def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash('Your password has been updated! You are now able to log in', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html', title='Reset Password', form=form)
def test_reset_password(test_client, init_db):
user = User.query.filter_by(username="******").first()
token = user.get_reset_token()
user = User.verify_reset_token(token)
password = "******"
response = test_client.post(f"/reset_password/{token}",
data=dict(
password=password,
confirm_password=password,
),
follow_redirects=True)
hashed_password = user.password
is_match = bcrypt.check_password_hash(hashed_password, password)
assert response.status_code == 200
assert is_match == True
assert b"Email" in response.data
assert b"Your password has been updated" in response.data
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.project', user=current_user.username))
user = User.verify_reset_token(token)
if not user:
flash('That is an invalid or expired token', 'danger')
return redirect(url_for('users.forgot_password'))
reset_form = ResetPasswordForm()
if reset_form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
reset_form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f"Your password has been updated", 'success')
return redirect(url_for('users.login'))
return render_template('reset_password.html',
form=reset_form,
title='Reset Password')
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if not user:
flash('Sorry, The token is invalid or expired!', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
# hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
pw_salt = secrets.token_urlsafe(10)
hashed_password = hashlib.pbkdf2_hmac(
'sha256', str.encode(form.password.data),
str.encode(pw_salt + secrets.choice(peppers)), 10000).hex()
user.salt = pw_salt
user.password = hashed_password
db.session.commit()
flash('Your password has been updated! You are now able to log in',
'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
