def reset_password(token): try: email = ts.loads(token, salt='recover-password', max_age=86400) except: abort(404) form=passwordForm() if form.validate_on_submit(): user = User() if user.get_user_with_email(email): user.reset_password() login_user(user, remember=True) return redirect('/profile') return redirect(url_for('login'))
def reset_password(): reset_request_id = request.args.get('id') reset_code = request.args.get('reset_code') reset_request = PasswordResetRequest.objects.get_or_404(id=reset_request_id) if not reset_request: flash("You do not have access to that page.", "danger") return redirect(url_for('index')) if not reset_request.validate_reset_code(reset_code): flash("You do not have access to that page", "danger") return redirect(url_for('index')) if not reset_request.validate_timestamp(): flash("Password reset has expired", "danger") return redirect(url_for('index')) if request.method == "POST": password = request.form.get('password').strip() confirm = request.form.get('confirm').strip() has_errors = False if len(password) < MIN_PASSWORD_LENGTH: flash("Password must be at least {0} " "characters".format(MIN_PASSWORD_LENGTH), "danger") has_errors = True if password != confirm: flash("Password and confirmation do not match", "danger") has_errors = True if not has_errors: userObj = User() password_hash = flask_bcrypt.generate_password_hash(password) try: userObj.reset_password(reset_request.user_id, password_hash) reset_request.delete() session.pop(reset_request.user_id, None) flash("You have successfully reset your password!", "success") return redirect(url_for('auth_login.login')) except: flash("Unable to reset password", "danger") current_app.logger.error("Error on registration - possible duplicate emails") form = ResetPassForm(request.form) return render_template('forms/reset_password.html', form = form)