Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Odevzdávací Systém MO
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Martin Mareš
Odevzdávací Systém MO
Commits
c054c6b6
Commit
c054c6b6
authored
4 years ago
by
Václav Volhejn
Browse files
Options
Downloads
Patches
Plain Diff
Kontrolovat, jestli reset není moc nový/moc starý
parent
a5c50780
No related branches found
No related tags found
1 merge request
!3
Posílání emailů na obnovu hesla
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
mo/users.py
+6
-2
6 additions, 2 deletions
mo/users.py
mo/web/main.py
+19
-10
19 additions, 10 deletions
mo/web/main.py
with
25 additions
and
12 deletions
mo/users.py
+
6
−
2
View file @
c054c6b6
...
...
@@ -60,10 +60,14 @@ def check_reset_password(token: str) -> Optional[db.User]:
if
not
fields
or
len
(
fields
)
!=
2
:
return
None
user
=
db
.
get_session
().
query
(
db
.
User
).
filter_by
(
user_id
=
int
(
fields
[
0
])).
first
()
# FIXME: Zkontrolovat, jestli požadavek není moc starý
reset_token_validity_time
=
datetime
.
timedelta
(
hours
=
24
)
now
=
datetime
.
datetime
.
now
().
astimezone
()
if
(
user
and
user
.
reset_at
is
not
None
and
fields
[
1
]
==
str
(
int
(
user
.
reset_at
.
timestamp
()))):
and
fields
[
1
]
==
str
(
int
(
user
.
reset_at
.
timestamp
()))
and
now
-
user
.
reset_at
<
reset_token_validity_time
):
return
user
else
:
return
None
...
...
This diff is collapsed.
Click to expand it.
mo/web/main.py
+
19
−
10
View file @
c054c6b6
import
datetime
from
flask
import
render_template
,
request
,
g
,
redirect
,
url_for
,
session
from
flask_wtf
import
FlaskForm
import
wtforms
...
...
@@ -33,10 +35,16 @@ def login():
app
.
logger
.
error
(
'
Login: Neznámý uživatel <%s>
'
,
email
)
error
=
'
Neznámý uživatel.
'
elif
form
.
reset
.
data
:
# FIXME: Zkontrolovat aktivní požadavek
app
.
logger
.
info
(
'
Login: Požadavek na změnu hesla pro <%s>
'
,
email
)
min_time_between_resets
=
datetime
.
timedelta
(
minutes
=
1
)
now
=
datetime
.
datetime
.
now
().
astimezone
()
if
(
user
.
reset_at
is
not
None
and
now
-
user
.
reset_at
<
min_time_between_resets
):
error
=
'
Poslední požadavek na obnovení hesla byl odeslán příliš nedávno.
'
else
:
token
=
mo
.
users
.
ask_reset_password
(
user
)
link
=
url_for
(
'
reset
'
,
token
=
token
)
link
=
url_for
(
'
reset
'
,
token
=
token
,
_external
=
True
)
db
.
get_session
().
commit
()
try
:
...
...
@@ -46,6 +54,7 @@ def login():
app
.
logger
.
info
(
'
Link: %s
'
,
link
)
return
render_template
(
'
reset.html
'
)
elif
not
form
.
passwd
.
data
or
not
mo
.
users
.
check_password
(
user
,
form
.
passwd
.
data
):
app
.
logger
.
error
(
'
Login: Špatné heslo pro uživatele <%s>
'
,
email
)
error
=
'
Chybné heslo.
'
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment