Merge pull request #52 from DarkflameUniverse/admin-password-rest

add the ability to reset user's password
This commit is contained in:
Aaron Kimbrell 2022-10-16 20:41:19 -05:00 committed by GitHub
commit 3a034de45a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 5 deletions

View File

@ -1,7 +1,9 @@
from flask import render_template, Blueprint, redirect, url_for, request, current_app, flash from flask import render_template, Blueprint, redirect, url_for, request, current_app, flash
from flask_user import login_required, current_user from flask_user import login_required, current_user
from datatables import ColumnDT, DataTables from datatables import ColumnDT, DataTables
import bcrypt
import datetime import datetime
import secrets
from app.models import ( from app.models import (
Account, Account,
CharacterInfo, CharacterInfo,
@ -152,10 +154,14 @@ def delete(id):
message = f"Deleted Account ({account.id}){account.username}" message = f"Deleted Account ({account.id}){account.username}"
chars = CharacterInfo.query.filter(CharacterInfo.account_id == id).all() chars = CharacterInfo.query.filter(CharacterInfo.account_id == id).all()
for char in chars: for char in chars:
activities = ActivityLog.query.filter(ActivityLog.character_id == char.id).all() activities = ActivityLog.query.filter(
ActivityLog.character_id == char.id
).all()
for activity in activities: for activity in activities:
activity.delete() activity.delete()
lb_entries = Leaderboard.query.filter(Leaderboard.character_id == char.id).all() lb_entries = Leaderboard.query.filter(
Leaderboard.character_id == char.id
).all()
for lb_entry in lb_entries: for lb_entry in lb_entries:
lb_entry.delete() lb_entry.delete()
mails = Mail.query.filter(Mail.receiver_id == char.id).all() mails = Mail.query.filter(Mail.receiver_id == char.id).all()
@ -163,13 +169,17 @@ def delete(id):
mail.delete() mail.delete()
props = Property.query.filter(Property.owner_id == char.id).all() props = Property.query.filter(Property.owner_id == char.id).all()
for prop in props: for prop in props:
prop_contents = PropertyContent.query.filter(PropertyContent.property_id == prop.id).all() prop_contents = PropertyContent.query.filter(
PropertyContent.property_id == prop.id
).all()
for prop_content in prop_contents: for prop_content in prop_contents:
if prop_content.lot == "14": if prop_content.lot == "14":
UGC.query.filter(UGC.id == prop.ugc_id).first().delete() UGC.query.filter(UGC.id == prop.ugc_id).first().delete()
prop_content.delete() prop_content.delete()
prop.delete() prop.delete()
friends = Friends.query.filter(or_(Friends.player_id == char.id, Friends.friend_id == char.id)).all() friends = Friends.query.filter(
or_(Friends.player_id == char.id, Friends.friend_id == char.id)
).all()
for friend in friends: for friend in friends:
friend.delete() friend.delete()
char.delete() char.delete()
@ -180,7 +190,8 @@ def delete(id):
audits = AuditLog.query.filter(AuditLog.account_id == id).all() audits = AuditLog.query.filter(AuditLog.account_id == id).all()
for audit in audits: for audit in audits:
audit.delete() audit.delete()
invites = AccountInvitation.query.filter(AccountInvitation.invited_by_user_id == id).all() invites = AccountInvitation.query.filter(
AccountInvitation.invited_by_user_id == id).all()
for invite in invites: for invite in invites:
invite.delete() invite.delete()
account.delete() account.delete()
@ -189,6 +200,27 @@ def delete(id):
return redirect(url_for("main.index")) return redirect(url_for("main.index"))
@accounts_blueprint.route('/pass_reset/<id>', methods=['GET', 'POST'])
@login_required
@gm_level(9)
def pass_reset(id):
# get the account
account = Account.query.filter(Account.id == id).first()
# make a random pass of length 12 using secrets
raw_pass = secrets.token_urlsafe(12)
# generate the hash
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(str.encode(raw_pass), salt)
# save the has
account.password = hashed
account.save()
# display for the admin to get and log that the action was done
flash(f"Set password for account {account.username} to {raw_pass}", "success")
log_audit(f"Reset password for {account.username}")
return redirect(request.referrer if request.referrer else url_for("main.index"))
@accounts_blueprint.route('/get', methods=['GET']) @accounts_blueprint.route('/get', methods=['GET'])
@login_required @login_required
@gm_level(3) @gm_level(3)

View File

@ -108,6 +108,12 @@
</div> </div>
{% endif %} {% endif %}
</div> </div>
{% elif current_user.gm_level = 9%}
<div class="col">
<a role="button" class="btn btn-danger btn btn-block" href='{{ url_for('accounts.pass_reset', id= account_data.id) }}'>
Reset User's Password
</a>
</div>
{% endif %} {% endif %}
{% if account_data.play_key and current_user.gm_level > 3 and config.REQUIRE_PLAY_KEY %} {% if account_data.play_key and current_user.gm_level > 3 and config.REQUIRE_PLAY_KEY %}