def user(self):
user = None
if 'user_key' in self.session:
str_key = self.session['user_key']
user = model.getByKey(str_key)
if not user:
del self.session['user_key']
return user
def user(self):
user = None
if 'auth_key' in self.session:
str_key = self.session['auth_key']
auth = model.getByKey(str_key)
if auth:
user = auth.user
else:
del self.session['auth_key']
return user
def before(self):
is_valid = False
self.key = self.request.get("key")
self.token = self.request.get("token")
if self.key and self.token:
self.user = model.getByKey(self.key)
if self.user and self.user.token and self.token == self.user.token:
# token is valid for one hour
if (datetime.utcnow() - self.user.token_date).total_seconds() < 3600:
is_valid = True
if not is_valid:
self.flash("error", "That reset password link has expired.")
self.redirect("/forgotpassword")
