Merge branch 'development' of gitlab.ub.uni-bielefeld.de:sfb1288inf/opaque into development

.flaskenv

@@ -1,2 +1,4 @@
 FLASK_APP=opaque.py
 FLASK_ENV=development
+OPAQUE_MAIL_SUBJECT_PREFIX=[Opaque]
+OPAQUE_MAIL_SENDER=Opaque Admin <inf_sfb1288@uni-bielefeld.de>

app/__init__.py

@@ -1,10 +1,12 @@
 from config import config
 from flask import Flask
 from flask_login import LoginManager
+from flask_mail import Mail
 from flask_sqlalchemy import SQLAlchemy
 
 
 db = SQLAlchemy()
+mail = Mail()
 
 login_manager = LoginManager()
 login_manager.login_view = 'auth.login'
@@ -17,6 +19,7 @@ def create_app(config_name):
 
     db.init_app(app)
     login_manager.init_app(app)
+    mail.init_app(app)
 
     from .auth import auth as auth_blueprint
     app.register_blueprint(auth_blueprint, url_prefix='/auth')

app/auth/forms.py

@@ -15,3 +15,9 @@ class LoginForm(FlaskForm):
 
 class RegistrationForm(FlaskForm):
     email = StringField('Email', validators=[DataRequired(), Length(1, 64), Email()])
+
+
+class PasswordResetRequestForm(FlaskForm):
+    email = StringField('Email', validators=[DataRequired(), Length(1, 64),
+                                             Email()])
+    submit = SubmitField('Reset Password')

app/auth/views.py

@@ -1,7 +1,8 @@
 from flask import flash, redirect, render_template, request, url_for
 from flask_login import login_required, login_user, logout_user
 from . import auth
-from .forms import LoginForm
+from .forms import LoginForm, PasswordResetRequestForm
+from ..email import send_email
 from ..models import User
 
 
@@ -31,3 +32,18 @@ def logout():
 @auth.route('/register', methods=['GET', 'POST'])
 def register():
     return render_template('auth/register.html.j2')
+
+
+@auth.route('/reset', methods=['GET', 'POST'])
+def password_reset_request():
+    form = PasswordResetRequestForm()
+    if form.validate_on_submit():
+        user = User.query.filter_by(email=form.email.data.lower()).first()
+        if user:
+            token = user.generate_reset_token()
+            send_email(user.email, 'Reset Your Password',
+                       'auth/email/reset_password',
+                       user=user, token=token)
+        flash('An email with instructions to reset your password has been '
+              'sent to you.')
+        return redirect(url_for('auth.login'))

app/templates/auth/email/reset_password.html

@@ -0,0 +1,8 @@
+<p>Dear {{ user.username }},</p>
+<p>To reset your password <a href="{{ url_for('auth.password_reset', token=token, _external=True) }}">click here</a>.</p>
+<p>Alternatively, you can paste the following link in your browser's address bar:</p>
+<p>{{ url_for('auth.password_reset', token=token, _external=True) }}</p>
+<p>If you have not requested a password reset simply ignore this message.</p>
+<p>Sincerely,</p>
+<p>The Opaque Team</p>
+<p><small>Note: replies to this email address are not monitored.</small></p>

app/templates/auth/email/reset_password.txt

@@ -0,0 +1,13 @@
+Dear {{ user.username }},
+
+To reset your password click on the following link:
+
+{{ url_for('auth.password_reset', token=token, _external=True) }}
+
+If you have not requested a password reset simply ignore this message.
+
+Sincerely,
+
+The Opaque Team
+
+Note: replies to this email address are not monitored.

requirements.txt

@@ -1,5 +1,6 @@
 Flask==1.0.3
 Flask-Login==0.4.1
+Flask-Mail==0.9.1
 Flask-Migrate==2.5.2
 Flask-SQLAlchemy==2.4.0
 Flask-WTF==0.14.2