def new_password(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) except SignatureExpired: flash('The link in the email we sent you has expired. Enter your email address to resend.') return redirect(url_for('.forgot_password')) email_address = json.loads(token_data)['email'] user = user_api_client.get_user_by_email(email_address) if user.password_changed_at and datetime.strptime(user.password_changed_at, '%Y-%m-%d %H:%M:%S.%f') > \ datetime.strptime(json.loads(token_data)['created_at'], '%Y-%m-%d %H:%M:%S.%f'): flash('The link in the email has already been used') return redirect(url_for('main.index')) form = NewPasswordForm() if form.validate_on_submit(): user_api_client.reset_failed_login_count(user.id) session['user_details'] = { 'id': user.id, 'email': user.email_address, 'password': form.new_password.data} if user.auth_type == 'email_auth': # they've just clicked an email link, so have done an email auth journey anyway. Just log them in. return log_in_user(user.id) else: # send user a 2fa sms code user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect(url_for('main.two_factor')) else: return render_template('views/new-password.html', token=token, form=form, user=user)
def rotate_password(): def _check_if_new_password_is_same_as_current_password(new_password): return user_api_client.verify_password(session['user_details']['id'], new_password) form = RotatePasswordForm( _check_if_new_password_is_same_as_current_password) if form.validate_on_submit(): session['user_details']['password'] = form.new_password.data return log_in_user(session['user_details']['id']) return render_template( 'views/rotate-password.html', title='Update your password', form=form, )
def new_password(token): try: token_data = check_token( token, current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], current_app.config["EMAIL_EXPIRY_SECONDS"], ) except SignatureExpired: flash(_("The security code in the email we sent you has expired. Enter your email address to re-send.")) return redirect(url_for(".forgot_password")) email_address = json.loads(token_data)["email"] user = User.from_email_address(email_address) if user.password_changed_at and datetime.strptime(user.password_changed_at, "%Y-%m-%d %H:%M:%S.%f") > datetime.strptime( json.loads(token_data)["created_at"], "%Y-%m-%d %H:%M:%S.%f" ): flash(_("The security code in the email has already been used")) return redirect(url_for("main.index")) form = NewPasswordForm() if form.validate_on_submit(): user.reset_failed_login_count() session["user_details"] = { "id": user.id, "email": user.email_address, "password": form.new_password.data, } if user.auth_type == "email_auth": # they've just clicked an email link, so have done an email auth journey anyway. Just log them in. return log_in_user(user.id) else: # send user a 2fa sms code user.send_verify_code() return redirect(url_for("main.two_factor_sms_sent")) else: return render_template("views/new-password.html", token=token, form=form, user=user)
def reverify_email_token(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) except SignatureExpired: flash( 'The link in the email we sent you has expired. We\'ve sent you a new one.' ) return redirect(url_for('main.resend_email_reverification')) token_data = json.loads(token_data) user = user_api_client.get_user(token_data['user_id']) if not user: abort(404) session['user_details'] = { 'email': user.email_address, 'id': user.id, 'set_last_verified_at': True, } return log_in_user(user.id)