def user_send_password_recovery_email():
data = request.get_json(force=True)
email = data['email']
try:
user = User.find_by_email(email)
except ValueError as e:
return jsonify(success=False, error=str(e)), 400
try:
user.send_forgot_password_email()
return jsonify(success=True)
except Exception:
return jsonify(
success=False,
error="The password recovery email could not be sent."), 400
def user_set_new_password():
data = request.get_json(force=True)
password_token = data['password_token']
email = data['email']
try:
user = User.find_by_email(email)
except ValueError as e:
return jsonify(success=False, error=str(e)), 400
if not user.verify_password_token(password_token):
return jsonify(success=False,
error="Invalid password verification token."), 400
new_password = data['new_password']
try:
user.set_password(new_password)
except Exception as e:
return jsonify(success=False, error=str(e)), 400
return jsonify(success=True)