def set_new_password():
reset_token = flask.request.form['reset_token']
account = Account.find_account_by_reset_token(reset_token)
if not account or not account.is_valid_reset_token(reset_token):
return flask.redirect(flask.url_for('.login', show_message='recovery-invalid-request'))
new_password = flask.request.form['password']
account_management.set_password(account, new_password, reset_token=reset_token)
db.session.commit()
return flask.redirect(flask.url_for('core.index'))
def service_set_password():
old_password = flask.request.json["oldPassword"]
new_password = flask.request.json["newPassword"]
a = flask_login.current_user.account # type: Account
if not a.valid_password(old_password):
raise P2k16UserException("Bad password")
else:
account_management.set_password(a, new_password, old_password=old_password)
db.session.commit()
return jsonify({})