Adrien forgotpassword (#61)

Added forgot password implementation with database

Author: adrienmonks11

.DS_Store

@@ -1,11 +1,12 @@
 from flask import Flask, render_template, request, redirect, url_for, jsonify, flash, json
 import firebase_admin
 from firebase_admin import credentials, firestore
-import bcrypt
+import bcrypt, secrets
 from firebase.config import Config
 from db_utils import upload_file_to_db, connect_to_database
 from flask_mail import Mail, Message
 import email_credentials
+from datetime import datetime, timedelta, timezone
 
 app = Flask(__name__)
 app.config.from_object(Config)
@@ -108,13 +109,133 @@ def pre_approved_access_code():
         return redirect(url_for('homepage'))
     return render_template('pre_approved_access_code.html')
 
+@app.route('/reset_password', methods=['GET', 'POST'])
+def reset_password():
+    if request.method == 'POST':
+        email = request.form.get('email').strip().lower()
+        user_ref = db.collection('users').document(email)
+        user_doc = user_ref.get()
+        
+        if user_doc.exists:
+            verification_secret = secrets.token_hex(3)
+            expiration_time = datetime.now(timezone.utc) + timedelta(minutes=15)
+
+            
+            user_ref.update({
+                'verification_code': verification_secret,
+                'verification_expiry': expiration_time
+            })
+            
+            subject = "HUA Password Reset"
+            body = f"""Hi,
+
+You recently requested a password reset for HUA. Your verification code is below.
+
+{verification_secret}
+
+This code will expire in 15 minutes.
+
+If you didn't request a password reset, you can safely disregard this email.
+
+This account is not monitored, please do not reply to this email.
+"""
+            try:
+                msg = Message(subject, sender="Huaverso@gmail.com", recipients=[email], body=body)
+                mail.send(msg)
+                
+                flash("A verification code has been sent to your email.", "success")
+                return redirect(url_for('enter_code', email=email))
+            except Exception:
+                flash("Failed to send verification email. Please try again later.", "danger")
+                return redirect(url_for('reset_password'))
+        else:
+            flash("No account with this email exists.", "danger")
+            return redirect(url_for('reset_password'))
+    
+    return render_template('reset_password.html')
+
+@app.route('/enter_code', methods=['GET', 'POST'])
+def enter_code():
+    email = request.args.get('email')
+    if not email:
+        flash("Invalid request.", "danger")
+        return redirect(url_for('reset_password'))
+    
+    if request.method == 'POST':
+        entered_code = request.form.get('verification_code').strip()
+        user_ref = db.collection('users').document(email)
+        user_doc = user_ref.get()
+        
+        if not user_doc.exists:
+            flash("Invalid request.", "danger")
+            return redirect(url_for('reset_password'))
+        
+        stored_code = user_doc.to_dict().get('verification_code')
+        expiry_time = user_doc.to_dict().get('verification_expiry')
+        
+        if not stored_code or not expiry_time:
+            flash("No verification code found. Please initiate the password reset again.", "danger")
+            return redirect(url_for('reset_password'))
+
+        if entered_code != stored_code:
+            flash("Invalid verification code.", "danger")
+            return redirect(url_for('enter_code', email=email))
+        
+        if datetime.now(timezone.utc) > expiry_time:
+            flash("The verification code has expired. Please request a new one.", "danger")
+            user_ref.update({
+                'verification_code': firestore.DELETE_FIELD,
+                'verification_expiry': firestore.DELETE_FIELD
+            })
+            return redirect(url_for('reset_password'))
+        
+        return redirect(url_for('new_password', email=email))
+    
+    return render_template('enter_code.html', email=email)
+
+@app.route('/new_password', methods=['GET', 'POST'])
+def new_password():
+    email = request.args.get('email')
+    if not email:
+        flash("Invalid request.", "danger")
+        return redirect(url_for('reset_password'))
+    
+    if request.method == 'POST':
+        new_password = request.form.get('new_password')
+        confirm_password = request.form.get('confirm_password')
+        
+        if new_password != confirm_password:
+            flash("Passwords do not match.", "danger")
+            return redirect(url_for('new_password', email=email))
+        
+        if len(new_password) < 6:
+            flash("Password must be at least 6 characters long.", "danger")
+            return redirect(url_for('new_password', email=email))
+        
+        # Hash the new password and decode to store as string
+        hashed_password = bcrypt.hashpw(new_password.encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
+        user_ref = db.collection('users').document(email)
+        user_ref.update({'password': hashed_password})
+        
+        user_ref.update({
+            'verification_code': firestore.DELETE_FIELD,
+            'verification_expiry': firestore.DELETE_FIELD
+        })
+        
+        flash("Your password has been successfully reset. You can now log in.", "success")
+        return redirect(url_for('home'))
+    
+    return render_template('new_password.html', email=email)
+
+
+
 
 @app.route('/login', methods=['GET', 'POST'])
 def login():
-    email = request.form.get('email')
-    password = request.form.get('password')
-
     if request.method == 'POST':
+        print("Form Data:", request.form)
+        email = request.form.get('email')
+        password = request.form.get('password')
         try:
             # Retrieve user data from Firestore
             user_ref = db.collection('users').document(email)
@@ -123,11 +244,21 @@ def login():
             if user_doc.exists:
                 stored_hashed_password = user_doc.to_dict().get('password')
 
-                # Check if the password matches
-                if bcrypt.checkpw(password.encode('utf-8'), stored_hashed_password.encode('utf-8')):
-                    return redirect(url_for('homepage', email=email))
+                # Ensure the stored hashed password exists
+                if stored_hashed_password:
+                    # Encode the stored hashed password to bytes
+                    stored_hashed_password_bytes = stored_hashed_password.encode('utf-8')
+
+                    # Check if the password matches
+                    if bcrypt.checkpw(password.encode('utf-8'), stored_hashed_password_bytes):
+                        flash("Logged in successfully.", "success")
+                        return redirect(url_for('homepage', email=email))
+                    else:
+                        flash("Invalid password", "danger")
+                        return redirect(url_for('login'))
+
                 else:
-                    flash("Invalid password", "danger")
+                    flash("Password not set for this account.", "danger")
                     return redirect(url_for('login'))
             else:
                 flash("User not found", "danger")
@@ -136,8 +267,10 @@ def login():
         except Exception as e:
             flash(f"An error occurred: {str(e)}", "danger")
             return redirect(url_for('login'))
-    if request.method == "GET":
-        return render_template('login.html')
+    
+    # Handle GET requests
+    return render_template('login.html')
+
 
 @app.route("/dashboard")
 def dashboard():

flaskApp/.DS_Store

@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Enter Verification Code</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                {% with messages = get_flashed_messages(with_categories=true) %}
+                    {% if messages %}
+                        {% for category, message in messages %}
+                            <div class="alert alert-{{ category }} alert-dismissible fade show" role="alert">
+                                {{ message }}
+                                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                                    <span aria-hidden="true">&times;</span>
+                                </button>
+                            </div>
+                        {% endfor %}
+                    {% endif %}
+                {% endwith %}
+                <h2 class="text-center">Enter Verification Code</h2>
+                <form method="POST" action="{{ url_for('enter_code') }}?email={{ email }}">
+                    <input type="hidden" name="email" value="{{ email }}">
+                    <div class="form-group">
+                        <label for="verificationCode">Verification Code</label>
+                        <input type="text" id="verificationCode" name="verification_code" class="form-control" placeholder="Enter verification code" required>
+                    </div>
+                    <button type="submit" class="btn btn-primary btn-block">Verify Code</button>
+                </form>
+                <a href="{{ url_for('reset_password') }}" class="btn btn-secondary btn-block mt-2">Back</a>
+            </div>
+        </div>
+    </div>
+    <!-- Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
+</body>
+</html>

flaskApp/app.py

@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-4">
+                <h2 class="text-center">Reset Your Password</h2>
+
+                <!-- Flash message for successful or failed reset -->
+                {% with messages = get_flashed_messages() %}
+                    {% if messages %}
+                        <div class="alert alert-danger" role="alert">
+                            {{ messages[0] }}
+                        </div>
+                    {% endif %}
+                {% endwith %}
+
+                <form method="POST" action="/reset_password">
+                    <!-- Email input -->
+                    <div class="form-group">
+                        <label for="formEmail">Email address</label>
+                        <input type="email" id="formEmail" name="email" class="form-control" placeholder="Enter email" required>
+                    </div>
+                    
+
+                    <!-- Submit button -->
+                    <button type="submit" class="btn btn-primary btn-block">Request Email Reset Code</button>
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <!-- Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
+</body>
+</html>

flaskApp/firebase/__pycache__/config.cpython-311.pyc

@@ -14,14 +14,20 @@
                 <h2 class="text-center">Sign In</h2>
 
                 <!-- Flash message for invalid credentials -->
-                {% with messages = get_flashed_messages() %}
+                {% with messages = get_flashed_messages(with_categories=true) %}
                     {% if messages %}
-                        <div class="alert alert-danger" role="alert">
-                            {{ messages[0] }}
-                        </div>
+                        {% for category, message in messages %}
+                            <div class="alert alert-{{ category }} alert-dismissible fade show" role="alert">
+                                {{ message }}
+                                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                                    <span aria-hidden="true">&times;</span>
+                                </button>
+                            </div>
+                        {% endfor %}
                     {% endif %}
                 {% endwith %}
 
+
                 <form method="POST" action="/login">
                     <!-- Email input -->
                     <div class="form-group">

flaskApp/templates/enter_code.html

@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Set New Password</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                {% with messages = get_flashed_messages(with_categories=true) %}
+                    {% if messages %}
+                        {% for category, message in messages %}
+                            <div class="alert alert-{{ category }} alert-dismissible fade show" role="alert">
+                                {{ message }}
+                                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                                    <span aria-hidden="true">&times;</span>
+                                </button>
+                            </div>
+                        {% endfor %}
+                    {% endif %}
+                {% endwith %}
+                <h2 class="text-center">Set New Password</h2>
+                <form method="POST" action="{{ url_for('new_password') }}?email={{ email }}">
+                    <input type="hidden" name="email" value="{{ email }}">
+                    <div class="form-group">
+                        <label for="newPassword">New Password</label>
+                        <input type="password" id="newPassword" name="new_password" class="form-control" placeholder="Enter new password" required>
+                    </div>
+                    <div class="form-group">
+                        <label for="confirmPassword">Confirm New Password</label>
+                        <input type="password" id="confirmPassword" name="confirm_password" class="form-control" placeholder="Confirm new password" required>
+                    </div>
+                    <button type="submit" class="btn btn-primary btn-block">Reset Password</button>
+                </form>
+                <a href="{{ url_for('enter_code', email=email) }}" class="btn btn-secondary btn-block mt-2">Back</a>
+            </div>
+        </div>
+    </div>
+    <!-- Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
+</body>
+</html>

flaskApp/templates/forgot_password.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Reset Password</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <div class="row justify-content-center">
+            <div class="col-md-6">
+                {% with messages = get_flashed_messages(with_categories=true) %}
+                    {% if messages %}
+                        {% for category, message in messages %}
+                            <div class="alert alert-{{ category }} alert-dismissible fade show" role="alert">
+                                {{ message }}
+                                <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                                    <span aria-hidden="true">&times;</span>
+                                </button>
+                            </div>
+                        {% endfor %}
+                    {% endif %}
+                {% endwith %}
+                <h2 class="text-center">Reset Your Password</h2>
+                <form method="POST" action="{{ url_for('reset_password') }}">
+                    <div class="form-group">
+                        <label for="formEmail">Email Address</label>
+                        <input type="email" id="formEmail" name="email" class="form-control" placeholder="Enter your email" required>
+                    </div>
+                    <button type="submit" class="btn btn-primary btn-block">Request Password Reset</button>
+                </form>
+            </div>
+        </div>
+    </div>
+    <!-- Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
+</body>
+</html>