def reset_password(token):
""" Method to allow a user to reset his/her password.
"""
form = forms.ResetPasswordForm()
user_obj = pagure.lib.search_user(SESSION, token=token)
if not user_obj:
flask.flash('No user associated with this token.', 'error')
return flask.redirect(flask.url_for('auth_login'))
elif not user_obj.token:
flask.flash(
'Invalid user, this user never asked for a password change',
'error')
return flask.redirect(flask.url_for('auth_login'))
if form.validate_on_submit():
user_obj.password = generate_hashed_value(form.password.data)
user_obj.token = None
SESSION.add(user_obj)
try:
SESSION.commit()
flask.flash(
'Password changed')
except SQLAlchemyError as err: # pragma: no cover
SESSION.rollback()
flask.flash('Could not set the new password.', 'error')
APP.logger.debug(
'Password lost change - Error setting password.')
APP.logger.exception(err)
return flask.redirect(flask.url_for('auth_login'))
return flask.render_template(
'login/password_reset.html',
form=form,
token=token,
)
def reset_password(token):
""" Method to allow a user to reset his/her password.
"""
form = forms.ResetPasswordForm()
user_obj = pagure.lib.query.search_user(flask.g.session, token=token)
if not user_obj:
flask.flash("No user associated with this token.", "error")
return flask.redirect(flask.url_for("auth_login"))
elif not user_obj.token:
flask.flash(
"Invalid user, this user never asked for a password change",
"error",
)
return flask.redirect(flask.url_for("auth_login"))
if form.validate_on_submit():
user_obj.password = generate_hashed_value(form.password.data)
user_obj.token = None
flask.g.session.add(user_obj)
try:
flask.g.session.commit()
flask.flash("Password changed")
except SQLAlchemyError: # pragma: no cover
flask.g.session.rollback()
flask.flash("Could not set the new password.", "error")
_log.exception("Password lost change - Error setting password.")
return flask.redirect(flask.url_for("auth_login"))
return flask.render_template("login/password_reset.html",
form=form,
token=token)