def reset_password(payload):
form = ResetPasswordForm()
pageTitle = "reset password"
# disallows password reset link to be reused
unhashed_payload = User.check_password_reset_link(payload)
user_email = unhashed_payload[0]
oldhash = unhashed_payload[1]
if user_email:
user_oldhash = User.get(email=user_email).pwdhash[:10]
if oldhash != user_oldhash:
flash("Token has been used previously. Please try again.")
return redirect(url_for('.forgotPassword'))
if not user_email:
flash("Token incorrect or has expired. Please try again.")
return redirect(url_for('.forgotPassword'))
if request.method == 'POST':
if not form.validate():
return render_template('users/resetPassword.html',
form=form,
pageTitle=pageTitle)
else:
user = User.get(email=user_email)
user.set_password(form.password.data)
user.save()
#email password reset
flash("Password has been reset, please login")
return redirect(url_for('.login'))
elif request.method == 'GET':
return render_template('users/resetPassword.html',
form=form,
pageTitle=pageTitle)
def reset_password():
if current_user.is_authenticated:
return redirect("/")
form = ResetPasswordForm()
if request.method == "POST" and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user:
send_password_reset_email(user)
flash("Check your email for instructions to reset your password")
return redirect("/account/login")
return render_template("reset_password.html", form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = ResetPasswordForm(request.form)
if form.validate():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
