def trigger_reset(): """ Allow user to trigger a reset of the password in case they forget it """ values = {"csrf_token": generate_csrf_token()} # If it's a simple GET method we return the form if request.method == 'GET': return render_template('account/trigger_reset.html', form_fill=values) # Get the email email = request.form.get('email') # Simple check to see if the email was provided. Flash error if not if email is None or not len(email): flash_error("Please enter an email address!") return render_template('account/trigger_reset.html', form_fill=values) # Get the account for this email account = Account.by_email(email) # If no account is found we let the user know that it's not registered if account is None: flash_error("No user is registered under this address!") return render_template('account/trigger_reset.html', form_fill=values) account.reset_loginhash() db.session.commit() # Send the reset link to the email of this account sendhash(account) # Redirect to the login page return redirect(url_for('account.email_message', id=account.id))
def login_perform(): account = Account.by_email(request.form.get('login')) #if account is not None and account.verified == True: if account is not None: if check_password_hash(account.password, request.form.get('password')): logout_user() login_user(account, remember=True) flash_success("Welcome back, " + account.fullname + "!") return redirect(url_for('home.index')) flash_error("Incorrect user name or password!") return login()
def trigger_reset(self): self._disable_cache() if request.method == 'GET': return render('account/trigger_reset.html') email = request.params.get('email') if email is None or not len(email): h.flash_error(_("Please enter an email address!")) return render('account/trigger_reset.html') account = Account.by_email(email) if account is None: h.flash_error(_("No user is registered under this address!")) return render('account/trigger_reset.html') send_reset_link(account) h.flash_success(_("You've received an email with a link to reset your " + "password. Please check your inbox.")) redirect(h.url_for(controller='account', action='login'))
def trigger_reset(self): self._disable_cache() if request.method == 'GET': return render('account/trigger_reset.html') email = request.params.get('email') if email is None or not len(email): h.flash_error(_("Please enter an email address!")) return render('account/trigger_reset.html') account = Account.by_email(email) if account is None: h.flash_error(_("No user is registered under this address!")) return render('account/trigger_reset.html') send_reset_link(account) h.flash_success( _("You've received an email with a link to reset your " + "password. Please check your inbox.")) redirect(h.url_for(controller='account', action='login'))
def do_reset(self): email = request.params.get('email') if email is None or not len(email): h.flash_error(_("The reset link is invalid!")) redirect(h.url_for(controller='account', action='login')) account = Account.by_email(email) if account is None: h.flash_error(_("No user is registered under this address!")) redirect(h.url_for(controller='account', action='login')) if request.params.get('token') != account.token: h.flash_error(_("The reset link is invalid!")) redirect(h.url_for(controller='account', action='login')) who_api = request.environ['repoze.who.plugins']['auth_tkt'] headers = who_api.remember(request.environ, {'repoze.who.userid': account.name}) response.headers.extend(headers) h.flash_success(_("Thanks! You have now been signed in - please change " + "your password!")) redirect(h.url_for(controller='account', action='settings'))
def make_account(name='test', fullname='Test User', email='*****@*****.**', admin=False, verified=True): from openspending.model.account import Account # First see if the account already exists and if so, return it account = Account.by_email(email) if account: return account # Account didn't exist so we create it and return it account = Account() account.fullname = fullname account.email = email account.admin = admin account.verified = verified db.session.add(account) db.session.commit() return account
def do_reset(self): email = request.params.get('email') if email is None or not len(email): h.flash_error(_("The reset link is invalid!")) redirect(h.url_for(controller='account', action='login')) account = Account.by_email(email) if account is None: h.flash_error(_("No user is registered under this address!")) redirect(h.url_for(controller='account', action='login')) if request.params.get('token') != account.token: h.flash_error(_("The reset link is invalid!")) redirect(h.url_for(controller='account', action='login')) who_api = request.environ['repoze.who.plugins']['auth_tkt'] headers = who_api.remember(request.environ, {'repoze.who.userid': account.name}) response.headers.extend(headers) h.flash_success( _("Thanks! You have now been signed in - please change " + "your password!")) redirect(h.url_for(controller='account', action='settings'))
def trigger_reset(self): """ Allow user to trigger a reset of the password in case they forget it """ # Disable the cache self._disable_cache() # If it's a simple GET method we return the form if request.method == 'GET': return templating.render('account/trigger_reset.html') # Get the email email = request.params.get('email') # Simple check to see if the email was provided. Flash error if not if email is None or not len(email): h.flash_error(_("Please enter an email address!")) return templating.render('account/trigger_reset.html') # Get the account for this email account = Account.by_email(email) # If no account is found we let the user know that it's not registered if account is None: h.flash_error(_("No user is registered under this address!")) return templating.render('account/trigger_reset.html') # Send the reset link to the email of this account send_reset_link(account) # Let the user know that email with link has been sent h.flash_success( _("You've received an email with a link to reset your " + "password. Please check your inbox.")) # Redirect to the login page redirect(h.url_for(controller='account', action='login'))
def trigger_reset(self): """ Allow user to trigger a reset of the password in case they forget it """ # Disable the cache self._disable_cache() # If it's a simple GET method we return the form if request.method == 'GET': return templating.render('account/trigger_reset.html') # Get the email email = request.params.get('email') # Simple check to see if the email was provided. Flash error if not if email is None or not len(email): h.flash_error(_("Please enter an email address!")) return templating.render('account/trigger_reset.html') # Get the account for this email account = Account.by_email(email) # If no account is found we let the user know that it's not registered if account is None: h.flash_error(_("No user is registered under this address!")) return templating.render('account/trigger_reset.html') # Send the reset link to the email of this account send_reset_link(account) # Let the user know that email with link has been sent h.flash_success(_("You've received an email with a link to reset your " + "password. Please check your inbox.")) # Redirect to the login page redirect(h.url_for(controller='account', action='login'))
def register(): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) try: # Grab the actual data and validate it data = AccountRegister().deserialize(values) #check if email is already registered # it is, then send the email hash for the login #check that email is real #get the domain print data['email'] if (data['email'].find('@') == -1 or data['email'].find('.') == -1): raise colander.Invalid(AccountRegister.email, "You must use a valid USG email address") domain = data['email'][data['email'].find('@') + 1:] if 'EMAIL_WHITELIST' not in current_app.config.keys(): raise colander.Invalid(AccountRegister.email, "System not set correctly. Please contact the administrator.") domainvalid = False for domainemail in current_app.config['EMAIL_WHITELIST']: if domain.lower() == domainemail.lower(): domainvalid = True if not domainvalid: raise colander.Invalid(AccountRegister.email, "Your email is not available for registration. Currently it is only available for US Government emails.") # Check if the username already exists, return an error if so if Account.by_email(data['email']): #resend the hash here to the email and notify the user raise colander.Invalid( AccountRegister.email, "Login Name already exists. Click reset password.") # Create the account account = Account() account.fullname = data['fullname'] account.email = data['email'] db.session.add(account) db.session.commit() # Perform a login for the user #login_user(account, remember=True) sendhash(account) # TO DO redirect to email sent page return redirect(url_for('account.email_message', id=account.id)) except colander.Invalid as i: errors = i.asdict() values["csrf_token"] = generate_csrf_token() return render_template('account/login.jade', form_fill=values, form_errors=errors)
def register(): """ Perform registration of a new user """ errors, values = {}, dict(request.form.items()) try: # Grab the actual data and validate it data = AccountRegister().deserialize(values) #check if email is already registered # it is, then send the email hash for the login #check that email is real #get the domain if (data['email'].find('@') == -1 or data['email'].find('.') == -1): flash_error("You must use a valid USG email address") raise colander.Invalid(AccountRegister.email, "You must use a valid USG email address") domain = data['email'][data['email'].find('@') + 1:] if 'EMAIL_WHITELIST' not in current_app.config.keys(): flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "System not set correctly. Please contact the administrator.") domainvalid = False for domainemail in current_app.config['EMAIL_WHITELIST']: if domain.lower() == domainemail.lower(): domainvalid = True if not domainvalid: flash_error( "Your email is not current supported. The login option is only available for US Government offices at this time." ) raise colander.Invalid( AccountRegister.email, "Your email is not available for registration. Currently it is only available for US Government emails." ) # Check if the username already exists, return an error if so if Account.by_email(data['email']): flash_error( "Login Name already exists. Click request password reset to change your password." ) #resend the hash here to the email and notify the user raise colander.Invalid( AccountRegister.email, "Login Name already exists. Click request password reset to change your password." ) # Create the account account = Account() account.fullname = data['fullname'] account.email = data['email'] db.session.add(account) db.session.commit() # Perform a login for the user #login_user(account, remember=True) sendhash(account) # TO DO redirect to email sent page return redirect(url_for('account.email_message', id=account.id)) except colander.Invalid as i: errors = i.asdict() if request.form.get("csrf_token", None): values['csrf_token'] = request.form.get('csrf_token') else: values["csrf_token"] = generate_csrf_token() return render_template( 'account/login.jade', form_fill=values, form_errors=errors, form_fill_login={'csrf_token': values['csrf_token']})