implements forgot password flow

Author: Aanish97

app.py

@@ -16,8 +16,8 @@
 from flask import Flask, make_response, request, render_template, flash, redirect, Markup, jsonify, url_for, session
 from werkzeug.security import generate_password_hash, check_password_hash
 from dbms.models import user as userModel
-from utils import allowed_to_register, is_blacklisted
-from forms import SignupForm, LoginForm, UpdateForm
+from utils import allowed_to_register, is_blacklisted, check_email
+from forms import SignupForm, LoginForm, UpdateForm, ForgotForm, PasswordResetForm
 from flask_jwt_extended import create_access_token, \
     get_jwt_identity, jwt_required, \
     JWTManager, current_user, \
@@ -692,5 +692,115 @@ def fields_count_by_domain():
         }), 400
 
 
+@app.route('/forgot-password', methods=['GET', 'POST'])
+@jwt_required(optional=True)
+@csrf.exempt
+def forgot_password():
+    app.config["WTF_CSRF_ENABLED"] = False
+    user_agent = request.headers.get('User-Agent')
+    postman_notebook_request = utils.check_non_web_user_agent(user_agent)
+    
+    # check if already logged in
+    user = get_identity_if_logedin()
+    if user:
+        if not postman_notebook_request:
+            return redirect(app.config['DEVELOPMENT_BASE_URL'] + '/home')
+        elif postman_notebook_request:
+            return jsonify({'message': 'Already logged in'})  
+        
+    form = ForgotForm()
+    
+    # POST
+    if form.validate_on_submit():
+        # gets email and password
+        email = form.email.data
+        
+        # check account exists
+        user = userModel.User.query \
+            .filter_by(email=email) \
+            .first()    
+        if user:
+            # create email
+            token = generate_confirmation_token(email)
+            url = url_for('reset_password', token=token, _external=True)
+            html = render_template('reset-email.html', reset_url=url)
+            subject = 'Reset password'
+            
+            # send email
+            send_email(email, subject, html)
+            
+            # response
+            msg = 'A link to reset your password has been sent to your email!'
+            if postman_notebook_request:
+                return jsonify({"message": msg})
+            else:
+                flash(message=Markup(f'A password reset link has been sent to "{email}".'), category='info')
+        else:
+            # unregistered or unactivated account
+            msg = 'Account does not exist!'
+            if postman_notebook_request:
+                return jsonify({"message": msg})
+            else:
+                flash(message=Markup(f'A user with email "{email}" does not exist.'), category='info')
+    
+    # GET       
+    return render_template('forgot-password.html', form=form)
+
+
+@app.route('/reset-password/<token>', methods=['GET', 'POST'])
+@jwt_required(optional=True)
+@csrf.exempt
+def reset_password(token):
+    app.config["WTF_CSRF_ENABLED"] = False
+    user_agent = request.headers.get('User-Agent')
+    postman_notebook_request = utils.check_non_web_user_agent(user_agent)
+    
+    # check if already logged in
+    user = get_identity_if_logedin()
+    if user:
+        if not postman_notebook_request:
+            return redirect(app.config['DEVELOPMENT_BASE_URL'] + '/home')
+        elif postman_notebook_request:
+            return jsonify({'message': 'Already logged in'})  
+    
+    try:
+        # check if token is valid email
+        email = confirm_token(token)
+        
+        # checking if user exists
+        user = userModel.User.query \
+            .filter_by(email=email) \
+            .first()
+        if user:
+            form = PasswordResetForm()
+            # POST
+            if form.validate_on_submit():
+                # get new password
+                password = form.password.data
+                user_to_update = userModel.User.query.filter_by(email=email).first()
+                
+                user_to_update.password = generate_password_hash(password)
+                db.session.commit()
+                
+                # response
+                msg = 'Password updated succesfully!'
+                if postman_notebook_request:
+                    return jsonify({"message": msg})
+                else:
+                    flash(message=Markup(f'Password for email "{email}" has been updated.'), category='info')
+                    return redirect(app.config['DEVELOPMENT_BASE_URL'] + '/')
+            
+            return render_template('reset-password.html', form=form)
+         
+    except:
+        msg = 'The confirmation link is invalid or has expired.'
+        if postman_notebook_request:
+            return jsonify({"message": msg})
+        else:
+            flash(message=msg, category='danger')
+            return redirect(app.config['DEVELOPMENT_BASE_URL'] + '/forgot-password')   
+    
+
+
 if __name__ == '__main__':
-    app.run(host='0.0.0.0')
+    app.run(host='0.0.0.0', debug=True)

dbms/templates/base.html

@@ -46,7 +46,7 @@
               <a class="nav-link {{ 'active' if active_page == 'home' else '' }}" aria-current="page" href="{{ url_for('home') }}">Home</a>
             </li>
                <li class="nav-item">
-              <a class="nav-link {{ 'active' if active_page == 'update' else '' }}" aria-current="page" href="{{ url_for('dashboard') }}">Dashboard</a>
+              <a class="nav-link {{ 'active' if active_page == 'dashboard' else '' }}" aria-current="page" href="{{ url_for('dashboard') }}">Dashboard</a>
             </li>
                   <li class="nav-item">
               <a class="nav-link {{ 'active' if active_page == 'update' else '' }}" aria-current="page" href="{{ url_for('update') }}">Account Settings</a>

dbms/templates/dashboard.html

@@ -1,5 +1,5 @@
 {% extends 'base.html' %}
-{% set active_page='home' %}
+{% set active_page='dashboard' %}
 {% block title %}
     Home
 {% endblock %}

dbms/templates/forgot-password.html

@@ -0,0 +1,28 @@
+{% extends 'auth-template.html' %}
+{% set active_page='login' %}
+{% block title %}
+    Forgot Password
+{% endblock %}
+{% block form_heading %}
+    Find your account
+{% endblock %}
+{% block auth_form_content %}
+    <!-- Email input -->
+
+    <div class="form-outline mb-4 text-start">
+        {{ form.email.label(class_="form-label ms-1") }}
+        {{ form.email(class_="form-control", placeholder_="Enter your email") }}
+        {% if form.email.errors %}
+            <ul>
+                {% for error in form.email.errors %}
+                    <li>{{ error }}</li>
+                {% endfor %}
+            </ul>
+        {% endif %}
+    </div>
+
+    <!-- Submit button -->
+    <input type="submit" class="btn btn-primary btn-block mb-4" value="Find account">
+
+    <!-- Section: Design Block -->
+{% endblock %}

dbms/templates/login.html

@@ -45,9 +45,18 @@
 
     <!-- Submit button -->
     <input type="submit" class="btn btn-primary btn-block mb-4" value="Sign in">
+
+    <!-- Forgot password link -->
     <div class="text-center">
+        <a href="{{ url_for('forgot_password') }}">Forgot password?</a>
+
+    </div>
+
+    <!-- Sign up link -->
+    <div class="text-center mt-2">
         <p>Don't have an account? <a href="{{ url_for('signup') }}">Sign up</a></p>
 
     </div>
+
     <!-- Section: Design Block -->
 {% endblock %}

dbms/templates/reset-email.html

@@ -0,0 +1,4 @@
+<p>Greetings! Follow this link to reset your password:</p>
+<p><a href="{{ reset_url }}">{{ reset_url }}</a></p>
+<br>
+<p>Cheers!</p>

dbms/templates/reset-password.html

@@ -0,0 +1,43 @@
+{% extends 'auth-template.html' %}
+{% set active_page='login' %}
+{% block title %}
+    Reset Password
+{% endblock %}
+{% block form_heading %}
+    Reset Password
+{% endblock %}
+{% block auth_form_content %}
+
+    <!-- Password input -->
+
+    <div class="form-outline mb-4 text-start">
+        {{ form.password.label(class_="form-label ms-1") }}
+        {{ form.password(class_="form-control", placeholder_="Enter your password") }}
+
+    {% if form.password.errors %}
+    <ul>
+        {% for error in form.password.errors %}
+            <li>{{ error }}</li>
+        {% endfor %}
+    </ul>
+    {% endif %}
+    <p class="text-muted ms-1">Password must be at least 8 characters long. It must contain an upper-case letter, a lower-case letter and a number</p>
+    </div>
+
+      <div class="form-outline mb-4 text-start">
+        {{ form.confirm_pass.label(class_="form-label ms-1") }}
+        {{ form.confirm_pass(class_="form-control", placeholder_="Confirm your password") }}
+    {% if form.confirm_pass.errors %}
+    <ul>
+        {% for error in form.confirm_pass.errors %}
+            <li>{{ error }}</li>
+        {% endfor %}
+    </ul>
+    {% endif %}
+    </div>
+
+    <!-- Submit button -->
+    <input type="submit" class="btn btn-primary btn-block mb-4" value="Reset Password">
+
+    <!-- Section: Design Block -->
+{% endblock %}

forms.py

@@ -45,3 +45,15 @@ class UpdateForm(FlaskForm):
                                                                                          "match!")])
 
     discoverable = BooleanField('Do you want your profile to be discoverable?')
+
+
+class ForgotForm(FlaskForm):
+    email = StringField('Email', validators=[InputRequired(), Email(message='Enter a valid email')])
+    
+    
+class PasswordResetForm(FlaskForm):
+    password = PasswordField('New Password',
+                             validators=[DataRequired(), Regexp("^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,}", message="Please follow the guidelines for a strong password")])
+    confirm_pass = PasswordField('Confirm Password', validators=[DataRequired(), EqualTo('password', message="Passwords "
+                                                                                                           "don't "
+                                                                                                           "match!")])

utils_activation/email.py

@@ -16,4 +16,4 @@ def send_email(to, subject, template):
         )
         mail.send(msg)
     except Exception as e:
-        return e;
+        return e