def edit_password(self, token):
"""Show form and reset password.
:param str: Password reset token
"""
form = EditPasswordForm()
if form.validate_on_submit():
user = self.find_user_by_token(form.reset_password_token.data)
if user:
# save new password
user.set_password(form.password.data)
# clear token
user.reset_password_token = None
if user.last_sign_in_at is None:
# set last sign in timestamp after required password change
# to mark as password changed
user.last_sign_in_at = datetime.utcnow()
self.user_query().session.commit()
flash("Your password was changed successfully.")
return redirect(url_for('login'))
else:
# invalid reset token
flash("Reset password token is invalid")
return render_template('edit_password.html',
title='Change your password',
form=form)
if token:
# set hidden field
form.reset_password_token.data = token
return render_template('edit_password.html',
title='Change your password',
form=form)
def edit_password(username):
if current_user.username != username:
flash('Access unathorized', 'danger')
return redirect(url_for('index'))
user = current_user
form = EditPasswordForm(obj=user)
if form.validate_on_submit():
user = User.authenticate(user.username, form.current_password.data)
if user:
# Hash new password before updating user.password
hashed_pwd = bcrypt.generate_password_hash(form.new_password.data).decode('UTF-8')
user.password = hashed_pwd
db.session.commit()
flash('Password updated!', 'success')
return redirect(url_for('user_bp.edit_profile', username=user.username))
flash('Incorrect password.', 'danger')
return render_template('password.html',
form=form,
btnText='Submit',
cancel='user_bp.edit_profile',
color="#FFF199"
)
def edit_user_password(user_id):
"""Show & Handle Form to change user password"""
if "id" not in session or user_id != session['id']:
flash('Please login to view.')
return redirect('/login')
form = EditPasswordForm()
user = User.query.get_or_404(user_id)
username = user.username
if request.method == 'POST':
if form.validate_on_submit():
username = username
password = form.new_password.data
user = User.authenticate_new_password(username, password)
db.session.add(user)
db.session.commit()
flash('Password has been updated!', 'success')
return redirect(f"/users/{user.id}/profile")
else:
return render_template('users/edit_password.html', form=form, user=user)
return render_template('users/edit_password.html', form=form, user=user)
def password():
user = User.query.filter_by(id=current_user.id).first()
form = EditPasswordForm()
if form.validate_on_submit():
if user is not None and user.valid_password(form.old_password.data):
user.password = make_hash(form.password.data)
db_session.add(user)
db_session.commit()
flash('Passwort erfolgreich aktualisiert!')
return redirect(url_for('logged_in'))
else:
flash('Passwort nicht aktualisiert! Aktuelles Passwort nicht korrekt!')
return render_template('password.jinja', form=form)
def edit_password(username):
form = EditPasswordForm()
if form.validate_on_submit():
current_password = form.current_password.data
new_password = form.new_password.data
confirm = form.confirm.data
user = User.authenticate(g.user.username, current_password)
if user:
user.update_password(new_password)
return redirect(url_for('show_user', username=username))
else:
form.current_password.errors.append('Invalid password')
return render_template('form.html', form=form)
def change_password():
"""Update profile for current user."""
form = EditPasswordForm(obj=g.user)
if form.validate_on_submit():
user = User.change_password(g.user.username, form.old_password.data,
form.new_password.data, form.confirm.data)
if not user:
flash('Incorrect Password', 'danger')
return redirect(url_for('homepage'))
try:
db.session.commit()
flash('Password successfully changed', 'success')
return redirect(url_for('users_show', user_id=g.user.id))
except (InvalidRequestError, IntegrityError):
db.session.rollback()
flash("Something went wrong. Session rolled back.", 'danger')
return render_template('users/password.html', form=form, user_id=g.user.id)
def update_password():
form = EditPasswordForm(obj=g.user)
if form.validate_on_submit():
user = User.change_password(g.user.username,
form.old_password.data,
form.new_password.data,
form.confirm.data)
if not user:
flash('Incorrect Password', 'danger')
return redirect('/')
try:
db.session.commit()
flash('Password successfully changed', 'success')
return redirect("/")
except (InvalidRequestError, IntegrityError):
db.session.rollback()
flash("Something went wrong. Session rolled back.", 'danger')
return render_template('update-password-form.html', form=form, user_id=g.user.id)
