ACM/hack-wpi-python
3
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity Actions

registration: Expire password requests after 30 minutes

Browse source 
Need to amend email to make this clear
This commit is contained in:
Cara Salter 2023-01-03 18:00:41 -05:00
parent 60953074e7
commit e49e329f68
No known key found for this signature in database
GPG key ID: 90C66610C82B29CA
3 changed files with 43 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
goathacks/models.py
View file

@ -1,6 +1,6 @@
from flask import flash, redirect, url_for from flask import flash, redirect, url_for
from flask_login import UserMixin from flask_login import UserMixin
from sqlalchemy import Boolean, Column, DateTime, ForeignKey, Integer, String from sqlalchemy import Boolean, Column, Date, DateTime, ForeignKey, Integer, String
from . import db from . import db
from . import login from . import login
@ -55,3 +55,4 @@ def unauth():
class PwResetRequest(db.Model): class PwResetRequest(db.Model):
id = Column(String, primary_key=True) id = Column(String, primary_key=True)
user_id = Column(Integer, ForeignKey('user.id'), nullable=False) user_id = Column(Integer, ForeignKey('user.id'), nullable=False)
expires = Column(DateTime, nullable=False)

11
goathacks/registration/__init__.py
View file

@ -1,4 +1,4 @@
from datetime import datetime from datetime import datetime, timedelta
from flask import Blueprint, abort, config, current_app, flash, redirect, render_template, request, url_for from flask import Blueprint, abort, config, current_app, flash, redirect, render_template, request, url_for
import flask_login import flask_login
from flask_login import current_user from flask_login import current_user
@ -112,7 +112,8 @@ def reset():
else: else:
r = PwResetRequest( r = PwResetRequest(
id=str(ulid.ulid()), id=str(ulid.ulid()),
user_id=user.id user_id=user.id,
expires=datetime.now() + timedelta(minutes=30)
) )
db.session.add(r) db.session.add(r)
db.session.commit() db.session.commit()
@ -136,6 +137,12 @@ def do_reset(id):
flash("Invalid request") flash("Invalid request")
return redirect(url_for("registration.login")) return redirect(url_for("registration.login"))
if req.expires < datetime.now():
db.session.delete(req)
db.session.commit()
flash("Invalid request")
return redirect(url_for("registration.login"))
if request.method == "POST": if request.method == "POST":
password = request.form.get("password") password = request.form.get("password")
password_c = request.form.get("password_confirm") password_c = request.form.get("password_confirm")

32
migrations/versions/261c004968a4_.py Normal file
View file

@ -0,0 +1,32 @@
"""empty message
Revision ID: 261c004968a4
Revises: 8a0c9c00f04c
Create Date: 2023-01-03 17:58:35.801660
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = '261c004968a4'
down_revision = '8a0c9c00f04c'
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
with op.batch_alter_table('pw_reset_request', schema=None) as batch_op:
batch_op.add_column(sa.Column('expires', sa.DateTime(), nullable=False))
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
with op.batch_alter_table('pw_reset_request', schema=None) as batch_op:
batch_op.drop_column('expires')
# ### end Alembic commands ###