1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
from django.shortcuts import render, redirect
from sbhs_server.tables.models import Account
from django.contrib import messages
from sbhs_server.helpers import simple_encrypt
from sbhs_server.pages.views import index as INDEX_PAGE
import datetime
# Create your views here.
def new(req):
return render(req, 'password/new.html')
def password_token(username):
return simple_encrypt.encrypt(username + ",,," + str(datetime.datetime.now()))
def email(req):
email = req.POST.get("email")
account = Account.objects.filter(email=email)
if len(account) == 1:
account[0].send_password_link(password_token(account[0].username))
messages.add_message(req, messages.SUCCESS, "Password reset link has been sent to your email address.")
return redirect(INDEX_PAGE)
def validate_token(req, token):
try:
data = simple_encrypt.decrypt(token)
except:
messages.add_message(req, messages.ERROR, "Invalid link")
return redirect(INDEX_PAGE), False
data = data.split(",,,")
if len(data) != 2:
messages.add_message(req, messages.ERROR, "Invalid link")
return redirect(INDEX_PAGE), False
return data, True
def edit(req, token):
data, flag = validate_token(req, token)
if not flag:
return data
timediff = datetime.datetime.now() - datetime.datetime.strptime(data[1], "%Y-%m-%d %H:%M:%S.%f")
if timediff.total_seconds() < 7200:
return render(req, "password/edit.html", {"token": token})
else:
messages.add_message(req, messages.ERROR, "The reset link is expired.")
return redirect(INDEX_PAGE)
def update(req, token):
data, flag = validate_token(req, token)
if not flag:
return data
timediff = datetime.datetime.now() - datetime.datetime.strptime(data[1], "%Y-%m-%d %H:%M:%S.%f")
if timediff.total_seconds() < 7200:
username = data[0]
account = Account.objects.filter(username=username)
if len(account) == 1:
error = ""
if req.POST.get("email") != account[0].email:
error = "Invalid email"
if req.POST.get("password") != req.POST.get("confirm"):
error = "Passwords do not match"
if error != "":
messages.add_message(req, messages.ERROR, error)
return redirect(INDEX_PAGE)
account[0].set_password(req.POST.get("password"))
account[0].save()
messages.add_message(req, messages.SUCCESS, "Password changed successfully")
return redirect(INDEX_PAGE)
else:
messages.add_message(req, messages.ERROR, "Invalid link")
return redirect(INDEX_PAGE)
else:
messages.add_message(req, messages.ERROR, "The reset link is expired.")
return redirect(INDEX_PAGE)
|