def get_password_reset_link(user): user_id = user.get_id() s = timed_serializer() # disallows password reset link to be reused old_hash = user.password[:10] payload = s.dumps(user_id + old_hash) return payload
def check_password_reset_link(payload): s = timed_serializer() try: # disallows password reset link to be reused unhashed_payload = s.loads(payload, max_age=86400) old_hash = unhashed_payload[len(unhashed_payload) - 10 : len(unhashed_payload)] user_id = unhashed_payload[:-10] user = User.get(email=user_id) except SignatureExpired or BadSignature: return False return (user, old_hash)