user.password = generate_password_hash(form.password.data)
user.put()
temp_url.isValid = False
temp_url.put()
return redirect(url_for('web_app.home_page'))
return render_template('reset_password_link_page.html',
form=form,
urlsafe_string=urlsafe_string)
def reset_password(serialized_token):
expired, invalid, user = unserialize_token(serialized_token, 'reset')
if expired:
flash(msgs['LINK_EXPIRED'], 'error')
return redirect(url_for('.index'))
if invalid:
flash(msgs['LINK_INVALID'], 'error')
return redirect(url_for('.index'))
form = ResetPasswordForm()
form.login.data = user.login
if form.validate_on_submit():
encrypted_password = encrypt_password(form.password.data)
user.passhash = encrypted_password
db.session.add(user)
db.session.commit()
form.dispose_password()
flash(msgs['RESET_PASSWORD_SUCCESS'])
return redirect(url_for('.login'))
for field in form.errors:
flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error')
return render_template('reset_password.html', form=form, serialized_token=serialized_token)
def reset_password():
if request.method == "POST":
form = ResetPasswordForm( request.form)
if( form.validate()):
user = User.objects.get( email=form.email.data)
password_reset_token = user.generate_password_reset_token()
host = request.headers["HOST"]
link = "http://%s/accounts/password/reset/%s" % (host, password_reset_token)
mesg = "Hi %s,\n\nSomeone (probably you) requested for a password reset at %s. Please visit the following link if you wish to reset your password:\n\n%s\n\nHave a good day!" % (user.name, host, link)
send_mail( "[%s] Reset Password" % host, mesg, current_app.config["SERVER_EMAIL"], [user.email], fail_silently=False)
flash( "Sent you a mail to reset the password. Do remember to check your spam folder as well.", "success")
form = ResetPasswordForm()
return render_template( "auth/reset_password.html", **locals())
def before_request():
g.user = current_user
g.login_form = LoginForm()
g.search_form = SearchForm()
g.form = RegistrationForm()
g.forget_form = ForgetForm()
g.reset_pwd_form = ResetPasswordForm()
g.reset_email_form = ResetEmailForm()
g.add_prod_form = AddProdForm()
def post(self,token):
headers = {'Content-Type': 'text/html'}
form = ResetPasswordForm()
if form.validate_on_submit():
#user.set_password(form.password.data)
#db.session.commit()
updatePassword(token,form.password.data)
return make_response(render_template('reset_password.html',form=form),200,headers)
def update_password_form(username, token):
user = User.validate_reset_token(username, token)
form = ResetPasswordForm()
if user:
render_template('reset-password.html', form=form, user=user)
else:
abort(401)
def forgotten_password():
form = ResetPasswordForm()
if form.validate_on_submit():
registered_user = retrieve_user_by_name(username=form.username.data)
if registered_user != 'unknown user' and registered_user.email == form.email.data:
send_mail(form.email.data, 'reset_password')
return '<h1>A link has been sent to your registered email to reset your password</h1>'
else:
return '<h1>username or email is not registered</h1>'
return render_template('Forgotten_Password.html', form=form)
def admin_reset_password():
form = ResetPasswordForm()
if form.validate_on_submit():
admin_id = current_user.id
admin = Admin.query.get(int(admin_id))
admin.password = generate_password_hash(form.password.data)
admin.is_pw_changed = True
db.session.commit()
return redirect(url_for('admin_dashboard'))
return render_template('admin/reset_password.html', form=form)
def reset_password(username):
form = ResetPasswordForm()
if form.validate_on_submit():
password = form.password.data
user = User.update_password(username, password)
return redirect('/login')
def reset_password(request):
def reset_fail(msg):
messages.add_message(request, messages.ERROR, msg)
return HttpResponseRedirect(reverse('main_page'))
if request.method == 'GET':
reset_string = request.GET.get('rid')
user_id = request.GET.get('uid')
if reset_string and user_id:
profile = UserProfile.objects.get(pk=ObjectId(user_id))
if profile.password_reset_stub == reset_string:
form = ResetPasswordForm(initial={
'user': user_id,
'reset_string': reset_string
})
return render_to_response(
'reset_password.html',
locals(),
context_instance=RequestContext(request))
return HttpResponseRedirect(reverse('main_page'))
form = ResetPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
try:
profile = UserProfile.objects.get(pk=ObjectId(data['user']))
except UserProfile.DoesNotExist:
return reset_fail(
"An error occurred while resetting your password.")
if profile.password_reset_stub == data['reset_string']:
profile.password_reset_stub = ""
profile.user.set_password(data['password1'])
profile.user.save()
profile.save()
messages.add_message(request, messages.SUCCESS,
"Your password has been reset successfully.")
return HttpResponseRedirect(reverse('login'))
return reset_fail("An error occurred while resetting your password.")
return render_to_response('reset_password.html',
locals(),
context_instance=RequestContext(request))
def password_reset():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = UserData.query.filter_by(email=form.email.data).first()
if user:
token = user.generate_password_reset()
send_email(user.email, 'Forex Access Reset Your Password', 'email_password_reset', user=user, token=token)
flash('Check Your email for the instructions to reset your password')
return render_template('password_reset.html', form=form)
def forgot_password(request):
if request.user.is_authenticated:
return HttpResponse('User already logged int')
if request.method == 'GET':
return render(request, "forgotpassword.html", {})
elif request.method == 'POST':
form = ResetPasswordForm(request.POST)
if form.is_valid():
return AuthCenter.process_form(form, request)
return HttpResponse('Invalid form')
else:
return HttpResponseServerError('Invalid method invoked %s' % request.method)
def reset_pass():
form = ResetPasswordForm()
email = session.get('email')
if request.method == 'GET':
return render_template('reset_password.html', title='Reset Password', form=form)
else:
response = table.get_item(Key={'email': email})
user = response['Item']
user['password'] = hash_password(form.password.data)
table.put_item(Item=user)
return redirect('/Prod/login')
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = Student.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def profile():
password_reset_form = ResetPasswordForm()
username_reset_form = ResetUsernameForm()
existing_user = user.query.filter_by(email=current_user.email).first()
security_question = security_question_dict[existing_user.security_question]
existing_answer = existing_user.security_answer
existing_password = existing_user.password
if password_reset_form.validate_on_submit():
security_answer = password_reset_form.security_answer.data
new_password = password_reset_form.new_password.data
if not check_password_hash(existing_answer, security_answer):
flash("wrong security answer")
return redirect(url_for('auth.profile'))
print(new_password)
existing_user.password = generate_password_hash(new_password,
method='sha256')
try:
db.session.commit()
return redirect(url_for('index'))
except:
return "Update error"
if username_reset_form.validate_on_submit():
old_password = username_reset_form.old_password.data
new_username = username_reset_form.new_username.data
if not check_password_hash(existing_password, old_password):
flash("wrong password or security answer")
return redirect(url_for('auth.profile'))
user_already_exists = user.query.filter_by(
username=new_username).first()
if user_already_exists:
flash("username is taken")
return redirect(url_for('auth.profile'))
existing_user.username = new_username
try:
db.session.commit()
return redirect(url_for('index'))
except:
return "Update error"
return render_template('profile.html',
current_user=current_user,
password_reset_form=password_reset_form,
username_reset_form=username_reset_form,
security_question=security_question)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('signup'))
user = User.verify_reset_token(token)
if user is None:
flash('That is invalid or expired token', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
password = generate_password_hash(form.password.data)
user.password = password
db.session.commit()
flash('Yor password has been updated!', 'success')
return redirect(url_for('login'))
return render_template('reset_token.html', form=form)
