def reset_password(payload): form = ResetPasswordForm() pageTitle = "reset password" # disallows password reset link to be reused unhashed_payload = User.check_password_reset_link(payload) user_email = unhashed_payload[0] oldhash = unhashed_payload[1] if user_email: user_oldhash = User.get(email=user_email).pwdhash[:10] if oldhash != user_oldhash: flash("Token has been used previously. Please try again.") return redirect(url_for('.forgotPassword')) if not user_email: flash("Token incorrect or has expired. Please try again.") return redirect(url_for('.forgotPassword')) if request.method == 'POST': if not form.validate(): return render_template('users/resetPassword.html', form=form, pageTitle=pageTitle) else: user = User.get(email=user_email) user.set_password(form.password.data) user.save() #email password reset flash("Password has been reset, please login") return redirect(url_for('.login')) elif request.method == 'GET': return render_template('users/resetPassword.html', form=form, pageTitle=pageTitle)
def reset_password(): if current_user.is_authenticated: return redirect("/") form = ResetPasswordForm() if request.method == "POST" and form.validate(): user = User.query.filter_by(email=form.email.data).first() if user: send_password_reset_email(user) flash("Check your email for instructions to reset your password") return redirect("/account/login") return render_template("reset_password.html", form=form)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('index')) user = User.verify_reset_password_token(token) if not user: return redirect(url_for('index')) form = ResetPasswordForm(request.form) if form.validate(): user.set_password(form.password.data) db.session.commit() flash('Your password has been reset') return redirect(url_for('login')) return render_template('reset_password.html', form=form)