aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMuriithi Frederick Muriuki2018-02-05 20:04:09 +0300
committerMuriithi Frederick Muriuki2018-02-05 20:04:09 +0300
commit03edecad79c4e8e1e10734e9e8f21f5da7912851 (patch)
treef6626b51a27bb67f18d2afc0ff9d0790f26579a6
parent1c9540879d8761d9252c3fb3f749ae0b6d5be2b9 (diff)
downloadgenenetwork2-03edecad79c4e8e1e10734e9e8f21f5da7912851.tar.gz
Add code to allow user to change password
* After the email is sent to the user, there is need to provide a way for the user to actually change their password, and have the results saved.
-rw-r--r--wqflask/wqflask/user_manager.py65
1 files changed, 43 insertions, 22 deletions
diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py
index ec29062d..8f09c206 100644
--- a/wqflask/wqflask/user_manager.py
+++ b/wqflask/wqflask/user_manager.py
@@ -55,7 +55,7 @@ logger = getLogger(__name__)
from base.data_set import create_datasets_list
import requests
-from utility.elasticsearch_tools import get_user_by_unique_column, save_user
+from utility.elasticsearch_tools import get_user_by_unique_column, save_user, es_save_data
THREE_DAYS = 60 * 60 * 24 * 3
#THREE_DAYS = 45
@@ -376,12 +376,12 @@ class ForgotPasswordEmail(VerificationEmail):
verification_code = str(uuid.uuid4())
key = self.key_prefix + ":" + verification_code
- # data = json.dumps(dict(id=user.id,
- # timestamp=timestamp())
- # )
-
- # Redis.set(key, data)
- # Redis.expire(key, THREE_DAYS)
+ data = {
+ "verification_code": verification_code,
+ "email_address": toaddr,
+ "timestamp": timestamp()
+ }
+ es_save_data(self.key_prefix, "local", data, verification_code)
subject = self.subject
body = render_template(
@@ -429,38 +429,59 @@ def verify_email():
response.set_cookie(UserSession.cookie_name, session_id_signed)
return response
-@app.route("/n/password_reset")
+@app.route("/n/password_reset", methods=['GET'])
def password_reset():
+ from utility.elasticsearch_tools import get_item_by_unique_column
logger.debug("in password_reset request.url is:", request.url)
# We do this mainly just to assert that it's in proper form for displaying next page
# Really not necessary but doesn't hurt
- user_encode = DecodeUser(ForgotPasswordEmail.key_prefix).reencode_standalone()
-
- return render_template("new_security/password_reset.html", user_encode=user_encode)
+ # user_encode = DecodeUser(ForgotPasswordEmail.key_prefix).reencode_standalone()
+ verification_code = request.args.get('code')
+ hmac = request.args.get('hm')
+ if verification_code:
+ code_details = get_item_by_unique_column(
+ "verification_code",
+ verification_code,
+ ForgotPasswordEmail.key_prefix,
+ "local")
+ if code_details:
+ user_details = get_user_by_unique_column(
+ "email_address",
+ code_details["email_address"])
+ if user_details:
+ return render_template(
+ "new_security/password_reset.html", user_encode=user_details["user_id"])
+ else:
+ flash("Invalid code: User no longer exists!", "error")
+ else:
+ flash("Invalid code: Password reset code does not exist or might have expired!", "error")
+ return redirect(url_for("login"))#render_template("new_security/login_user.html", error=error)
@app.route("/n/password_reset_step2", methods=('POST',))
def password_reset_step2():
+ from utility.elasticsearch_tools import es
logger.debug("in password_reset request.url is:", request.url)
errors = []
+ user_id = request.form['user_encode']
- user_encode = request.form['user_encode']
- verification_code, separator, hmac = user_encode.partition(':')
-
- hmac_verified = actual_hmac_creation(verification_code)
logger.debug("locals are:", locals())
- assert hmac == hmac_verified, "Someone has been naughty"
-
- user = DecodeUser.actual_get_user(ForgotPasswordEmail.key_prefix, verification_code)
- logger.debug("user is:", user)
-
+ user = Bunch()
password = request.form['password']
-
set_password(password, user)
- db_session.commit()
+
+ es.update(
+ index = "users"
+ , doc_type = "local"
+ , id = user_id
+ , body = {
+ "doc": {
+ "password": user.__dict__.get("password")
+ }
+ })
flash("Password changed successfully. You can now sign in.", "alert-info")
response = make_response(redirect(url_for('login')))