Skip to content
Snippets Groups Projects
Verified Commit cceafd51 authored by nd's avatar nd
Browse files

add working passwort reset by mail

parent 8be0b378
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
uffd/default_config.cfg
+ 7
0
View file @ cceafd51
......@@ -12,3 +12,10 @@ ACL_LDAP_GROUP_USEREDIT="admins"
ACL_ADMIN_GROUP="admin"
ACL_SELFSERVICE_GROUP="user"
MAIL_SERVER='smtp.gmail.com'
MAIL_PORT=465
MAIL_USERNAME='yourId@gmail.com'
MAIL_PASSWORD='*****'
MAIL_USE_STARTTLS=True
MAIL_FROM_ADDRESS='foo@bar.com'
uffd/selfservice/templates/forgot_password.html 0 → 100644
+ 27
0
View file @ cceafd51
{% extends 'base.html' %}
{% block body %}
<form action="{{ url_for(".self_forgot_password") }}" method="POST">
<div class="row mt-2 justify-content-center">
<div class="col-lg-6 col-md-10" style="background: #f7f7f7; box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); padding: 30px;">
<div class="text-center">
<img src="{{ url_for("static", filename="chaosknoten.png") }}" class="col-lg-8 col-md-12" >
</div>
<div class="col-12">
<h2 class="text-center">Forgot password</h2>
</div>
<div class="form-group col-12">
<label for="user-loginname">login name</label>
<input type="text" class="form-control" id="user-loginname" name="loginname" required="required" tabindex = "1">
</div>
<div class="form-group col-12">
<label for="user-mail">mail address</label>
<input type="text" class="form-control" id="user-mail" name="mail" required="required" tabindex = "2">
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "3">Send password reset mail</button>
</div>
</div>
</div>
</form>
{% endblock %}
uffd/selfservice/templates/passwordreset.mail.txt 0 → 100644
+ 10
0
View file @ cceafd51
Hi {{ user.displayname }},
you have requested a password reset.
To reset your password, visit this url: {{ url_for('.self_token_password', token=token, _external=True) }}
**Please note this link is only valid for 48h**
If you did not request a password reset, you do not need to do anything.
Kind regards,
uffd
uffd/selfservice/views.py
+ 37
7
View file @ cceafd51
import datetime
import smtplib
from email.message import EmailMessage
from flask import Blueprint, render_template, request, url_for, redirect, flash, current_app
from uffd.navbar import register_navbar
......@@ -23,9 +26,22 @@ def self_index():
@login_required()
def self_update():
# TODO: actualy update the user...
send_passwordreset('uffdtest')
return 'OK', 200
@bp.route("/passwordreset", methods=(['GET', 'POST']))
@csrf_protect(blueprint=bp)
def self_forgot_password():
if request.method == 'GET':
return render_template('forgot_password.html')
loginname = request.values['loginname']
mail = request.values['mail']
flash("We sent a mail to this users mail address if you entered the correct mail and login name combination")
user = User.from_ldap_dn(loginname_to_dn(loginname))
if user.mail == mail:
send_passwordreset(loginname)
return redirect(url_for('session.login'))
@bp.route("/token/password/<token>", methods=(['POST', 'GET']))
def self_token_password(token):
session = db.session
......@@ -38,16 +54,16 @@ def self_token_password(token):
return redirect(url_for('session.login'))
if not 'loginname' in request.values:
flash('Please set a new password.')
return render_template('reset_password.html', token=token)
return render_template('set_password.html', token=token)
else:
if not request.values['loginname'] == dbtoken.loginname:
flash('That is not the correct login name. Please start the password reset process again')
flash('That is not the correct login name for this token. Your token is now invalide. Please start the password reset process again')
session.delete(dbtoken)
session.commit()
return redirect(url_for('session.login'))
if not request.values['password1']:
flash('Please specify a new password.')
return render_template('reset_password.html', token=token)
return render_template('set_password.html', token=token)
user = User.from_ldap_dn(loginname_to_dn(dbtoken.loginname))
user.set_password(request.values['password1'])
user.to_ldap()
......@@ -56,8 +72,6 @@ def self_token_password(token):
session.commit()
return redirect(url_for('session.login'))
def send_passwordreset(loginname):
session = db.session
expired_tokens = PasswordToken.query.filter(PasswordToken.created < (datetime.datetime.now() - datetime.timedelta(days=2))).all()
......@@ -66,5 +80,21 @@ def send_passwordreset(loginname):
token = PasswordToken()
token.loginname = loginname
session.add(token)
# TODO: send mail
session.commit()
user = User.from_ldap_dn(loginname_to_dn(loginname))
msg = EmailMessage()
msg.set_content(render_template('passwordreset.mail.txt', user=user, token=token.token))
msg['Subject'] = 'Password reset'
send_mail(user.mail, msg)
def send_mail(to, msg):
server = smtplib.SMTP(host=current_app.config['MAIL_SERVER'], port=current_app.config['MAIL_PORT'])
if current_app.config['MAIL_USE_STARTTLS']:
server.starttls()
server.login(current_app.config['MAIL_USERNAME'], current_app.config['MAIL_PASSWORD'])
msg['From'] = current_app.config['MAIL_FROM_ADDRESS']
msg['To'] = to
server.send_message(msg)
server.quit()
uffd/session/templates/login.html
+ 1
1
View file @ cceafd51
......@@ -23,7 +23,7 @@
</div>
<div class="clearfix col-12">
<a href="#" class="float-left">Register</a>
<a href="#" class="float-right">Forgot Password?</a>
<a href="{{ url_for("selfservice.self_forgot_password") }}" class="float-right">Forgot Password?</a>
</div>
</div>
</div>
......
uffd/session/views.py
+ 0
1
View file @ cceafd51
......@@ -53,7 +53,6 @@ def is_valid_session():
if not user:
return False
if datetime.datetime.now().timestamp() > session['logintime'] + current_app.config['SESSION_LIFETIME_SECONDS']:
flash('Session timed out')
return False
return True
bp.add_app_template_global(is_valid_session)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Impressum - Datenschutzerklärung