def GET(self, uid, token):
# artificial delay (to slow down brute force attacks)
sleep(0.5)
try:
user = auth.get_user(user_id=uid, with_password=True)
if not user or not check_token(user, token,
auth.config.reset_expire_after):
raise AuthError
return render.auth.reset_change(passwordChangeForm)
except AuthError:
flash.set(_(reset_text))
raise web.seeother("/")
def POST(self, uid, token):
# artificial delay (to slow down brute force attacks)
sleep(0.5)
form = passwordChangeForm(web.input())
if form.valid:
try:
user = auth.get_user(user_id=uid, with_password=True)
if not user or not check_token(user, token,
auth.config.reset_expire_after):
raise AuthError
auth.set_password(user.email, form.d.password)
auth.login(user)
flash.set(_(changed_text))
except AuthError:
flash.set(_(reset_text))
raise web.seeother("/")
else:
return render.auth.reset_change(form)
