def get_password_reset_link(user):
"""
Takes a `user` object and using `get_timed_serializer()` returns a
url-safe, serialized, single-user, payload with a timestamp, which can
then be used to create a link to reset a users password.
"""
user_id = user.get_id()
s = get_timed_serializer()
# disallows password reset link to be reused
oldhash = user.pwdhash[:10]
payload = s.dumps(user_id + oldhash)
return payload
def get_password_reset_link(user):
"""
Takes a `user` object and using `get_timed_serializer()` returns a
url-safe, serialized, single-user, payload with a timestamp, which can
then be used to create a link to reset a users password.
"""
user_id = user.get_id()
s = get_timed_serializer()
# disallows password reset link to be reused
oldhash = user.pwdhash[:10]
payload = s.dumps(user_id+oldhash)
return payload
def check_password_reset_link(payload):
"""
Takes payload and checks if valid. Returns `user_id` and `oldhash` if
valid and False if invalid.
"""
s = get_timed_serializer()
try:
# disallows password reset link to be reused
unhashed_payload = s.loads(payload, max_age=86400)
oldhash = unhashed_payload[len(unhashed_payload) -
10:len(unhashed_payload)]
user_id = unhashed_payload[:-10]
except SignatureExpired or BadSignature:
return False
return (user_id, oldhash)
def check_password_reset_link(payload):
"""
Takes payload and checks if valid. Returns `user_id` and `oldhash` if
valid and False if invalid.
"""
s = get_timed_serializer()
try:
# disallows password reset link to be reused
unhashed_payload = s.loads(payload, max_age=86400)
oldhash = unhashed_payload[
len(unhashed_payload)-10:len(unhashed_payload)]
user_id = unhashed_payload[:-10]
except SignatureExpired or BadSignature:
return False
return (user_id, oldhash)
def confirm_email(self, token):
try:
ts = get_timed_serializer()
email = ts.loads(token, salt="email-confirm-key",
max_age=current_app.config['TOKEN_MAX_AGE'])
except Exception as e: # possiveis exceções: https://pythonhosted.org/itsdangerous/#exceptions
# qualquer exeção invalida a operação de confirmação
abort(404) # melhorar mensagem de erro para o usuário
user = controllers.get_user_by_email(email=email)
if not user:
abort(404, _(u'Usuário não encontrado'))
controllers.set_user_email_confirmed(user)
flash(_(u'Email: %(email)s confirmado com sucesso!', email=user.email))
return redirect(url_for('.index'))
def reset_with_token(self, token):
try:
ts = get_timed_serializer()
email = ts.loads(token, salt="recover-key",
max_age=current_app.config['TOKEN_MAX_AGE'])
except Exception as e:
abort(404)
form = forms.PasswordForm(request.form)
if admin.helpers.validate_form_on_submit(form):
user = controllers.get_user_by_email(email=email)
if not user.email_confirmed:
return self.render('admin/auth/unconfirm_email.html')
controllers.set_user_password(user, form.password.data)
flash(_(u'Nova senha salva com sucesso!!'))
return redirect(url_for('.index'))
self._template_args['form'] = form
self._template_args['token'] = token
return self.render('admin/auth/reset_with_token.html')
