def forgot_password(): """ Send a password reset email. """ form = ForgotPasswordForm(request.json_multidict) if not form.validate_on_submit(): return api_error(form.errors) user = User.get_by_email(form.email.data) if user: send_password_reset(user) return '', 200
def login(): """ Authenticate with the application. """ # TODO: issue API key here instead of cookie form = LoginForm(request.json_multidict) if not form.validate_on_submit(): return api_error(form.errors) user = User.get_by_email(form.email.data.lower()) password = form.password.data if user is not None and user.check_password(password): login_user(user) return jsonify(user) return api_error(dict(form=['Invalid username/password.']))
def reset_password(): """ Reset a user's password with valid token. Will send a password reset notification email to user. """ reset_token_life = timedelta( hours=current_app.config.get('RESET_TOKEN_LIFE', 24)) form = ResetPasswordForm(request.json_multidict) if not form.validate_on_submit(): return api_error(form.errors) user = User.get_by_email(form.email.data) if not user: return api_error(dict(form=['Could not find user.'])) if not user.reset_token or user.reset_token != form.token.data: return api_error(dict(form=['Invalid reset token.'])) if user.reset_created_at < datetime.utcnow() - reset_token_life: return api_error(dict(form=['Reset token expired'])) user.set_password(form.password.data) user.reset_token = None user.reset_created_at = None user.save() send_confirm_password_reset(user) login_user(user) return jsonify(user)
def validate_email(self, field): if self.validate_unique_email and User.get_by_email(field.data): raise ValidationError('This email is already in use.')