Ejemplo n.º 1
0
def reset_password():
    form = ResetPasswordForm(request.form)

    reset_password_code_str = request.args.get("code")

    reset_password_code: ResetPasswordCode = ResetPasswordCode.get_by(
        code=reset_password_code_str)

    if not reset_password_code:
        # Trigger rate limiter
        g.deduct_limit = True
        error = ("The reset password link can be used only once. "
                 "Please request a new link to reset password.")
        return render_template("auth/reset_password.html",
                               form=form,
                               error=error)

    if reset_password_code.is_expired():
        error = "The link has been already expired. Please make a new request of the reset password link"
        return render_template("auth/reset_password.html",
                               form=form,
                               error=error)

    if form.validate_on_submit():
        user = reset_password_code.user
        new_password = form.password.data

        # avoid user reusing the old password
        if user.check_password(new_password):
            error = "You cannot reuse the same password"
            return render_template("auth/reset_password.html",
                                   form=form,
                                   error=error)

        user.set_password(new_password)

        flash("Your new password has been set", "success")

        # this can be served to activate user too
        user.activated = True

        # remove the reset password code
        ResetPasswordCode.delete(reset_password_code.id)

        # change the alternative_id to log user out on other browsers
        user.alternative_id = str(uuid.uuid4())

        Session.commit()

        # do not use login_user(user) here
        # to make sure user needs to go through MFA if enabled
        return after_login(user, url_for("dashboard.index"))

    return render_template("auth/reset_password.html", form=form)
Ejemplo n.º 2
0
def reset_password():
    form = ResetPasswordForm(request.form)

    reset_password_code_str = request.args.get("code")

    reset_password_code: ResetPasswordCode = ResetPasswordCode.get_by(
        code=reset_password_code_str)

    if not reset_password_code:
        # Trigger rate limiter
        g.deduct_limit = True
        error = ("The reset password link can be used only once. "
                 "Please request a new link to reset password.")
        return render_template("auth/reset_password.html",
                               form=form,
                               error=error)

    if reset_password_code.is_expired():
        error = "The link has been already expired. Please make a new request of the reset password link"
        return render_template("auth/reset_password.html",
                               form=form,
                               error=error)

    if form.validate_on_submit():
        user = reset_password_code.user

        user.set_password(form.password.data)

        flash("Your new password has been set", "success")

        # this can be served to activate user too
        user.activated = True

        # remove the reset password code
        ResetPasswordCode.delete(reset_password_code.id)

        db.session.commit()
        login_user(user)

        return redirect(url_for("dashboard.index"))

    return render_template("auth/reset_password.html", form=form)
Ejemplo n.º 3
0
def send_reset_password_email(user):
    """
    generate a new ResetPasswordCode and send it over email to user
    """
    # the activation code is valid for 1h
    reset_password_code = ResetPasswordCode.create(user_id=user.id,
                                                   code=random_string(60))
    db.session.commit()

    reset_password_link = f"{URL}/auth/reset_password?code={reset_password_code.code}"

    email_utils.send_reset_password_email(user.email, reset_password_link)
Ejemplo n.º 4
0
def send_reset_password_email(user):
    """
    generate a new ResetPasswordCode and send it over email to user
    """
    # the activation code is valid for 1h
    reset_password_code = ResetPasswordCode.create(user_id=user.id,
                                                   code=random_string(60))
    db.session.commit()

    reset_password_link = f"{URL}/auth/reset_password?code={reset_password_code.code}"

    email_utils.send_reset_password_email(user.email, user.name,
                                          reset_password_link)

    flash(
        "You are going to receive an email containing instruction to change your password",
        "success",
    )