def edit_password(self, token): """Show form and reset password. :param str: Password reset token """ form = EditPasswordForm() if form.validate_on_submit(): user = self.find_user_by_token(form.reset_password_token.data) if user: # save new password user.set_password(form.password.data) # clear token user.reset_password_token = None if user.last_sign_in_at is None: # set last sign in timestamp after required password change # to mark as password changed user.last_sign_in_at = datetime.utcnow() self.user_query().session.commit() flash("Your password was changed successfully.") return redirect(url_for('login')) else: # invalid reset token flash("Reset password token is invalid") return render_template('edit_password.html', title='Change your password', form=form) if token: # set hidden field form.reset_password_token.data = token return render_template('edit_password.html', title='Change your password', form=form)
def edit_password(username): if current_user.username != username: flash('Access unathorized', 'danger') return redirect(url_for('index')) user = current_user form = EditPasswordForm(obj=user) if form.validate_on_submit(): user = User.authenticate(user.username, form.current_password.data) if user: # Hash new password before updating user.password hashed_pwd = bcrypt.generate_password_hash(form.new_password.data).decode('UTF-8') user.password = hashed_pwd db.session.commit() flash('Password updated!', 'success') return redirect(url_for('user_bp.edit_profile', username=user.username)) flash('Incorrect password.', 'danger') return render_template('password.html', form=form, btnText='Submit', cancel='user_bp.edit_profile', color="#FFF199" )
def edit_user_password(user_id): """Show & Handle Form to change user password""" if "id" not in session or user_id != session['id']: flash('Please login to view.') return redirect('/login') form = EditPasswordForm() user = User.query.get_or_404(user_id) username = user.username if request.method == 'POST': if form.validate_on_submit(): username = username password = form.new_password.data user = User.authenticate_new_password(username, password) db.session.add(user) db.session.commit() flash('Password has been updated!', 'success') return redirect(f"/users/{user.id}/profile") else: return render_template('users/edit_password.html', form=form, user=user) return render_template('users/edit_password.html', form=form, user=user)
def password(): user = User.query.filter_by(id=current_user.id).first() form = EditPasswordForm() if form.validate_on_submit(): if user is not None and user.valid_password(form.old_password.data): user.password = make_hash(form.password.data) db_session.add(user) db_session.commit() flash('Passwort erfolgreich aktualisiert!') return redirect(url_for('logged_in')) else: flash('Passwort nicht aktualisiert! Aktuelles Passwort nicht korrekt!') return render_template('password.jinja', form=form)
def edit_password(username): form = EditPasswordForm() if form.validate_on_submit(): current_password = form.current_password.data new_password = form.new_password.data confirm = form.confirm.data user = User.authenticate(g.user.username, current_password) if user: user.update_password(new_password) return redirect(url_for('show_user', username=username)) else: form.current_password.errors.append('Invalid password') return render_template('form.html', form=form)
def change_password(): """Update profile for current user.""" form = EditPasswordForm(obj=g.user) if form.validate_on_submit(): user = User.change_password(g.user.username, form.old_password.data, form.new_password.data, form.confirm.data) if not user: flash('Incorrect Password', 'danger') return redirect(url_for('homepage')) try: db.session.commit() flash('Password successfully changed', 'success') return redirect(url_for('users_show', user_id=g.user.id)) except (InvalidRequestError, IntegrityError): db.session.rollback() flash("Something went wrong. Session rolled back.", 'danger') return render_template('users/password.html', form=form, user_id=g.user.id)
def update_password(): form = EditPasswordForm(obj=g.user) if form.validate_on_submit(): user = User.change_password(g.user.username, form.old_password.data, form.new_password.data, form.confirm.data) if not user: flash('Incorrect Password', 'danger') return redirect('/') try: db.session.commit() flash('Password successfully changed', 'success') return redirect("/") except (InvalidRequestError, IntegrityError): db.session.rollback() flash("Something went wrong. Session rolled back.", 'danger') return render_template('update-password-form.html', form=form, user_id=g.user.id)