def reset_password(token):
try:
email = ts.loads(token, salt='recover-password', max_age=86400)
except:
abort(404)
form=passwordForm()
if form.validate_on_submit():
user = User()
if user.get_user_with_email(email):
user.reset_password()
login_user(user, remember=True)
return redirect('/profile')
return redirect(url_for('login'))
def reset_password():
reset_request_id = request.args.get('id')
reset_code = request.args.get('reset_code')
reset_request = PasswordResetRequest.objects.get_or_404(id=reset_request_id)
if not reset_request:
flash("You do not have access to that page.", "danger")
return redirect(url_for('index'))
if not reset_request.validate_reset_code(reset_code):
flash("You do not have access to that page", "danger")
return redirect(url_for('index'))
if not reset_request.validate_timestamp():
flash("Password reset has expired", "danger")
return redirect(url_for('index'))
if request.method == "POST":
password = request.form.get('password').strip()
confirm = request.form.get('confirm').strip()
has_errors = False
if len(password) < MIN_PASSWORD_LENGTH:
flash("Password must be at least {0} "
"characters".format(MIN_PASSWORD_LENGTH), "danger")
has_errors = True
if password != confirm:
flash("Password and confirmation do not match", "danger")
has_errors = True
if not has_errors:
userObj = User()
password_hash = flask_bcrypt.generate_password_hash(password)
try:
userObj.reset_password(reset_request.user_id, password_hash)
reset_request.delete()
session.pop(reset_request.user_id, None)
flash("You have successfully reset your password!", "success")
return redirect(url_for('auth_login.login'))
except:
flash("Unable to reset password", "danger")
current_app.logger.error("Error on registration - possible duplicate emails")
form = ResetPassForm(request.form)
return render_template('forms/reset_password.html', form = form)
