def _request_token(self):
form = ResetPasswordEmailForm()
if form.validate_on_submit():
user = form.user
# The only case where someone would have more than one identity is after a merge.
# And the worst case that can happen here is that we send the user a different
# username than the one he expects. But he still gets back into his profile.
# Showing a list of usernames would be a little bit more user-friendly but less
# secure as we'd expose valid usernames for a specific user to an untrusted person.
identity = next(iter(user.local_identities))
_send_confirmation(form.email.data,
'reset-password',
'.resetpass',
'auth/emails/reset_password.txt', {
'user': user,
'username': identity.identifier
},
data=identity.id)
session['resetpass_email_sent'] = True
return redirect(url_for('.resetpass'))
return WPAuth.render_template('reset_password.html',
form=form,
identity=None,
widget_attrs={},
email_sent=session.pop(
'resetpass_email_sent', False))
def _request_token(self):
form = ResetPasswordEmailForm()
if form.validate_on_submit():
user = form.user
# The only case where someone would have more than one identity is after a merge.
# And the worst case that can happen here is that we send the user a different
# username than the one he expects. But he still gets back into his profile.
# Showing a list of usernames would be a little bit more user-friendly but less
# secure as we'd expose valid usernames for a specific user to an untrusted person.
identity = next(iter(user.local_identities))
_send_confirmation(form.email.data, 'reset-password', '.resetpass', 'auth/emails/reset_password.txt',
{'user': user, 'username': identity.identifier}, data=identity.id)
session['resetpass_email_sent'] = True
return redirect(url_for('.resetpass'))
return WPAuth.render_template('reset_password.html', form=form, identity=None, widget_attrs={},
email_sent=session.pop('resetpass_email_sent', False))
