Beispiel #1
0
def reset_password(db):
    try:
        email = request.forms.email.strip()
        token = request.forms.token.strip()

        if not email or not token:
            return HTTPError(400, 'Bad request')

        user = db.query(model.User).filter_by(email=email).first()

        if user:
            # validate hmac token
            json_payload = json.dumps(gen_pw_reset_payload(user))
            new_token = hmac.new(config.site_secret, json_payload).hexdigest()

            if token != new_token:
                return HTTPError(401, 'Unauthorized')

            # change password
            user.password = request.forms.password.strip()

            # pw reset can also be used in activating the account
            user.verified = True
        else:
            return HTTPError(401, 'Unauthorized')
    except AssertionError:
        return HTTPError(400, 'Bad request')
Beispiel #2
0
def reset_password(db):
    try:
        email = request.forms.email.strip()
        token = request.forms.token.strip()

        if not email or not token:
            return HTTPError(400, 'Bad request')

        user = db.query(model.User).filter_by(email=email).first()

        if user:
            # validate hmac token
            json_payload = json.dumps(gen_pw_reset_payload(user))
            new_token = hmac.new(config.site_secret, json_payload).hexdigest()

            if token != new_token:
                return HTTPError(401, 'Unauthorized')

            # change password
            user.password = request.forms.password.strip()

            # pw reset can also be used in activating the account
            user.verified = True
        else:
            return HTTPError(401, 'Unauthorized')
    except AssertionError:
        return HTTPError(400, 'Bad request')
Beispiel #3
0
def send_reset_email(db):
    email = request.forms.email.strip()

    if not email:
        return HTTPError(400, 'Bad request')

    user = db.query(model.User).filter_by(email=email).first()

    if user:
        json_payload = json.dumps(gen_pw_reset_payload(user))

        token = hmac.new(config.site_secret, json_payload).hexdigest()

        subject = config.pw_reset_email_subject
        body = template('mail_pw_reset',
                        email=user.email,
                        site_name=config.site_name,
                        site_url=config.site_url,
                        token=token)

        send_email(email, subject, body)
Beispiel #4
0
def send_reset_email(db):
    email = request.forms.email.strip()

    if not email:
        return HTTPError(400, 'Bad request')

    user = db.query(model.User).filter_by(email=email).first()

    if user:
        json_payload = json.dumps(gen_pw_reset_payload(user))

        token = hmac.new(config.site_secret, json_payload).hexdigest()

        subject = config.pw_reset_email_subject
        body = template(
            'mail_pw_reset',
            email=user.email,
            site_name=config.site_name,
            site_url=config.site_url,
            token=token
        )

        send_email(email, subject, body)