def post(self):
reset_password_data = request.get_json()
# attempt validation
validate_request(instance=reset_password_data,
schema=reset_password_json_schema)
new_password = reset_password_data.get("new_password", None)
password_reset_token = reset_password_data.get("password_reset_token",
None)
if new_password and len(new_password) < 8:
response = {
"error": {
"message": "Password must be at least 8 characters long.",
"status": "Fail",
}
}
return response, 422
decoded_token_response = User.decode_single_use_jws(
token=password_reset_token, required_token_type="reset_password")
is_valid_token = decoded_token_response["status"] == "Success"
if not is_valid_token:
response = {
"error": {
"message": decoded_token_response["message"],
"status": "Fail",
}
}
return make_response(jsonify(response), 401)
user: User = decoded_token_response.get("user", None)
is_used_token = user.check_is_used_password_reset_token(
password_reset_token=password_reset_token)
if is_used_token:
response = {
"error": {
"message": "This token has already been used.",
"status": "Fail",
}
}
return make_response(jsonify(response), 401)
user.hash_password(new_password)
user.remove_all_password_reset_tokens()
db.session.commit()
response = {
"message": "Password successfully changed. Please log in.",
"status": "Success",
}
return make_response(jsonify(response), 200)
def post(self):
activate_user_data = request.get_json()
activation_token = activate_user_data.get("activation_token", None)
if not activation_token:
response = {
"error": {
"message": "Activation token is required.",
"status": "Fail"
}
}
return make_response(jsonify(response), 401)
decoded_token_response = User.decode_single_use_jws(
token=activation_token, required_token_type="user_activation")
is_valid_token = decoded_token_response.get("status") == "Success"
if not is_valid_token:
response = {
"error": {
"message": decoded_token_response.get("message"),
"status": "Fail",
}
}
return make_response(jsonify(response), 401)
user: User = decoded_token_response.get("user", None)
is_already_activated = user.is_activated
if is_already_activated:
response = {
"error": {
"message": "User is already activated. Please login.",
"status": "Fail",
}
}
return make_response(jsonify(response), 403)
user.is_activated = True
authentication_token = user.encode_auth_token()
db.session.commit()
response = {
"authentication_token": authentication_token.decode(),
"data": {
"user": user_schema.dump(user).data
},
"message": "User successfully activated.",
"status": "Success",
}
return make_response(jsonify(response), 200)