def password_reset(username, code): require_current = None message = None form = PasswordResetForm() user = User.getByName(username) if not user and user.change_configuration.get('password_reset_code') != code: abort(404) if request.method == 'POST': del form.current_password if form.validate_on_submit(): if form.password.data == form.confirm.data: salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.change_configuration = {} user.update_record() if session.get('username'): session['username'] = '' return redirect(url_for('.password_reset_complete')) return render_template('user/password_reset.html', form=form, message=message, require_current=require_current, username=username, code=code )
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.objects.filter(username=session.get('username')).first() if not user: abort(404) if request.method == 'POST': if form.validate_on_submit(): if form.current_password.data == user.password: # salt = bcrypt.gensalt() # hashed_password = bcrypt.hashpw(form.password.data.encode('UTF_8'), salt) hashed_password = form.password.data user.password = hashed_password user.save() # if user is logged in, log him out if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) else: error = "Incorrect password" return render_template('user/password_reset.html', form=form, require_current=require_current, error=error)
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.objects.filter(username=session.get("username")).first() if not user: abort(404) if request.method == "POST": if form.validate_on_submit(): if bcrypt.hashpw(form.current_password.data, user.password) == user.password: salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.save() body_html = render_template("mail/user/password_change.html", user=user) body_text = render_template("mail/user/password_change.txt", user=user) email(user.email, "Password change request", body_html, body_text) # If user is logged in, log him/her out if session.get("username"): session.pop("username") return redirect(url_for("user_app.password_reset_complete")) else: error = "Incorrect password" return render_template("user/password_reset.html", form=form, require_current=require_current, error=error)
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.getByName(username=session.get('username')) if not user: abort(404) if request.method == 'POST': if form.validate_on_submit(): if bcrypt.hashpw(form.current_password.data, user.password) == user.password: salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.update_record() # if user is logged in, log him out if session.get('username'): session.pop('username') return redirect(url_for('.password_reset_complete')), 302 else: error = "Incorrect password" return render_template('user/password_reset.html', form=form, require_current=require_current, error=error )
def password_reset(username, code): message = None require_current = None form = PasswordResetForm() user = User.objects.filter(username=username).first() if not user or code != user.change_configuration.get('password_reset_code'): abort(404) if request.method == 'POST': del form.current_password if form.validate_on_submit(): salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.change_configuration = {} user.save() if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) return render_template('user/password_reset.html', form=form, message=message, require_current=require_current, username=username, code=code )
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.objects.filter(username=session.get('username')).first() if not user: abort(404) if request.method == 'POST': if form.validate_on_submit(): if bcrypt.hashpw(form.current_password.data, user.password) == user.password: salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.save() # email the user the confirmation of password change body_html = render_template('mail/user/change_password_confirmation.html') body_text = render_template('mail/user/change_password_confirmation.txt') email(user.email, "Recent Password Change", body_html, body_text) # if user is logged in, log out if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) else: error = "Incorrect password" return render_template('user/password_reset.html', form=form, require_current=require_current, error=error )
def change_password(): require_current = True error = None form = PasswordResetForm() user = User.objects.filter(username=session.get('username')).first() if not user: abort(404) if request.method == 'POST': if form.validate_on_submit(): if bcrypt.hashpw(form.current_password.data, user.password) == user.password: salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.save() # if user is logged in, log him out if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) else: error = "Incorrect password" return render_template('user/password_reset.html', form=form, require_current=require_current, error=error )
def password_reset(username, code): message = None require_current = None form = PasswordResetForm() user = User.objects.filter(username=username).first() if not user or code != user.change_configuration.get('password_reset_code'): abort(404) if request.method == 'POST': del form.current_password if form.validate_on_submit(): salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password user.change_configuration = {} user.save() if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) return render_template('user/password_reset.html', form=form, message=message, require_current=require_current, username=username, code=code )
def password_reset(request): form = PasswordResetForm(data=request.POST) if form.is_valid(): email = form.cleaned_data.get('email') form.save( use_https=request.is_secure(), from_email=None, subject_template_name='registration/password_reset_subject.txt', email_template_name='registration/password_reset_email.html', token_generator=account_activation_token, request=request) return render(request, 'registration/password_reset_done.html', {'email': email}) return render(request, 'registration/password_reset_form.html', {'form': form})
def password_reset(request): if request.method == "POST": form = PasswordResetForm(request.POST, ) if form.is_valid(): email = form.cleaned_data.get('email') user = User.objects.get(email=email) msg = tokens.generate_pw_reset_email(user, request) msg.send() return HttpResponseRedirect(reverse('password_reset_done')) else: return TemplateResponse(request, 'password_reset_form.html', {'form': form}) else: form = PasswordResetForm() context = { 'form': form, } return TemplateResponse(request, 'password_reset_form.html', context)
def password_reset(request): if request.method == "POST": form = PasswordResetForm(request.POST, ) if form.is_valid(): email = form.cleaned_data.get('email') user = User.objects.get(email=email) msg = tokens.generate_pw_reset_email(user, request) msg.send() return HttpResponseRedirect(reverse('password_reset_done')) else: return TemplateResponse(request, 'password_reset_form.html', {'form': form}) else: form = PasswordResetForm() context = { 'form': form, } return TemplateResponse(request, 'password_reset_form.html', context)
class TestServices(TestCase): """ Test suite for testing the UserCreationForms """ def setUp(self): self.averageForm = AvgRegisterForm(data={'email' : '*****@*****.**', 'username' : 'AverageTester', 'role' : 'AVERAGE', 'first_name' : 'TesterName', 'last_name' : 'TesterSurname', 'password1' : 'TestPassword', 'password2' : 'TestPassword'}) self.academicForm = AcademicRegisterForm(data={'email' : '*****@*****.**', 'username' : 'AcademicTester', 'role' : 'TEACHER', 'first_name' : 'TesterName', 'last_name' : 'TesterSurname', 'password1' : 'TestPassword', 'password2' : 'TestPassword'}) self.passwordResetFormValid = PasswordResetForm(data={'old_password' : 'oldpassword', 'new_password' : 'newpassword', 'confirm_password' : 'newpassword' }) self.passwordResetFormInvalid = PasswordResetForm(data={'old_password' : 'oldpassword', 'new_password' : 'newpassword', 'confirm_password' : 'differentpassword' }) def test_AvgRegisterForm(self): """ Method for testing that AvgRegisterForm is valid """ self.assertTrue(self.averageForm.is_valid()) def test_AcademicRegisterForm(self): """ Method for testing that AcademicRegisterForm is valid """ self.assertTrue(self.academicForm.is_valid()) def test_PasswordResetForm_valid(self): """ Method for testing the PasswordResetForm with matching new passwords """ self.assertTrue(self.passwordResetFormValid.is_valid()) def test_PasswordResetForm_invalid(self): """ Method for testing the PasswordResetForm with non-matching new passwords """ self.assertFalse(self.passwordResetFormInvalid.is_valid())
def password_reset_handler_view(request): if request.POST: password_reset_form = PasswordResetForm(request.POST) if password_reset_form.is_valid(): email = password_reset_form.cleaned_data['email'] password_reset_form.save(request) return JsonResponse({ 'message': message( "На ваш почтовый адрес отправлена инструкция о восстановлении пароля!", request), 'result': 'success', 'url': '', }) else: response = render_template( 'PasswordReset/password_reset_form.html', {'password_reset_form': password_reset_form}, request) return JsonResponse({'response': response, 'result': 'error'})
def my_account(request): """ View for My Account page """ context = {} if (request.method == "POST"): form = PasswordResetForm(request.POST) if form.is_valid(): newPassword = form.cleaned_data['new_password'] oldPassword = form.cleaned_data['old_password'] email = request.user.email user = authenticate(username=email, password=oldPassword) if user is None: context = {} context['form'] = form context['error'] = "You have entered the wrong password" return render(request, 'classroom_main/my_account.html', context) else: context = {} user.set_password(newPassword) user.save() context['success'] = "Password changed successfully" context['form'] = PasswordResetForm() return render(request, 'classroom_main/my_account.html', context) else: form = PasswordResetForm() context['form'] = form return render(request, 'classroom_main/my_account.html', context)
def reset_password(code): serial = Serializer(app.config['SECRET_KEY']) user_obj = None form = PasswordResetForm() require_current = None error = None if request.method == 'POST': del form.current_password if form.validate_on_submit(): try: user_obj = serial.loads(code) except Exception as e: error = 'Invalid or expired password reset link. Please reset your password again.' flash(error, 'error') return redirect(url_for('login')) # return render_template('error.html') user = User.query.filter_by(id=user_obj['id'], ).first() if not user: error = 'User does not exist. Please try again with a valid email.' flash(error, 'error') return redirect(url_for('login')) salt = bcrypt.gensalt() hashed_password = bcrypt.hashpw(form.password.data, salt) user.password = hashed_password # user.save() db.session.add(user) db.session.commit() if session.get('username'): session.pop('username') return render_template('user/reset_password_confirm.html') return render_template('user/reset_password.html', form=form, error=error, require_current=require_current, code=code)
def password_reset(username, code): form = PasswordResetForm() message = None require_current = None user = User.objects.filter(username=username).first() # if the user dont exist or the reset code is wrong if not user or code != user.change_configuration.get( 'password_reset_code'): abort(404) # Bipass the form validation to be able to delete the current password # without throwing the form validation.datarequired wich would throw an error if request.method == 'POST': del form.current_password # Now we can validate if form.validate_on_submit(): # create a salt salt = bcrypt.gensalt() # create hashed password passing the new password and the salt hashed_password = bcrypt.hashpw(form.password.data, salt) # Change the users password to the hashed password user.password = hashed_password # Change the change_configuration to a empty dict user.change_configuration = {} user.save() # Check to see if the user session exists and delete if session.get('username'): session.pop('username') return redirect(url_for('user_app.password_reset_complete')) # If not POST return render_template('user/password_reset.html', form=form, message=message, require_current=require_current, username=username, code=code)
def setUp(self): self.averageForm = AvgRegisterForm(data={'email' : '*****@*****.**', 'username' : 'AverageTester', 'role' : 'AVERAGE', 'first_name' : 'TesterName', 'last_name' : 'TesterSurname', 'password1' : 'TestPassword', 'password2' : 'TestPassword'}) self.academicForm = AcademicRegisterForm(data={'email' : '*****@*****.**', 'username' : 'AcademicTester', 'role' : 'TEACHER', 'first_name' : 'TesterName', 'last_name' : 'TesterSurname', 'password1' : 'TestPassword', 'password2' : 'TestPassword'}) self.passwordResetFormValid = PasswordResetForm(data={'old_password' : 'oldpassword', 'new_password' : 'newpassword', 'confirm_password' : 'newpassword' }) self.passwordResetFormInvalid = PasswordResetForm(data={'old_password' : 'oldpassword', 'new_password' : 'newpassword', 'confirm_password' : 'differentpassword' })
def getDataForNavBaR(ctx, request): cart_count = getUserCartCount(request) login_form = LoginForm() registration_form = RegistrationForm() password_reset_form = PasswordResetForm() notification_form = NotificationForm() category_menu = Category.objects.all() ctx.update({ 'cart_count': cart_count, 'login_form': login_form, 'registration_form': registration_form, 'password_reset_form': password_reset_form, 'notification_form': notification_form, 'category_menu': category_menu, })
def test_form_renders_email_input(self): form = PasswordResetForm() self.assertIn('placeholder="*****@*****.**"', form.as_p())
def test_form_validation_for_blank_email(self): form = PasswordResetForm(data={'email': ''}) self.assertFalse(form.is_valid()) self.assertEqual(form.errors['email'], [EMPTY_EMAIL_ERROR])