Skip to content
Snippets Groups Projects
Commit c054c6b6 authored by Václav Volhejn's avatar Václav Volhejn
Browse files

Kontrolovat, jestli reset není moc nový/moc starý

parent a5c50780
No related branches found
No related tags found
1 merge request!3Posílání emailů na obnovu hesla
......@@ -60,10 +60,14 @@ def check_reset_password(token: str) -> Optional[db.User]:
if not fields or len(fields) != 2:
return None
user = db.get_session().query(db.User).filter_by(user_id=int(fields[0])).first()
# FIXME: Zkontrolovat, jestli požadavek není moc starý
reset_token_validity_time = datetime.timedelta(hours=24)
now = datetime.datetime.now().astimezone()
if (user
and user.reset_at is not None
and fields[1] == str(int(user.reset_at.timestamp()))):
and fields[1] == str(int(user.reset_at.timestamp()))
and now - user.reset_at < reset_token_validity_time):
return user
else:
return None
......
import datetime
from flask import render_template, request, g, redirect, url_for, session
from flask_wtf import FlaskForm
import wtforms
......@@ -33,10 +35,16 @@ def login():
app.logger.error('Login: Neznámý uživatel <%s>', email)
error = 'Neznámý uživatel.'
elif form.reset.data:
# FIXME: Zkontrolovat aktivní požadavek
app.logger.info('Login: Požadavek na změnu hesla pro <%s>', email)
min_time_between_resets = datetime.timedelta(minutes=1)
now = datetime.datetime.now().astimezone()
if (user.reset_at is not None
and now - user.reset_at < min_time_between_resets):
error = 'Poslední požadavek na obnovení hesla byl odeslán příliš nedávno.'
else:
token = mo.users.ask_reset_password(user)
link = url_for('reset', token=token)
link = url_for('reset', token=token, _external=True)
db.get_session().commit()
try:
......@@ -46,6 +54,7 @@ def login():
app.logger.info('Link: %s', link)
return render_template('reset.html')
elif not form.passwd.data or not mo.users.check_password(user, form.passwd.data):
app.logger.error('Login: Špatné heslo pro uživatele <%s>', email)
error = 'Chybné heslo.'
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment