def reset_password(self):
if self.request.settings.archive_mode:
self.request.session.flash(("Password reset impossible in "
"archive mode."), 'error')
return HTTPFound(location=self.request.route_url('home'))
form = ResetPasswordForm(self.request.POST, csrf_context=self.request)
redirect = HTTPFound(location=self.request.route_url('login'))
token = self.request.matchdict["token"]
retparams = {'form': form, 'token': token}
team = check_password_reset_token(token)
if not team:
self.request.session.flash("Reset failed.", 'error')
raise redirect
if self.request.method == 'POST':
if not form.validate():
return retparams
team.reset_token = None
team.password = form.password.data
self.request.session.flash("Your password has been reset.")
return redirect
return retparams
def test_check_password_reset_token_invalid(self):
team = check_password_reset_token("A" * 64)
assert team is None
def test_check_password_reset_token(self):
t = self.make_team()
t.reset_token = random_token()
self.dbsession.add(t)
team = check_password_reset_token(t.reset_token)
assert team == t
