JohnHammond
/
CTFd
mirror of https://github.com/JohnHammond/CTFd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a password change notification email (#1221) 

* Adds an email notification for password resets
bulk-clear-sessions
Kevin Chung 2020-01-20 23:05:44 -05:00 committed by GitHub
parent 60c46af58a
commit a2551db690
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CTFd/auth.py
View File

@ -135,6 +135,7 @@ def reset_password(data=None):
name=user.name, name=user.name,
) )
db.session.close() db.session.close()
email.password_change_alert(user.email)
return redirect(url_for("auth.login")) return redirect(url_for("auth.login"))
if request.method == "POST": if request.method == "POST":

11
CTFd/utils/email/__init__.py
View File

@ -16,6 +16,17 @@ def sendmail(addr, text, subject="Message from {ctf_name}"):
return False, "No mail settings configured" return False, "No mail settings configured"
def password_change_alert(email):
ctf_name = get_config("ctf_name")
text = (
"Your password for {ctf_name} has been changed.\n\n"
"If you didn't request a password change you can reset your password here: {url}"
).format(ctf_name=ctf_name, url=url_for("auth.reset_password", _external=True))
subject = "Password Change Confirmation for {ctf_name}".format(ctf_name=ctf_name)
return sendmail(addr=email, text=text, subject=subject)
def forgot_password(email): def forgot_password(email):
token = serialize(email) token = serialize(email)
text = """Did you initiate a password reset? If you didn't initiate this request you can ignore this email. text = """Did you initiate a password reset? If you didn't initiate this request you can ignore this email.