From 7ec37914a13b3ef6c00748dad539d59fc4a8ad5f Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Mon, 18 Jan 2021 18:05:10 +0100 Subject: [PATCH] [System] Send welcome and password-changed notifications, allow custom text per config file --- flaschengeist.example.toml | 31 +++++++++++++++ flaschengeist/controller/userController.py | 45 ++++++++++++++-------- flaschengeist/models/user.py | 2 +- 3 files changed, 60 insertions(+), 18 deletions(-) diff --git a/flaschengeist.example.toml b/flaschengeist.example.toml index 6953678..efe1efe 100644 --- a/flaschengeist.example.toml +++ b/flaschengeist.example.toml @@ -7,6 +7,8 @@ auth = "auth_plain" #root = /api # Set secret key secret_key = "V3ryS3cr3t" +# Domain used by frontend +#domain = "flaschengeist.local" [LOGGING] file = "/tmp/flaschengeist-debug.log" @@ -34,6 +36,35 @@ enabled = true # admin_dn = # default_gid = +[MESSAGES] +welcome_subject = "Welcome to Flaschengeist {name}" +welcome_text = ''' +Hello {name}! +Welcome to Flaschengeist! +Have fun :) +''' + +password_subject = "Flaschengeist - Password reset" +password_text = ''' +Hello {name}! +There was a password reset request for username: {username} + +To change your password, click on this link: +{link} +''' + +password_changed_subject = "Flaschengeist - Password changed" +password_changed_text = ''' +Hello {name}! +Your password was changed for username: {username} + +If this was not you, please contact the support. +''' + +################## +# PLUGINS # +################## + #[users] # always enabled # diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py index 1781755..eefcdeb 100644 --- a/flaschengeist/controller/userController.py +++ b/flaschengeist/controller/userController.py @@ -4,6 +4,7 @@ from datetime import datetime, timedelta, timezone from werkzeug.exceptions import NotFound, BadRequest, Forbidden from flaschengeist import logger +from flaschengeist.config import config from flaschengeist.database import db from flaschengeist.utils.hook import Hook from flaschengeist.models.user import User, Role, _PasswordReset @@ -35,26 +36,22 @@ def request_reset(user: User): if not reset.expires or reset.expires < expires: expires = expires + timedelta(hours=12) reset.expires = expires - reset.token = secrets.token_urlsafe(16) + reset.token = secrets.token_urlsafe(24) + db.session.commit() - subject = "Flaschengeist - Passwort zurücksetzten" - domain = "flaschengeist.local" - text = f"""Hallo {user.display_name}, -Jemand hat das Zurücksetzen des Passworts für dein Flaschengeist Benutzerkonto angefordert. - -Benutzername: {user.userid} - -Falls das nicht beabsichtigt war, ignoriere diese E-Mail einfach. Es wird dann nichts passieren. - -Um dein Passwort zurückzusetzen, besuche folgende Adresse, der Link ist 12 Stunden gültig: - - - """ - db.session.commit() + subject = str(config["MESSAGES"]["password_subject"]).format(name=user.display_name, username=user.userid) + text = str(config["MESSAGES"]["password_text"]).format( + name=user.display_name, + username=user.userid, + link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}' + ) messageController.send_message(messageController.Message(user, text, subject)) def reset_password(token: str, password: str): + if len(token) != 32: + raise BadRequest + reset = _PasswordReset.query.filter(_PasswordReset.token == token).one_or_none() logger.debug(f"Token is {'valid' if reset else 'invalid'}") if not reset or reset.expires < datetime.now(tz=timezone.utc): @@ -101,8 +98,13 @@ def modify_user(user, password, new_password=None): current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password) if new_password: - # TODO: Password changed mail - logger.error(f"Password changed for user {user.userid}") + logger.debug(f"Password changed for user {user.userid}") + subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid) + text = str(config["MESSAGES"]["password_changed_text"]).format( + name=user.display_name, + username=user.userid, + ) + messageController.send_message(messageController.Message(user, text, subject)) def get_users(): @@ -150,6 +152,15 @@ def register(data): db.session.add(user) db.session.commit() + + if user.mail and len(user.mail) > 3: + subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid) + text = str(config["MESSAGES"]["welcome_text"]).format( + name=user.display_name, + username=user.userid, + ) + messageController.send_message(messageController.Message(user, text, subject)) + return user diff --git a/flaschengeist/models/user.py b/flaschengeist/models/user.py index a25fd33..62940d8 100644 --- a/flaschengeist/models/user.py +++ b/flaschengeist/models/user.py @@ -107,7 +107,7 @@ class _PasswordReset(db.Model): __tablename__ = "password_reset" _user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True) user: User = db.relationship("User", foreign_keys=[_user_id]) - token: str = db.Column(db.String(30)) + token: str = db.Column(db.String(32)) expires: datetime = db.Column(UtcDateTime)