def post(self, *args, **kwargs):
token = self.get_argument("token", "")
uuid = self.get_argument("uuid", "")
if self.valid_pass_token(token, uuid):
if self.get_argument("pass1", "") != self.get_argument(
"pass2", ""):
self.render(
"public/reset.html",
errors=None,
info=["Passwords do not match."],
token=token,
uuid=uuid,
)
else:
pass_token = PasswordToken.by_value(token)
user = User.by_id(pass_token.user_id)
user.password = self.get_argument("pass1", "")
pass_token.used = True
self.dbsession.add(pass_token)
self.dbsession.commit()
self.render(
"public/reset.html",
errors=None,
info=["Successfully updated password."],
uuid=uuid,
token=token,
)
def valid_pass_token(self, token, uuid):
pass_token = PasswordToken.by_value(token)
if pass_token:
user = User.by_id(pass_token.user_id)
if (user and user.uuid == uuid and not pass_token.is_expired()
and not pass_token.used):
return True
self.render(
"public/reset.html",
errors=[
"The password reset token does not exist, is invalid or expired."
],
info=None,
token="",
uuid="",
)
return False
def post(self, *args, **kwargs):
token = self.get_argument("token", "")
uuid = self.get_argument("uuid", "")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
self.render(
"public/reset.html",
errors=None,
info=["Passwords do not match."],
token=token,
uuid=uuid,
)
return
pass_token = PasswordToken.by_value(token)
if pass_token:
user = User.by_id(pass_token.user_id)
if (
user
and user.uuid == uuid
and not pass_token.is_expired()
and not pass_token.used
):
user.password = self.get_argument("pass1", "")
pass_token.used = True
self.dbsession.add(pass_token)
self.dbsession.commit()
self.render(
"public/reset.html",
errors=None,
info=["Successfully updated password."],
uuid=uuid,
token=token,
)
return
self.render(
"public/reset.html",
errors=["The user or token does not exist, is invalid or expired."],
info=None,
token=token,
uuid=uuid,
)