def reset(token): try: email = ts.loads(token, salt='password-reset-key', max_age=86400) # The token can either expire or be invalid except: abort(404) form = user_forms.Reset() if form.validate_on_submit(): user = models.User.query.filter_by(email=email).first() # Check the user exists if user is not None: # Connect to the LDAP server with the c = Connection(s, user=app.config['LDAP_SERVICE_USERNAME'], password=app.config['LDAP_SERVICE_PASSWORD']) # Open up the connection between the client and server c.open() # Raise the security level and start TLS c.start_tls() # Bind the user to the server now that the connection is secure c.bind() user_ldap_dn = 'cn=' + user.email.split( '@', 1)[0] + ',ou=Users,dc=ldap,dc=com' # Modify the user password and the LDAP user password user.password = form.password.data c.modify( user_ldap_dn, {'userPassword': [(MODIFY_REPLACE, [form.password.data])]}) # Modify the LDAP user profile with the new password c.unbind() # Update the database with the user db.session.commit() logger.info('User password reset successfully', user=user.get_id()) # Send to the signin page flash('Your password has been reset, you can sign in.', 'positive') return redirect(url_for('userbp.signin')) else: flash('Unknown email address.', 'negative') return redirect(url_for('userbp.forgot')) return render_template('user/reset.html', form=form, token=token)
def reset(token): try: email = ts.loads(token, salt='password-reset-key', max_age=86400) # The token can either expire or be invalid except: abort(404) form = user_forms.Reset() if form.validate_on_submit(): user = models.User.query.filter_by(email=email).first() # Check the user exists if user is not None: user.password = form.password.data # Update the database with the user db.session.commit() # Send to the signin page flash('Your password has been reset, you can sign in.', 'positive') return redirect(url_for('userbp.signin')) else: flash('Unknown email address.', 'negative') return redirect(url_for('userbp.forgot')) return render_template('user/reset.html', form=form, token=token)