Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

[System] Send welcome and password-changed notifications, allow custom text per config file

This commit is contained in:
Ferdinand Thiessen 2021-01-18 18:05:10 +01:00
parent 049b64ffd5
commit 7ec37914a1
3 changed files with 60 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
flaschengeist.example.toml
View File

@ -7,6 +7,8 @@ auth = "auth_plain"
#root = /api #root = /api
# Set secret key # Set secret key
secret_key = "V3ryS3cr3t" secret_key = "V3ryS3cr3t"
# Domain used by frontend
#domain = "flaschengeist.local"
[LOGGING] [LOGGING]
file = "/tmp/flaschengeist-debug.log" file = "/tmp/flaschengeist-debug.log"
@ -34,6 +36,35 @@ enabled = true
# admin_dn = # admin_dn =
# default_gid = # default_gid =
[MESSAGES]
welcome_subject = "Welcome to Flaschengeist {name}"
welcome_text = '''
Hello {name}!
Welcome to Flaschengeist!
Have fun :)
'''
password_subject = "Flaschengeist - Password reset"
password_text = '''
Hello {name}!
There was a password reset request for username: {username}
To change your password, click on this link:
{link}
'''
password_changed_subject = "Flaschengeist - Password changed"
password_changed_text = '''
Hello {name}!
Your password was changed for username: {username}
If this was not you, please contact the support.
'''
##################
# PLUGINS #
##################
#[users] #[users]
# always enabled # always enabled
# #

45
flaschengeist/controller/userController.py
View File

@ -4,6 +4,7 @@ from datetime import datetime, timedelta, timezone
from werkzeug.exceptions import NotFound, BadRequest, Forbidden from werkzeug.exceptions import NotFound, BadRequest, Forbidden
from flaschengeist import logger from flaschengeist import logger
from flaschengeist.config import config
from flaschengeist.database import db from flaschengeist.database import db
from flaschengeist.utils.hook import Hook from flaschengeist.utils.hook import Hook
from flaschengeist.models.user import User, Role, _PasswordReset from flaschengeist.models.user import User, Role, _PasswordReset
@ -35,26 +36,22 @@ def request_reset(user: User):
if not reset.expires or reset.expires < expires: if not reset.expires or reset.expires < expires:
expires = expires + timedelta(hours=12) expires = expires + timedelta(hours=12)
reset.expires = expires reset.expires = expires
reset.token = secrets.token_urlsafe(16) reset.token = secrets.token_urlsafe(24)
db.session.commit()
subject = "Flaschengeist - Passwort zurücksetzten" subject = str(config["MESSAGES"]["password_subject"]).format(name=user.display_name, username=user.userid)
domain = "flaschengeist.local" text = str(config["MESSAGES"]["password_text"]).format(
text = f"""Hallo {user.display_name}, name=user.display_name,
Jemand hat das Zurücksetzen des Passworts für dein Flaschengeist Benutzerkonto angefordert. username=user.userid,
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
Benutzername: {user.userid} )
Falls das nicht beabsichtigt war, ignoriere diese E-Mail einfach. Es wird dann nichts passieren.
Um dein Passwort zurückzusetzen, besuche folgende Adresse, der Link ist 12 Stunden gültig:
<https://{domain}/reset?token={reset.token}>
"""
db.session.commit()
messageController.send_message(messageController.Message(user, text, subject)) messageController.send_message(messageController.Message(user, text, subject))
def reset_password(token: str, password: str): def reset_password(token: str, password: str):
if len(token) != 32:
raise BadRequest
reset = _PasswordReset.query.filter(_PasswordReset.token == token).one_or_none() reset = _PasswordReset.query.filter(_PasswordReset.token == token).one_or_none()
logger.debug(f"Token is {'valid' if reset else 'invalid'}") logger.debug(f"Token is {'valid' if reset else 'invalid'}")
if not reset or reset.expires < datetime.now(tz=timezone.utc): if not reset or reset.expires < datetime.now(tz=timezone.utc):
@ -101,8 +98,13 @@ def modify_user(user, password, new_password=None):
current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password) current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password)
if new_password: if new_password:
# TODO: Password changed mail logger.debug(f"Password changed for user {user.userid}")
logger.error(f"Password changed for user {user.userid}") subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid)
text = str(config["MESSAGES"]["password_changed_text"]).format(
name=user.display_name,
username=user.userid,
)
messageController.send_message(messageController.Message(user, text, subject))
def get_users(): def get_users():
@ -150,6 +152,15 @@ def register(data):
db.session.add(user) db.session.add(user)
db.session.commit() db.session.commit()
if user.mail and len(user.mail) > 3:
subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid)
text = str(config["MESSAGES"]["welcome_text"]).format(
name=user.display_name,
username=user.userid,
)
messageController.send_message(messageController.Message(user, text, subject))
return user return user

2
flaschengeist/models/user.py
View File

@ -107,7 +107,7 @@ class _PasswordReset(db.Model):
__tablename__ = "password_reset" __tablename__ = "password_reset"
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True) _user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
user: User = db.relationship("User", foreign_keys=[_user_id]) user: User = db.relationship("User", foreign_keys=[_user_id])
token: str = db.Column(db.String(30)) token: str = db.Column(db.String(32))
expires: datetime = db.Column(UtcDateTime) expires: datetime = db.Column(UtcDateTime)