def post(self): success = User.set_new_password(self.data['token'], self.data['password']) if not success: raise PyError({'msg': 'invalid_token'}) return {'msg': 'password_updated'}
def post(self): email = self.data['email'] password = self.data['password'] user = User.auth_with_password(email, password) expires = not self.data['remember'] if user: return { 'token': create_token(user, expires=expires), } else: raise APIError({'msg': 'invalid_password'})
def post(self): email = self.data['email'] password = self.data['password'] user = User.auth_with_password(email, password) expires = not self.data['remember'] if user: return { 'token': gen_token(user, expires=expires), 'settings': user.settings, } else: raise PyError({'msg': 'invalid_password'})
def post(self): email = self.data['email'] token = User.generate_reset_password_token(email) if token is None: raise PyError({'msg': 'email_not_found'}) # Email password reset token to user app_name = get_application_id() sender = 'noreply@%s.appspotmail.com' % app_name subject = '%s password reset' % app_name.capitalize() body = """ A password reset has been requested for your account. If you did not request it, simply ignore this email, otherwise visit this link to reset your password: https://%s.appspot.com/reset-password/%s """ % (app_name, token) mail.send_mail(sender, email, subject, body) return {'msg': 'reset_link_sent'}
def validate_token(message, max_days=None): try: data = _signer.loads(message) except BadSignature: return None, 'invalid_access_token' # Tokens without creation time don't expire over time if 'created_at' in data: token_created_at = datetime.strptime(data['created_at'], _datetimefmt) if (datetime.now() - token_created_at).days > max_days: return None, 'expired_access_token' user = User.get_by_id(data['id']) if user is None: return None, 'invalid_access_token' # All existing tokens expire when user password has been changed if user.password_hash != data['hash']: return None, 'expired_access_token' return user, None