resetpw: Fix variable name and tidy up
Fixes HTTP 500 error. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit is contained in:
parent
d26dda7044
commit
b5a33f6e70
|
@ -73,7 +73,7 @@ def check_login_details(nickname, password):
|
|||
return False
|
||||
|
||||
def reset_user_password(mysql, email, token=None, password=None):
|
||||
userid = mysql.findone("SELECT id FROM users WHERE email = %s LIMIT 1",(email,),"id")
|
||||
user = mysql.findone("SELECT id, nickname, token FROM users WHERE email = %s LIMIT 1",(email,))
|
||||
if not user:
|
||||
raise AccountNotExisting()
|
||||
elif password:
|
||||
|
@ -83,7 +83,7 @@ def reset_user_password(mysql, email, token=None, password=None):
|
|||
SET password = %s, token = NULL
|
||||
WHERE id = %s
|
||||
LIMIT 1
|
||||
""",(generate_password_hash(password),userid,))
|
||||
""",(generate_password_hash(password),user["id"],))
|
||||
mysql.commit()
|
||||
else:
|
||||
raise InvalidToken()
|
||||
|
@ -93,8 +93,9 @@ def reset_user_password(mysql, email, token=None, password=None):
|
|||
SET token = %s
|
||||
WHERE id = %s
|
||||
LIMIT 1
|
||||
""",(token,userid,))
|
||||
""",(token,user["id"],))
|
||||
mysql.commit()
|
||||
return user
|
||||
|
||||
def set_user_password(mysql, nickname, password):
|
||||
userid = mysql.findone("SELECT id FROM users WHERE nickname = %s LIMIT 1",(nickname,),"id")
|
||||
|
|
|
@ -415,36 +415,34 @@ def resetpw():
|
|||
if request.method == 'POST':
|
||||
token = base64.b32encode(os.urandom(10)).decode()
|
||||
mysql = FreifunkMySQL()
|
||||
user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.form['email'],))
|
||||
reset_user_password(mysql, request.form['email'], token)
|
||||
user = reset_user_password(mysql, request.form['email'], token)
|
||||
mysql.close()
|
||||
send_email(
|
||||
recipient = request.form['email'],
|
||||
subject = "Password reset link",
|
||||
content = "Hello %s,\n\n" % user["nickname"] +
|
||||
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
||||
"To verify you a reset link was sent to you:\n" +
|
||||
"%s\n" % url_for('resetpw', email=request.form['email'], token=token, _external=True) +
|
||||
"Clicking this link will reset your password and send the new password to your email address.\n\n" +
|
||||
"Regards,\nFreifunk Franken Monitoring System"
|
||||
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
||||
"To verify you a reset link was sent to you:\n" +
|
||||
"%s\n" % url_for('resetpw', email=request.form['email'], token=token, _external=True) +
|
||||
"Clicking this link will reset your password and send the new password to your email address.\n\n" +
|
||||
"Regards,\nFreifunk Franken Monitoring System"
|
||||
)
|
||||
flash("<b>A password reset link was sent to %s</b>" % request.form['email'], "success")
|
||||
mysql.close()
|
||||
elif "token" in request.args:
|
||||
password = base64.b32encode(os.urandom(10)).decode()
|
||||
mysql = FreifunkMySQL()
|
||||
reset_user_password(mysql, request.args['email'], request.args['token'], password)
|
||||
user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.args['email'],))
|
||||
user = reset_user_password(mysql, request.args['email'], request.args['token'], password)
|
||||
mysql.close()
|
||||
send_email(
|
||||
recipient = request.args['email'],
|
||||
subject = "Your new Password",
|
||||
content = "Hello %s,\n\n" % user["nickname"] +
|
||||
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
||||
"Your new Password: %s\n" % password +
|
||||
"Please log in and change it\n\n" +
|
||||
"Regards,\nFreifunk Franken Monitoring System"
|
||||
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
||||
"Your new Password: %s\n" % password +
|
||||
"Please log in and change it\n\n" +
|
||||
"Regards,\nFreifunk Franken Monitoring System"
|
||||
)
|
||||
flash("<b>Password reset successful!</b> - Your password was sent to %s" % request.args['email'], "success")
|
||||
mysql.close()
|
||||
except AccountNotExisting:
|
||||
flash("<b>No Account found with this E-Mail address!</b>", "danger")
|
||||
except InvalidToken:
|
||||
|
|
Loading…
Reference in New Issue