Hello,
Thanks to Andrew, I've managed to complete this task.
As promised, here is the Python server code to implement on the above project the 'forgot password' function.
The new password is generated ONLY
if the e-mail provided is matched against the one that the user has registered in the database when the account was created.
If this is true, the application generates a new password, sends it to the user via e-mail and is also stored on the database.
The following Python code should be entered on the server portion of the application task tree
import secrets # for random password generator
import string # for random password string generator
import smtplib # for sending e-mail
from email.mime.multipart import MIMEMultipart # for composing MIME e-mail
from email.mime.text import MIMEText # for composing MIME text
def on_login(task, form_data, info):
# user checked the "forgot password" checkbox
if form_data['email']:
# create temporary password for user and send it to the specified e-mail
# ONLY IF the e-mail is found in the database for the specified user
# try to keep quiet so that bots can crash themselves
users = task.users.copy(handlers=False)
users.set_where(login=form_data['login'],email=form_data['email'])
users.open()
if users.rec_count == 1:
# user login and e-mail found, generate secure password
rndpasswd = ''.join((secrets.choice(string.ascii_letters) for i in range(10)))
# send the new password to the user via e-mail
resetpassemail(form_data['email'], rndpasswd)
# change the user password on the database
users.edit()
users.password_hash.value = task.generate_password_hash(rndpasswd)
users.post()
users.apply()
else:
# normal login
users = task.users.copy(handlers=False)
users.set_where(login=form_data['login'])
users.open()
if users.rec_count == 1:
if users.isactive.value == 1:
if task.check_password_hash(users.password_hash.value, form_data['password']) or users.password_reset.value == 65535:
return {
'user_id': users.id.value,
'user_name': users.name.value,
'role_id': users.role.value,
'role_name': users.role.display_text,
}
def resetpassemail(useremail,password):
sender_pass = 'your SMTP password' # password for SMTP server
sender_smtp = "your SMTP server name" # SMTP server
sender_port = 587 # SMTP port (here is SSL/TLS)
sender_user = "your e-mail user" # STMP sender account
# Create message container - the correct MIME type is multipart/alternative.
msg = MIMEMultipart('alternative')
msg['Subject'] = "Password Reset"
msg['From'] = sender_user
msg['To'] = useremail
# e-mail text (plain)
mail_text = """Dear user,
Your new login password is
%s
""" % password
# e-mail text (html)
mail_html = """\
<html>
<head></head>
<body>
<p>Dear user,<br>
Your new login password is<br>
<b><h1>%s</h1></b><br
</p>
</body>
</html>""" % password
# Record the MIME types of both parts - text/plain and text/html.
part1 = MIMEText(mail_text, 'plain')
part2 = MIMEText(mail_html, 'html')
# Attach parts into message container.
msg.attach(part1)
msg.attach(part2)
# Send the message via local SMTP server.
s = smtplib.SMTP(sender_smtp, sender_port) # SMTP server params
s.starttls() # start SMTP session (TLS)
s.login(sender_user, sender_pass) # login to SMTP server
# sendmail function takes 3 arguments: sender's address, recipient's address
# and message to send - here it is sent as one string.
s.sendmail(sender_user, useremail, msg.as_string())
s.quit()