def reset_token(token): if current_user.is_authenticated: return redirect(url_for('main.home')) user = User.verify_reset_token(token) if user is None: flash('That is an invalid or expired token', 'warning') return redirect(url_for('users.reset_request')) form = ResetPasswordForm() if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8') user.password = hashed_password db.session.commit() flash('Your password has been updated! You are now able to log in', 'success') return redirect(url_for('users.login')) return render_template('reset_token.html', title='Reset Password', form=form)
def test_reset_password(test_client, init_db): user = User.query.filter_by(username="******").first() token = user.get_reset_token() user = User.verify_reset_token(token) password = "******" response = test_client.post(f"/reset_password/{token}", data=dict( password=password, confirm_password=password, ), follow_redirects=True) hashed_password = user.password is_match = bcrypt.check_password_hash(hashed_password, password) assert response.status_code == 200 assert is_match == True assert b"Email" in response.data assert b"Your password has been updated" in response.data
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('main.project', user=current_user.username)) user = User.verify_reset_token(token) if not user: flash('That is an invalid or expired token', 'danger') return redirect(url_for('users.forgot_password')) reset_form = ResetPasswordForm() if reset_form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash( reset_form.password.data).decode('utf-8') user.password = hashed_password db.session.commit() flash(f"Your password has been updated", 'success') return redirect(url_for('users.login')) return render_template('reset_password.html', form=reset_form, title='Reset Password')
def reset_token(token): if current_user.is_authenticated: return redirect(url_for('main.home')) user = User.verify_reset_token(token) if not user: flash('Sorry, The token is invalid or expired!', 'warning') return redirect(url_for('users.reset_request')) form = ResetPasswordForm() if form.validate_on_submit(): # hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8') pw_salt = secrets.token_urlsafe(10) hashed_password = hashlib.pbkdf2_hmac( 'sha256', str.encode(form.password.data), str.encode(pw_salt + secrets.choice(peppers)), 10000).hex() user.salt = pw_salt user.password = hashed_password db.session.commit() flash('Your password has been updated! You are now able to log in', 'success') return redirect(url_for('users.login')) return render_template('reset_token.html', title='Reset Password', form=form)