def change_password(request):
"""Allow the current user to change his password."""
form = ChangePasswordForm(request.user)
if request.method == 'POST':
if request.form.get('cancel'):
return form.redirect('account/index')
if form.validate(request.form):
form.set_password()
db.commit()
flash(_(u'Password changed successfully.'), 'configure')
return form.redirect('account/index')
return render_account_response('account/change_password.html','profile.password',
form=form.as_widget()
)
def reset_password(request, req_id=None):
"""Help users with forgotten passwords."""
if req_id is None:
raise NotFound()
reset_request = PasswordRequest.query.get(req_id)
if reset_request is None:
raise NotFound()
form = ChangePasswordForm(reset_request.user)
del form.old_password
if request.method == 'POST' and form.validate(request.form):
form.set_password()
request.login(reset_request.user)
db.delete(reset_request)
db.commit()
return form.redirect('account/index')
return render_account_response('account/reset_password.html', form=form.as_widget())
