def reset_password(token):
"""
Description
-----------
This function takes a token and returns the specific password
reset page for a particular user if they have forgotten or
lost their password.
Params
------
:token: str
The string representation of a JSON web token.
Return
------
Returns a rendered Jinja2 HTML template served
over the flask application under the
`/reset_password/<token>' path
"""
reroute = redirect(url_for('index'))
if current_user.is_authenticated:
return reroute
user = User.verify_password_reset_token(token)
if not user:
return reroute
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
user.last_modified_at = time()
db.session.commit()
flash('Your password has been successfully reset.')
return redirect(url_for('login'))
return render_template(
'reset_password.html',
form=form,
header='Pick a new password since you forgot the other one.',
footer='We all forget sometimes.')
def reset_password():
form = PasswordResetForm()
if form.validate_on_submit():
# reset password logic
flash(f'Password reset successful!', 'success')
return redirect(url_for('login'))
return render_template('web/auth/reset_password.html',
title='Reset Password',
form=form)
def password_reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home'))
user = User.verify_password_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('password_reset'))
form = PasswordResetForm()
if request.method == 'POST' and form.validate_on_submit():
pass
return render_template('password_reset_token.html', form=form)
def reset_password(token):
form = PasswordResetForm()
if form.validate_on_submit():
user = User.load_user_from_token(token)
if user is not None:
user.password = form.password.data
user.save()
flash('Your password has been updated.')
else:
flash('Failed to update your password: token expired or was incorrect, or account was deleted')
return redirect(url_for('main.index'))
return render_template('reset_password.html', form=form)
def reset_password(token=None):
# the user is trying to update the password and
# has submitted the passwords
s = Serializer(app.config['SECRET_KEY'])
# check if the token is a valid one and return a useful message
try:
data = s.loads(token)
except SignatureExpired:
# valid token, but expired
response = jsonify(
{
"error":
"Your link expired, request another and use that!"
})
response.status_code = 401
return response
except BadSignature:
# invalid token
response = jsonify({"error": "Nice try.."})
response.status_code = 401
return response
# if were here, we've fount that the token is valid
form = PasswordResetForm()
email = data['email']
# the passwords have been properly filled in the form
if form.validate_on_submit():
# ensure the user from the token exists
user = User.query.filter_by(email=email).first()
# user exists and we can update their password
user.password = user.hash_password(form.password.data)
db.session.commit()
# send a success message back
response = jsonify(
{
"success":
"Your password has been successfully reset,"
" you can use it to log in now"
})
response.status_code = 200
return response
# the form wasnt properly submitted, return error messages
else:
response = jsonify({"error": form.errors})
response.status_code = 422
return response
def password_reset(token):
form = PasswordResetForm()
if form.validate_on_submit():
email = ts.loads(token, salt='password-reset-key', max_age=86400)
user = User.query.filter_by(email=email).first_or_404()
user.set_password(form.new_password.data)
try:
database.session.commit()
except Exception as error:
return 'error: {}'.format(error)
flash('Hasło zostało zmienione.')
return redirect(url_for('index'))
return render_template('password_reset.html', form=form)
def password_reset(token):
if not current_user.is_anonymous:
return redirect(url_for('index'))
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return redirect(url_for('index'))
if user.reset_password(token, form.password.data):
flash(u'您的密码已被更新')
return redirect(url_for('login'))
else:
return redirect(url_for('index'))
return render_template('reset_password0.html', form=form)
def password_reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('home'))
user = User.verify_password_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('password_reset'))
form = PasswordResetForm()
if request.method == 'POST' and form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password was set. Try to lgin.', 'success')
return redirect(url_for('login'))
return render_template('password_reset_token.html', form=form)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('profile'))
user = User.verify_reset_token(token)
if user is None:
flash('The link you followed is invalid or expired.', 'warning')
return redirect(url_for('login'))
form = PasswordResetForm()
if form.validate_on_submit():
hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_pw
db.session.commit()
flash('You have successfully changed your password. You may log in using your new password.', 'success')
return redirect(url_for('login'))
return render_template('setnewpassword.html', form=form)
def password_reset(token):
"""Render the password reset page."""
if current_user.is_authenticated:
return redirect(url_for('dashboard'))
user = Users.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('password reset successful.')
return redirect(url_for('login'))
return render_template('password_reset.html',
title='Password Reset',
form=form)
def reset_token(token):
ts = URLSafeTimedSerializer(app.config.get('SECRET_KEY'))
email = ts.loads(token, salt="recover-pw", max_age=86400)
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
user.set_pwd(form.password.data)
db.session.commit()
app.logger.info('Password reset completed for User ID {} at {}'.format(
current_user.id, datetime.now()))
return redirect(url_for('main_panel.login'))
return render_template('reset_token.html',
form=form,
token=token,
email=email)
def reset_password():
msg = None
if current_user.is_authenticated:
return redirect(url_for('/'))
form = PasswordResetForm()
loginForm = LoginForm()
if form.validate_on_submit():
user = User.verify_reset_token(request.form.get('token'))
if user:
password = request.form.get('password')
user.password = bc.generate_password_hash(password)
db.session.commit()
msg = "Password changed. Now you can login."
else:
msg = "Sorry Invalid token."
return render_template('layouts/auth-default.html',
content=render_template('pages/login.html',
form=loginForm,
msg=msg))
def reset_password(token):
if current_user.is_authenticated:
return render_template('main.dashboard')
try:
user = User.verify_reset_password_token(token)
if user is None:
flash('The confirmation link is invalid or has expired.', 'danger')
return render_template('main/404.html'), 404
except:
flash('The confirmation link is invalid or has expired.', 'danger')
if not user:
flash('The confirmation link is invalid or has expired.', 'danger')
form = PasswordResetForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset', 'success')
return redirect(url_for('main.login'))
return render_template('main/reset_password.html', form=form)
def passwordReset():
form = PasswordResetForm()
if form.validate_on_submit():
key = random.randrange(1, 100000000)
user = User.query.filter_by(email=form.email.data).first()
user.key = key
db.session.add(user)
db.session.commit()
print('USER ---key is ', user.key, ' ------- ', user.username)
msg = Message("Password Reset Link !",
sender="*****@*****.**",
recipients=[user.email],
html=render_template('verify.html',
email=user.email,
username=user.username,
key=key))
mail.send(msg)
return "Message sent!"
return render_template('password.html', form=form)
def password_reset_page():
"""Handle password reset
"""
if not 'email' in request.form or not request.form['email']:
return redirect(url_for('login_page'))
form = PasswordResetForm()
if 'password_submit' in request.form and form.validate_on_submit():
next_page = request.args.get('next')
user = User.query.filter_by(email=request.form['email']).first()
if user is None:
return redirect(url_for('login_page'))
user.set_password(request.form['password'])
user.force_password_reset = False
db.session.commit()
logout_user()
flash('Password reset successfully.')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index_page')
return redirect(next_page)
return render_template('password.html', title='Reset Password', form=form)
def reset_password(reset_token):
try:
email = decode_token(reset_token)
except SignatureExpired:
return "This token has expired."
except BadSignature:
return "Invalid token."
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter(User.email == email).one()
if email != form.email.data:
flash('Email not valid', 'danger')
else:
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash('Your password has been reset. Log in!', 'success')
return redirect(url_for('user.login'))
return render_template('user/reset_password.html',
form=form,
reset_token=reset_token)
