def reset_password(self): if self.request.settings.archive_mode: self.request.session.flash(("Password reset impossible in " "archive mode."), 'error') return HTTPFound(location=self.request.route_url('home')) form = ResetPasswordForm(self.request.POST, csrf_context=self.request) redirect = HTTPFound(location=self.request.route_url('login')) token = self.request.matchdict["token"] retparams = {'form': form, 'token': token} team = check_password_reset_token(token) if not team: self.request.session.flash("Reset failed.", 'error') raise redirect if self.request.method == 'POST': if not form.validate(): return retparams team.reset_token = None team.password = form.password.data self.request.session.flash("Your password has been reset.") return redirect return retparams
def test_check_password_reset_token_invalid(self): team = check_password_reset_token("A" * 64) assert team is None
def test_check_password_reset_token(self): t = self.make_team() t.reset_token = random_token() self.dbsession.add(t) team = check_password_reset_token(t.reset_token) assert team == t