diff options
| author | Muriithi Frederick Muriuki | 2018-04-13 15:41:31 +0300 |
|---|---|---|
| committer | Muriithi Frederick Muriuki | 2018-04-13 15:41:31 +0300 |
| commit | 9396ba78aa204a7f9474c314ca5a519c48ba042c (patch) | |
| tree | 31830ea71959be9fba3d9a27fae7a827e800b3c6 | |
| parent | 90da7aa5028d64437f3fcaf903075cbda293b575 (diff) | |
| download | genenetwork2-9396ba78aa204a7f9474c314ca5a519c48ba042c.tar.gz | |
Check email provided on forgot password
* Ensure that the user actually provides an email address when they try to use the forgot password feature.
| -rw-r--r-- | wqflask/wqflask/user_manager.py | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py index 5f6c818e..9d09dbf6 100644 --- a/wqflask/wqflask/user_manager.py +++ b/wqflask/wqflask/user_manager.py @@ -727,31 +727,33 @@ def logout(): return response -@app.route("/n/forgot_password") +@app.route("/n/forgot_password", methods=['GET']) def forgot_password(): """Entry point for forgotten password""" - return render_template("new_security/forgot_password.html") + print("ARGS: ", request.args) + errors = {"no-email": request.args.get("no-email")} + print("ERRORS: ", errors) + return render_template("new_security/forgot_password.html", errors=errors) @app.route("/n/forgot_password_submit", methods=('POST',)) def forgot_password_submit(): """When a forgotten password form is submitted we get here""" params = request.form email_address = params['email_address'] - logger.debug("Wants to send password E-mail to ",email_address) - es = get_elasticsearch_connection() - user_details = get_user_by_unique_column(es, "email_address", email_address) - if user_details: - ForgotPasswordEmail(user_details["email_address"]) - # try: - # user = model.User.query.filter_by(email_address=email_address).one() - # except orm.exc.NoResultFound: - # flash("Couldn't find a user associated with the email address {}. Sorry.".format( - # email_address)) - # return redirect(url_for("login")) - # ForgotPasswordEmail(user) - return render_template("new_security/forgot_password_step2.html", + next_page = None + if email_address != "": + logger.debug("Wants to send password E-mail to ",email_address) + es = get_elasticsearch_connection() + user_details = get_user_by_unique_column(es, "email_address", email_address) + if user_details: + ForgotPasswordEmail(user_details["email_address"]) + return render_template("new_security/forgot_password_step2.html", subject=ForgotPasswordEmail.subject) + else: + flash("You MUST provide an email", "alert-danger") + return redirect(url_for("forgot_password")) + @app.errorhandler(401) def unauthorized(error): return redirect(url_for('login')) |