app/main/views/new_password.py

import json

from flask import (render_template, url_for, redirect, flash, session, current_app, abort)
from itsdangerous import SignatureExpired

from app.main import main
from app.main.forms import NewPasswordForm
from datetime import datetime
from app import user_api_client


@main.route('/new-password/<path:token>', methods=['GET', 'POST'])
def new_password(token):
    from utils.url_safe_token import check_token
    try:
        token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'],
                                 current_app.config['TOKEN_MAX_AGE_SECONDS'])
    except SignatureExpired:
        flash('The link in the email we sent you has expired. Enter your email address to resend.')
        return redirect(url_for('.forgot_password'))

    email_address = json.loads(token_data)['email']
    user = user_api_client.get_user_by_email(email_address)
    if user.password_changed_at and datetime.strptime(user.password_changed_at, '%Y-%m-%d %H:%M:%S.%f') > \
            datetime.strptime(json.loads(token_data)['created_at'], '%Y-%m-%d %H:%M:%S.%f'):
        flash('The link in the email has already been used')
        return redirect(url_for('main.index'))

    form = NewPasswordForm()

    if form.validate_on_submit():
        user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
        session['user_details'] = {
            'id': user.id,
            'email': user.email_address,
            'password': form.new_password.data}
        return redirect(url_for('main.two_factor'))
    else:
        return render_template('views/new-password.html', token=token, form=form, user=user)
Re-implement forgot password 2016-03-07 18:18:52 +00:00			`import json`

			`from flask import (render_template, url_for, redirect, flash, session, current_app, abort)`
			`from itsdangerous import SignatureExpired`
Completion of forgot-password endpoints. Start implementation for new-password endpoints. Created PasswordResetToken model ToDo: create and save token, send valid url to user, check validity of token, update user's password, redirect to /two-factor. 2016-01-05 17:52:09 +00:00
			`from app.main import main`
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00			`from app.main.forms import NewPasswordForm`
Re-implement forgot password 2016-03-07 18:18:52 +00:00			`from datetime import datetime`
Merging conflict with two_factor.py Fixed merge mistake with two_factor.py. 2016-03-30 09:58:10 +01:00			`from app import user_api_client`
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00
Completion of forgot-password endpoints. Start implementation for new-password endpoints. Created PasswordResetToken model ToDo: create and save token, send valid url to user, check validity of token, update user's password, redirect to /two-factor. 2016-01-05 17:52:09 +00:00
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00			`@main.route('/new-password/<path:token>', methods=['GET', 'POST'])`
			`def new_password(token):`
Re-implement forgot password 2016-03-07 18:18:52 +00:00			`from utils.url_safe_token import check_token`
			`try:`
			`token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'],`
			`current_app.config['TOKEN_MAX_AGE_SECONDS'])`
			`except SignatureExpired:`
Fix wording Changed forgot-password so that it does not expose to the user that the email address does not exist. 2016-01-08 16:47:34 +00:00			`flash('The link in the email we sent you has expired. Enter your email address to resend.')`
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates. 2016-01-08 15:12:14 +00:00			`return redirect(url_for('.forgot_password'))`

Re-implement forgot password 2016-03-07 18:18:52 +00:00			`email_address = json.loads(token_data)['email']`
Merging conflict with two_factor.py Fixed merge mistake with two_factor.py. 2016-03-30 09:58:10 +01:00			`user = user_api_client.get_user_by_email(email_address)`
Re-implement forgot password 2016-03-07 18:18:52 +00:00			`if user.password_changed_at and datetime.strptime(user.password_changed_at, '%Y-%m-%d %H:%M:%S.%f') > \`
			`datetime.strptime(json.loads(token_data)['created_at'], '%Y-%m-%d %H:%M:%S.%f'):`
			`flash('The link in the email has already been used')`
			`return redirect(url_for('main.index'))`
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates. 2016-01-08 15:12:14 +00:00
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00			`form = NewPasswordForm()`
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates. 2016-01-08 15:12:14 +00:00
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00			`if form.validate_on_submit():`
Merging conflict with two_factor.py Fixed merge mistake with two_factor.py. 2016-03-30 09:58:10 +01:00			`user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)`
All tests passing and merged with master. 2016-01-27 16:30:33 +00:00			`session['user_details'] = {`
			`'id': user.id,`
			`'email': user.email_address,`
			`'password': form.new_password.data}`
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates. 2016-01-08 15:12:14 +00:00			`return redirect(url_for('main.two_factor'))`
New-password endpoints are implemented. There should be a better way to validate the token. 2016-01-06 17:37:07 +00:00			`else:`
Removed exceptions, found a better way to handle them. Refactored the forms so that fields like email_address can be used in multiple forms. Refactored form validation so that a query function is passed into the form to be run, this way the form is not exposed to the dao layer and the query is more efficient. This PR still requires some frontend attention. Will work with Chris to update the templates. 2016-01-08 15:12:14 +00:00			`return render_template('views/new-password.html', token=token, form=form, user=user)`