def reset_password(): token = (request.form or request.args).get('token') try: userid, clientid = parse_access_token(str(token)) except TypeError: pass else: form = ResetPasswordForm(token=token) if form.validate_on_submit(): user = User.query.get(userid) user.change_password(user, form.password.data) record_user_event(user.username, 'password changed', user=user) user.save() return locals()
def wrapper(*args, **kwargs): g.authorized = RequestUser(None) auth_header = request.headers.get('Authorization', '') error = 'invalid_token' try: auth_type, auth_val = auth_header.split(None, 1) except ValueError: pass else: if auth_type.lower() == 'bearer': try: userid, clientid = parse_access_token(auth_val) except ExpiredTokenError: error = 'expired_token' except TypeError: pass else: g.authorized = RequestUser(userid, clientid) if self_auth and not kwargs['userid'] == userid: abort(403) if not g.authorized and abort_on_fail: abort(401, scheme='bearer', error=error) return f(*args, **kwargs)