def reset_email(userid, secret):
logout_internal()
user = User.query.filter_by(userid=userid).first()
if not user:
abort(404)
resetreq = PasswordResetRequest.query.filter_by(user=user, reset_code=secret).first()
if not resetreq:
return render_message(title="Invalid reset link",
message=Markup("The reset link you clicked on is invalid."))
if resetreq.created_at < datetime.utcnow() - timedelta(days=1):
# Reset code has expired (> 24 hours). Delete it
db.session.delete(resetreq)
db.session.commit()
return render_message(title="Expired reset link",
message=Markup("The reset link you clicked on has expired."))
# Reset code is valid. Now ask user to choose a new password
form = PasswordResetForm()
if form.validate_on_submit():
user.password = form.password.data
db.session.delete(resetreq)
db.session.commit()
return render_message(title="Password reset complete", message=Markup(
'Your password has been reset. You may now <a href="%s">login</a> with your new password.' % escape(url_for('login'))))
return render_form(form=form, title="Reset password", formid='reset', submit="Reset password",
message=Markup('Hello, <strong>%s</strong>. You may now choose a new password.' % user.fullname),
ajax=True)
def change_password():
if g.user.pw_hash is None:
form = PasswordResetForm()
else:
form = PasswordChangeForm()
if form.validate_on_submit():
g.user.password = form.password.data
db.session.commit()
flash("Your new password has been saved.", category="info")
return render_redirect(url_for("profile"), code=303)
return render_form(form=form, title="Change password", formid="changepassword", submit="Change password", ajax=True)
def change_password():
if g.user.pw_hash is None:
form = PasswordResetForm()
else:
form = PasswordChangeForm()
if form.validate_on_submit():
g.user.password = form.password.data
db.session.commit()
flash("Your new password has been saved.", category='success')
return render_redirect(url_for('profile'), code=303)
return render_form(form=form,
title="Change password",
formid="changepassword",
submit="Change password",
ajax=True)
def reset_email(user, kwargs):
logout_internal()
resetreq = PasswordResetRequest.query.filter_by(
user=user, reset_code=kwargs['secret']).first()
if not resetreq:
return render_message(
title="Invalid reset link",
message=Markup("The reset link you clicked on is invalid."))
if resetreq.created_at < datetime.utcnow() - timedelta(days=1):
# Reset code has expired (> 24 hours). Delete it
db.session.delete(resetreq)
db.session.commit()
return render_message(
title="Expired reset link",
message=Markup("The reset link you clicked on has expired."))
# Reset code is valid. Now ask user to choose a new password
form = PasswordResetForm()
if form.validate_on_submit():
user.password = form.password.data
db.session.delete(resetreq)
db.session.commit()
return render_message(
title="Password reset complete",
message=Markup(
'Your password has been reset. You may now <a href="%s">login</a> with your new password.'
% escape(url_for('login'))))
return render_form(
form=form,
title="Reset password",
formid='reset',
submit="Reset password",
message=Markup(
'Hello, <strong>%s</strong>. You may now choose a new password.' %
user.fullname),
ajax=True)
