def get_password_reset_link(user): """ Takes a `user` object and using `get_timed_serializer()` returns a url-safe, serialized, single-user, payload with a timestamp, which can then be used to create a link to reset a users password. """ user_id = user.get_id() s = get_timed_serializer() # disallows password reset link to be reused oldhash = user.pwdhash[:10] payload = s.dumps(user_id + oldhash) return payload
def get_password_reset_link(user): """ Takes a `user` object and using `get_timed_serializer()` returns a url-safe, serialized, single-user, payload with a timestamp, which can then be used to create a link to reset a users password. """ user_id = user.get_id() s = get_timed_serializer() # disallows password reset link to be reused oldhash = user.pwdhash[:10] payload = s.dumps(user_id+oldhash) return payload
def check_password_reset_link(payload): """ Takes payload and checks if valid. Returns `user_id` and `oldhash` if valid and False if invalid. """ s = get_timed_serializer() try: # disallows password reset link to be reused unhashed_payload = s.loads(payload, max_age=86400) oldhash = unhashed_payload[len(unhashed_payload) - 10:len(unhashed_payload)] user_id = unhashed_payload[:-10] except SignatureExpired or BadSignature: return False return (user_id, oldhash)
def check_password_reset_link(payload): """ Takes payload and checks if valid. Returns `user_id` and `oldhash` if valid and False if invalid. """ s = get_timed_serializer() try: # disallows password reset link to be reused unhashed_payload = s.loads(payload, max_age=86400) oldhash = unhashed_payload[ len(unhashed_payload)-10:len(unhashed_payload)] user_id = unhashed_payload[:-10] except SignatureExpired or BadSignature: return False return (user_id, oldhash)
def confirm_email(self, token): try: ts = get_timed_serializer() email = ts.loads(token, salt="email-confirm-key", max_age=current_app.config['TOKEN_MAX_AGE']) except Exception as e: # possiveis exceções: https://pythonhosted.org/itsdangerous/#exceptions # qualquer exeção invalida a operação de confirmação abort(404) # melhorar mensagem de erro para o usuário user = controllers.get_user_by_email(email=email) if not user: abort(404, _(u'Usuário não encontrado')) controllers.set_user_email_confirmed(user) flash(_(u'Email: %(email)s confirmado com sucesso!', email=user.email)) return redirect(url_for('.index'))
def reset_with_token(self, token): try: ts = get_timed_serializer() email = ts.loads(token, salt="recover-key", max_age=current_app.config['TOKEN_MAX_AGE']) except Exception as e: abort(404) form = forms.PasswordForm(request.form) if admin.helpers.validate_form_on_submit(form): user = controllers.get_user_by_email(email=email) if not user.email_confirmed: return self.render('admin/auth/unconfirm_email.html') controllers.set_user_password(user, form.password.data) flash(_(u'Nova senha salva com sucesso!!')) return redirect(url_for('.index')) self._template_args['form'] = form self._template_args['token'] = token return self.render('admin/auth/reset_with_token.html')