def get_password_reset_link(user):
user_id = user.get_id()
s = timed_serializer()
# disallows password reset link to be reused
old_hash = user.password[:10]
payload = s.dumps(user_id + old_hash)
return payload
def check_password_reset_link(payload):
s = timed_serializer()
try:
# disallows password reset link to be reused
unhashed_payload = s.loads(payload, max_age=86400)
old_hash = unhashed_payload[len(unhashed_payload) - 10 : len(unhashed_payload)]
user_id = unhashed_payload[:-10]
user = User.get(email=user_id)
except SignatureExpired or BadSignature:
return False
return (user, old_hash)
