From 22b2bc0a0f71e748acd9dcb13ad010dc16178c06 Mon Sep 17 00:00:00 2001
From: a2-imeri <alfret2.imeri@live.uwe.ac.uk>
Date: Mon, 24 Apr 2023 08:15:04 +0100
Subject: [PATCH] Remove security questions
---
seed_database.py | 1 -
store/forms.py | 6 --
store/models.py | 15 -----
store/routes.py | 62 ++++---------------
store/templates/userContent/ChangeEmail.html | 4 --
.../templates/userContent/ChangePhNumber.html | 3 -
.../templates/userContent/ChangeUsername.html | 2 -
store/templates/userContent/login.html | 4 +-
store/templates/userContent/register.html | 3 -
9 files changed, 13 insertions(+), 87 deletions(-)
diff --git a/seed_database.py b/seed_database.py
index 6ed51f0..00d1058 100644
--- a/seed_database.py
+++ b/seed_database.py
@@ -71,7 +71,6 @@ with app.app_context():
password="password",
email="admin@website.com",
phone_number="8383838",
- securityQ1="rainbow",
)
user.userType = "admin" # Because of how flasks works, once a row is created it can be further altered via its objects and changes saved on db.session.commit().
diff --git a/store/forms.py b/store/forms.py
index 7f088a7..25f9841 100644
--- a/store/forms.py
+++ b/store/forms.py
@@ -14,9 +14,6 @@ from wtforms.validators import DataRequired # Basic example.#
class RegistrationForm(FlaskForm):
username = StringField("Username", [validators.Length(min=4, max=255)])
email = StringField("Email Address", [validators.Length(min=6, max=255)])
- securityQ1 = StringField(
- "Enter your Favourite Colour", [validators.Length(min=3, max=35)]
- )
phone_number = StringField("Phone Number", [validators.Length(min=6, max=35)])
password = PasswordField(
"New Password",
@@ -36,9 +33,6 @@ class RegistrationForm(FlaskForm):
class LoginForm(FlaskForm):
username = StringField("Username", [validators.Length(min=4, max=255)])
password = PasswordField("Password", [validators.Length(min=6, max=220)])
- securityQ1 = StringField(
- "Enter your Favourite Colour", [validators.Length(min=3, max=35)]
- )
submit = SubmitField("Login", render_kw={"class": "button"})
diff --git a/store/models.py b/store/models.py
index 076efd6..a5d31d2 100644
--- a/store/models.py
+++ b/store/models.py
@@ -88,7 +88,6 @@ class User(db.Model, UserMixin):
email = db.Column(db.String(256), nullable=False)
phone_number = db.Column(db.String(20), nullable=False)
password_hash = db.Column(db.String(256), nullable=False)
- securityQ1 = db.Column(db.String(30), nullable=False)
userType = db.Column(db.String(20), default="standard")
@classmethod
@@ -98,7 +97,6 @@ class User(db.Model, UserMixin):
password: str,
email: str,
phone_number: str,
- securityQ1: str,
):
password_hash = generate_password_hash(password)
user = cls(
@@ -106,7 +104,6 @@ class User(db.Model, UserMixin):
password_hash=password_hash,
email=email,
phone_number=phone_number,
- securityQ1=securityQ1,
)
db.session.add(user)
db.session.commit()
@@ -119,12 +116,6 @@ class User(db.Model, UserMixin):
user.password_hash = password_hash
db.session.commit()
- @classmethod
- def update_security_q1(cls, user_id: int, securityQ1: str):
- user = cls.query.get(user_id)
- user.securityQ1 = securityQ1
- db.session.commit()
-
@classmethod
def update_username(cls, user_id: int, username: str):
user = cls.query.get(user_id)
@@ -156,12 +147,6 @@ class User(db.Model, UserMixin):
def check_password(self, password: str) -> bool:
return check_password_hash(self.password_hash, password)
- def securityverification(self, securityQ1: str) -> bool:
- if self.securityQ1 == securityQ1:
- return True
- else:
- return False
-
def checkIfUserExist(self, username: str) -> bool:
if self.username == username:
return True
diff --git a/store/routes.py b/store/routes.py
index c281541..f78897f 100644
--- a/store/routes.py
+++ b/store/routes.py
@@ -132,7 +132,6 @@ def register():
form.password.data,
form.email.data,
form.phone_number.data,
- form.securityQ1.data,
)
return redirect(url_for("index"))
@@ -145,15 +144,14 @@ def login():
if form.validate_on_submit():
username = form.username.data
password = form.password.data
- securityQ1 = form.securityQ1.data
user = User.query.filter_by(username=username).first()
+ print("hi")
if user and user.check_password(password):
- if user.securityverification(securityQ1) == True:
- login_user(user)
- print(current_user.userType)
- return redirect(url_for("index"))
- else:
- flash("Invalid security answer")
+ print("success")
+ login_user(user)
+ print(current_user.userType)
+ return redirect(url_for("index"))
+
else:
flash("Login unsuccessful. Please check username and password.")
return render_template("userContent/login.html", form=form)
@@ -274,24 +272,6 @@ def verify_code_security1():
return render_template("userContent/verify_code_security1.html")
-@app.route("/verify_code_security1_confirm", methods=["GET", "POST"])
-def verify_code_security1_confirm():
- if "user_id" not in session:
- return redirect(url_for("reset_security1"))
- user_id = session["user_id"]
- if request.method == "POST":
- securityQ1 = request.form["securityQ1"]
- confirm_securityQ1 = request.form["confirm_securityQ1"]
- if securityQ1 == confirm_securityQ1:
- User.update_security_q1(user_id, securityQ1)
- session.pop("user_id", None)
- flash("Your security question has been successfully reset")
- return redirect(url_for("login"))
- else:
- flash("security question do not match")
- return render_template("userContent/verify_code_security1_confirm.html")
-
-
@app.route("/account")
@login_required
def account():
@@ -478,17 +458,11 @@ def ChangeUsername():
if request.method == "POST":
user_id = current_user.user_id
password = request.form["password"]
- securityQ1 = request.form["securityQ1"]
NewUsername = request.form["NewUsername"]
user = User.query.get(user_id)
if user and user.check_password(password):
- # if User.check_password(user_id, password):
- if user.securityverification(securityQ1) == True:
- User.update_username(user_id, NewUsername)
- flash("username successfully changed.")
-
- else:
- flash("Invalid security answer")
+ User.update_username(user_id, NewUsername)
+ flash("username successfully changed.")
else:
flash("Wrong password.")
@@ -501,17 +475,11 @@ def ChangeEmail():
if request.method == "POST":
user_id = current_user.user_id
password = request.form["password"]
- securityQ1 = request.form["securityQ1"]
+
NewEmail = request.form["NewEmail"]
user = User.query.get(user_id)
if user and user.check_password(password):
- # if User.check_password(user_id, password):
- if user.securityverification(securityQ1) == True:
- User.update_email(user_id, NewEmail)
- flash("email successfully changed.")
-
- else:
- flash("Invalid security answer")
+ User.update_email(user_id, NewEmail)
else:
flash("Wrong password.")
@@ -524,17 +492,11 @@ def ChangePhNumber():
if request.method == "POST":
user_id = current_user.user_id
password = request.form["password"]
- securityQ1 = request.form["securityQ1"]
NewNumber = request.form["NewNumber"]
user = User.query.get(user_id)
if user and user.check_password(password):
- # if User.check_password(user_id, password):
- if user.securityverification(securityQ1) == True:
- User.update_Number(user_id, NewNumber)
- flash("New Number successfully changed.")
-
- else:
- flash("Invalid security answer")
+ User.update_Number(user_id, NewNumber)
+ flash("New Number successfully changed.")
else:
flash("Wrong password.")
diff --git a/store/templates/userContent/ChangeEmail.html b/store/templates/userContent/ChangeEmail.html
index 286607e..2a1e281 100644
--- a/store/templates/userContent/ChangeEmail.html
+++ b/store/templates/userContent/ChangeEmail.html
@@ -8,10 +8,6 @@
<label for="password"><b>Password verification</b></label>
<input type="password" placeholder="Enter Password" name="password" id="password" required>
-
- <label for="securityQ1"><b>what is your favourite colour, for verification porpuses/b></label>
- <input type="securityQ1" placeholder="Enter a colour" name="securityQ1" id="securityQ1" required>
-
<label for="NewEmail"><b>New E-mail</b></label>
<input type="NewEmail" placeholder="Enter new E-mail" name="NewEmail" id="NewEmail" required>
diff --git a/store/templates/userContent/ChangePhNumber.html b/store/templates/userContent/ChangePhNumber.html
index ed35cc6..76ec481 100644
--- a/store/templates/userContent/ChangePhNumber.html
+++ b/store/templates/userContent/ChangePhNumber.html
@@ -9,9 +9,6 @@
<input type="password" placeholder="Enter Password" name="password" id="password" required>
- <label for="securityQ1"><b>what is your favourite colour, for verification porpuses/b></label>
- <input type="securityQ1" placeholder="Enter a colour" name="securityQ1" id="securityQ1" required>
-
<label for="NewNumber"><b> Enter New Number</b></label>
<input type="NewNumber" placeholder="Enter new Number" name="NewNumber" id="NewNumber" required>
diff --git a/store/templates/userContent/ChangeUsername.html b/store/templates/userContent/ChangeUsername.html
index d576cad..155155b 100644
--- a/store/templates/userContent/ChangeUsername.html
+++ b/store/templates/userContent/ChangeUsername.html
@@ -9,8 +9,6 @@
<input type="password" placeholder="Enter Password" name="password" id="password" required>
- <label for="securityQ1"><b>what is your favourite colour, for verification porpuses/b></label>
- <input type="securityQ1" placeholder="Enter a colour" name="securityQ1" id="securityQ1" required>
<label for="NewUsername"><b>New username</b></label>
<input type="NewUsername" placeholder="Enter new Username" name="NewUsername" id="NewUsername" required>
diff --git a/store/templates/userContent/login.html b/store/templates/userContent/login.html
index e270964..a225e95 100644
--- a/store/templates/userContent/login.html
+++ b/store/templates/userContent/login.html
@@ -15,15 +15,13 @@
</tr>
<td>{{ render_field(form.password) }}</td>
</tr>
- <tr>
- <td> {{ render_field(form.securityQ1) }}</td>
- </tr>
</table>
</dl>
<br>
{{form.submit()}}
<br>
</form>
+ <td><a href="{{ url_for('reset_password')}}">I Forgot my Password!</a></td><br><br>
<br>
</div>
{% endblock %}
\ No newline at end of file
diff --git a/store/templates/userContent/register.html b/store/templates/userContent/register.html
index ec31ae4..d6e4fd4 100644
--- a/store/templates/userContent/register.html
+++ b/store/templates/userContent/register.html
@@ -19,9 +19,6 @@
<tr>
<td>{{ render_field(form.phone_number) }}</td>
</tr>
- <tr>
- <td> {{ render_field(form.securityQ1) }}</td>
- </tr>
<tr>
<td>{{ render_field(form.password) }}</td>
</tr>
--
GitLab