aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMuriithi Frederick Muriuki2018-04-13 15:41:31 +0300
committerMuriithi Frederick Muriuki2018-04-13 15:41:31 +0300
commit9396ba78aa204a7f9474c314ca5a519c48ba042c (patch)
tree31830ea71959be9fba3d9a27fae7a827e800b3c6
parent90da7aa5028d64437f3fcaf903075cbda293b575 (diff)
downloadgenenetwork2-9396ba78aa204a7f9474c314ca5a519c48ba042c.tar.gz
Check email provided on forgot password
* Ensure that the user actually provides an email address when they try to use the forgot password feature.
-rw-r--r--wqflask/wqflask/user_manager.py32
1 files changed, 17 insertions, 15 deletions
diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py
index 5f6c818e..9d09dbf6 100644
--- a/wqflask/wqflask/user_manager.py
+++ b/wqflask/wqflask/user_manager.py
@@ -727,31 +727,33 @@ def logout():
return response
-@app.route("/n/forgot_password")
+@app.route("/n/forgot_password", methods=['GET'])
def forgot_password():
"""Entry point for forgotten password"""
- return render_template("new_security/forgot_password.html")
+ print("ARGS: ", request.args)
+ errors = {"no-email": request.args.get("no-email")}
+ print("ERRORS: ", errors)
+ return render_template("new_security/forgot_password.html", errors=errors)
@app.route("/n/forgot_password_submit", methods=('POST',))
def forgot_password_submit():
"""When a forgotten password form is submitted we get here"""
params = request.form
email_address = params['email_address']
- logger.debug("Wants to send password E-mail to ",email_address)
- es = get_elasticsearch_connection()
- user_details = get_user_by_unique_column(es, "email_address", email_address)
- if user_details:
- ForgotPasswordEmail(user_details["email_address"])
- # try:
- # user = model.User.query.filter_by(email_address=email_address).one()
- # except orm.exc.NoResultFound:
- # flash("Couldn't find a user associated with the email address {}. Sorry.".format(
- # email_address))
- # return redirect(url_for("login"))
- # ForgotPasswordEmail(user)
- return render_template("new_security/forgot_password_step2.html",
+ next_page = None
+ if email_address != "":
+ logger.debug("Wants to send password E-mail to ",email_address)
+ es = get_elasticsearch_connection()
+ user_details = get_user_by_unique_column(es, "email_address", email_address)
+ if user_details:
+ ForgotPasswordEmail(user_details["email_address"])
+ return render_template("new_security/forgot_password_step2.html",
subject=ForgotPasswordEmail.subject)
+ else:
+ flash("You MUST provide an email", "alert-danger")
+ return redirect(url_for("forgot_password"))
+
@app.errorhandler(401)
def unauthorized(error):
return redirect(url_for('login'))