[System] Send welcome and password-changed notifications, allow custom text per config file

This commit is contained in:
Ferdinand Thiessen 2021-01-18 18:05:10 +01:00
parent 049b64ffd5
commit 7ec37914a1
3 changed files with 60 additions and 18 deletions

View File

@ -7,6 +7,8 @@ auth = "auth_plain"
#root = /api
# Set secret key
secret_key = "V3ryS3cr3t"
# Domain used by frontend
#domain = "flaschengeist.local"
[LOGGING]
file = "/tmp/flaschengeist-debug.log"
@ -34,6 +36,35 @@ enabled = true
# admin_dn =
# default_gid =
[MESSAGES]
welcome_subject = "Welcome to Flaschengeist {name}"
welcome_text = '''
Hello {name}!
Welcome to Flaschengeist!
Have fun :)
'''
password_subject = "Flaschengeist - Password reset"
password_text = '''
Hello {name}!
There was a password reset request for username: {username}
To change your password, click on this link:
{link}
'''
password_changed_subject = "Flaschengeist - Password changed"
password_changed_text = '''
Hello {name}!
Your password was changed for username: {username}
If this was not you, please contact the support.
'''
##################
# PLUGINS #
##################
#[users]
# always enabled
#

View File

@ -4,6 +4,7 @@ from datetime import datetime, timedelta, timezone
from werkzeug.exceptions import NotFound, BadRequest, Forbidden
from flaschengeist import logger
from flaschengeist.config import config
from flaschengeist.database import db
from flaschengeist.utils.hook import Hook
from flaschengeist.models.user import User, Role, _PasswordReset
@ -35,26 +36,22 @@ def request_reset(user: User):
if not reset.expires or reset.expires < expires:
expires = expires + timedelta(hours=12)
reset.expires = expires
reset.token = secrets.token_urlsafe(16)
subject = "Flaschengeist - Passwort zurücksetzten"
domain = "flaschengeist.local"
text = f"""Hallo {user.display_name},
Jemand hat das Zurücksetzen des Passworts für dein Flaschengeist Benutzerkonto angefordert.
Benutzername: {user.userid}
Falls das nicht beabsichtigt war, ignoriere diese E-Mail einfach. Es wird dann nichts passieren.
Um dein Passwort zurückzusetzen, besuche folgende Adresse, der Link ist 12 Stunden gültig:
<https://{domain}/reset?token={reset.token}>
"""
reset.token = secrets.token_urlsafe(24)
db.session.commit()
subject = str(config["MESSAGES"]["password_subject"]).format(name=user.display_name, username=user.userid)
text = str(config["MESSAGES"]["password_text"]).format(
name=user.display_name,
username=user.userid,
link=f'https://{config["FLASCHENGEIST"]["domain"]}/reset?token={reset.token}'
)
messageController.send_message(messageController.Message(user, text, subject))
def reset_password(token: str, password: str):
if len(token) != 32:
raise BadRequest
reset = _PasswordReset.query.filter(_PasswordReset.token == token).one_or_none()
logger.debug(f"Token is {'valid' if reset else 'invalid'}")
if not reset or reset.expires < datetime.now(tz=timezone.utc):
@ -101,8 +98,13 @@ def modify_user(user, password, new_password=None):
current_app.config["FG_AUTH_BACKEND"].modify_user(user, password, new_password)
if new_password:
# TODO: Password changed mail
logger.error(f"Password changed for user {user.userid}")
logger.debug(f"Password changed for user {user.userid}")
subject = str(config["MESSAGES"]["password_changed_subject"]).format(name=user.display_name, username=user.userid)
text = str(config["MESSAGES"]["password_changed_text"]).format(
name=user.display_name,
username=user.userid,
)
messageController.send_message(messageController.Message(user, text, subject))
def get_users():
@ -150,6 +152,15 @@ def register(data):
db.session.add(user)
db.session.commit()
if user.mail and len(user.mail) > 3:
subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid)
text = str(config["MESSAGES"]["welcome_text"]).format(
name=user.display_name,
username=user.userid,
)
messageController.send_message(messageController.Message(user, text, subject))
return user

View File

@ -107,7 +107,7 @@ class _PasswordReset(db.Model):
__tablename__ = "password_reset"
_user_id: User = db.Column("user", db.Integer, db.ForeignKey("user.id"), primary_key=True)
user: User = db.relationship("User", foreign_keys=[_user_id])
token: str = db.Column(db.String(30))
token: str = db.Column(db.String(32))
expires: datetime = db.Column(UtcDateTime)