def post(self, token):
if self.form.validate():
token = UserToken.get_by_id(token)
# test current password
user = User.get_by_id(token.user_id)
if token is not None and user is not None:
# updated the Users password UserProfile with the new password
p = user.get_auth_id("password").get()
p.set_password(self.form.password.data)
p.put()
# Delete token
token.key.delete()
# Login User
self.add_message('Password updated successfully. '
'Login with your new password', 'success')
return self.redirect_to('auth-login')
self.add_message('Please correct the form errors.', 'error')
return self.get(token)
def password_recovery(self):
recipient_id = self.request.POST.get('recipient_id')
if recipient_id is None: return
recipient = User.get_by_id(int(recipient_id))
token = UserToken.create(recipient.key.id(), 'password_reset').key.id()
# uses the application_title set in the config
subject = "{}: Password Assistance".format(
Config.get('application').title)
template = '/account/emails/password_reset.html'
reset_url = self.uri_for(
'account-recovery-verify', token=token, _full=True)
# Create the email
email = mail.EmailMessage()
email.sender = Config.get('application').default_from_email
email.subject = subject
email.to = '{} <{}>'.format(recipient.name, recipient.email)
email.body = self.render_template(template, {
'recipient': recipient,
'reset_url': reset_url,
})
email.send()
