def recover(secret_key): form = PasswordChangeForm(request.form) data = RecoveryData.query.filter_by(secret_key=secret_key).first() if data is None: flash('Secret key for password recovery was invalid', 'danger') return redirect(url_for('home')) if not data.is_valid(): flash('This recovery link has expired.') database.session.delete(data) database.session.commit() return redirect(url_for('home')) if request.method == 'POST' and form.validate(): account = Account.query.filter_by(name=data.name, email=data.email).first() if account is None: flash('Something went wrong, unknown user', 'danger') return redirect(url_for('home')) account.password = bcrypt.generate_password_hash(form.data['password']) database.session.delete(data) database.session.commit() flash('Successfully changed your password', 'success') return redirect(url_for('login')) return render_template('views/recover.html', form=form)
def put(self): data = ImmutableMultiDict(request.json) change_password_form = PasswordChangeForm(data, csrf_enabled=False) if change_password_form.validate(): obj = User.query.filter(User.username == current_identity.username).first() change_password_form.save(obj) return jsonify({"status": "success", "message": "Password Changed"}) return change_password_form.errors