def new_password(token):
try:
token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
except SignatureExpired:
flash('The link in the email we sent you has expired. Enter your email address to resend.')
return redirect(url_for('.forgot_password'))
email_address = json.loads(token_data)['email']
user = user_api_client.get_user_by_email(email_address)
if user.password_changed_at and datetime.strptime(user.password_changed_at, '%Y-%m-%d %H:%M:%S.%f') > \
datetime.strptime(json.loads(token_data)['created_at'], '%Y-%m-%d %H:%M:%S.%f'):
flash('The link in the email has already been used')
return redirect(url_for('main.index'))
form = NewPasswordForm()
if form.validate_on_submit():
user_api_client.reset_failed_login_count(user.id)
session['user_details'] = {
'id': user.id,
'email': user.email_address,
'password': form.new_password.data}
if user.auth_type == 'email_auth':
# they've just clicked an email link, so have done an email auth journey anyway. Just log them in.
return log_in_user(user.id)
else:
# send user a 2fa sms code
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
return redirect(url_for('main.two_factor'))
else:
return render_template('views/new-password.html', token=token, form=form, user=user)
def rotate_password():
def _check_if_new_password_is_same_as_current_password(new_password):
return user_api_client.verify_password(session['user_details']['id'],
new_password)
form = RotatePasswordForm(
_check_if_new_password_is_same_as_current_password)
if form.validate_on_submit():
session['user_details']['password'] = form.new_password.data
return log_in_user(session['user_details']['id'])
return render_template(
'views/rotate-password.html',
title='Update your password',
form=form,
)
def new_password(token):
try:
token_data = check_token(
token,
current_app.config["SECRET_KEY"],
current_app.config["DANGEROUS_SALT"],
current_app.config["EMAIL_EXPIRY_SECONDS"],
)
except SignatureExpired:
flash(_("The security code in the email we sent you has expired. Enter your email address to re-send."))
return redirect(url_for(".forgot_password"))
email_address = json.loads(token_data)["email"]
user = User.from_email_address(email_address)
if user.password_changed_at and datetime.strptime(user.password_changed_at, "%Y-%m-%d %H:%M:%S.%f") > datetime.strptime(
json.loads(token_data)["created_at"], "%Y-%m-%d %H:%M:%S.%f"
):
flash(_("The security code in the email has already been used"))
return redirect(url_for("main.index"))
form = NewPasswordForm()
if form.validate_on_submit():
user.reset_failed_login_count()
session["user_details"] = {
"id": user.id,
"email": user.email_address,
"password": form.new_password.data,
}
if user.auth_type == "email_auth":
# they've just clicked an email link, so have done an email auth journey anyway. Just log them in.
return log_in_user(user.id)
else:
# send user a 2fa sms code
user.send_verify_code()
return redirect(url_for("main.two_factor_sms_sent"))
else:
return render_template("views/new-password.html", token=token, form=form, user=user)
def reverify_email_token(token):
try:
token_data = check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
except SignatureExpired:
flash(
'The link in the email we sent you has expired. We\'ve sent you a new one.'
)
return redirect(url_for('main.resend_email_reverification'))
token_data = json.loads(token_data)
user = user_api_client.get_user(token_data['user_id'])
if not user:
abort(404)
session['user_details'] = {
'email': user.email_address,
'id': user.id,
'set_last_verified_at': True,
}
return log_in_user(user.id)