def changePassword(token): form = ChangePasswordForm(request.form) if form.validate(): email = database_helper.getUserEmailByToken(token) if email is not None: if validLogin(email, request.form['oldPassword']): passwordHash = bcrypt.generate_password_hash(request.form['newPassword']) result = database_helper.updateUserPassword(email, passwordHash) if result == True: return json.dumps({'success': True, 'message': 'Password changed.'}), 200 else: return json.dumps({'success': False, 'message': 'Could not update password.'}), 503 else: return json.dumps({'success': False, 'message': 'Wrong password.'}), 400 else: return json.dumps({'success': False, 'message': 'You are not signed in.'}), 405 else: return json.dumps({'success': False, 'message': 'Form data missing or incorrect type.'}), 400
def changePassword(email): """Changes password for a user.""" clientHash = request.headers.get('Hash-Hmac') utcTimestamp = request.headers.get('Hash-Timestamp') data = ['email=' + email, '&oldPassword='******'oldPassword'], '&newPassword='******'newPassword']] if validHMACHash(clientHash, data, email, utcTimestamp): form = ChangePasswordForm(request.form) if form.validate(): if validLogin(email, request.form['oldPassword']): passwordHash = bcrypt.generate_password_hash(request.form['newPassword']) result = database_helper.updateUserPassword(email, passwordHash) if result == True: return json.dumps({'success': True, 'message': 'Password changed.'}), 200 else: return json.dumps({'success': False, 'message': 'Could not update password.'}), 503 else: return json.dumps({'success': False, 'message': 'Wrong password.'}), 400 else: return json.dumps({'success': False, 'message': 'Form data missing or incorrect type.'}), 405 else: return json.dumps({'success': False, 'message': 'Invalid hash.'}), 405