diff options
Diffstat (limited to 'sbhs_server/password/views.py')
-rw-r--r-- | sbhs_server/password/views.py | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/sbhs_server/password/views.py b/sbhs_server/password/views.py new file mode 100644 index 0000000..6659998 --- /dev/null +++ b/sbhs_server/password/views.py @@ -0,0 +1,83 @@ +from django.shortcuts import render, redirect +from sbhs_server.tables.models import Account +from django.contrib import messages +from sbhs_server.helpers import simple_encrypt +from sbhs_server.pages.views import index as INDEX_PAGE +import datetime + +# Create your views here. + +def new(req): + return render(req, 'password/new.html') + +def password_token(username): + return simple_encrypt.encrypt(username + ",,," + str(datetime.datetime.now())) + +def email(req): + email = req.POST.get("email") + + account = Account.objects.filter(email=email) + + if len(account) == 1: + account[0].send_password_link(password_token(account[0].username)) + messages.add_message(req, messages.SUCCESS, "Password reset link has been sent to your email address.") + return redirect(INDEX_PAGE) + +def validate_token(req, token): + try: + data = simple_encrypt.decrypt(token) + except: + messages.add_message(req, messages.ERROR, "Invalid link") + return redirect(INDEX_PAGE), False + + data = data.split(",,,") + if len(data) != 2: + messages.add_message(req, messages.ERROR, "Invalid link") + return redirect(INDEX_PAGE), False + + return data, True + +def edit(req, token): + data, flag = validate_token(req, token) + if not flag: + return data + + timediff = datetime.datetime.now() - datetime.datetime.strptime(data[1], "%Y-%m-%d %H:%M:%S.%f") + + if timediff.total_seconds() < 7200: + return render(req, "password/edit.html", {"token": token}) + else: + messages.add_message(req, messages.ERROR, "The reset link is expired.") + return redirect(INDEX_PAGE) + +def update(req, token): + data, flag = validate_token(req, token) + if not flag: + return data + + timediff = datetime.datetime.now() - datetime.datetime.strptime(data[1], "%Y-%m-%d %H:%M:%S.%f") + + if timediff.total_seconds() < 7200: + username = data[0] + account = Account.objects.filter(username=username) + if len(account) == 1: + error = "" + if req.POST.get("email") != account[0].email: + error = "Invalid email" + if req.POST.get("password") != req.POST.get("confirm"): + error = "Passwords do not match" + + if error != "": + messages.add_message(req, messages.ERROR, error) + return redirect(INDEX_PAGE) + + account[0].set_password(req.POST.get("password")) + account[0].save() + messages.add_message(req, messages.SUCCESS, "Password changed successfully") + return redirect(INDEX_PAGE) + else: + messages.add_message(req, messages.ERROR, "Invalid link") + return redirect(INDEX_PAGE) + else: + messages.add_message(req, messages.ERROR, "The reset link is expired.") + return redirect(INDEX_PAGE)
\ No newline at end of file |