def forgot():
try:
email = request.json['email']
except KeyError:
raise ApiError("must supply 'email'", 400)
user = User.find_by_email(email)
if user:
if not user.is_active:
raise ApiError('user not active', 403)
send_password_reset(user)
return jsonify(status='ok', message='password reset sent')
else:
raise ApiError('invalid email address', 400)
def send_password_reset(self) -> None:
token = utils.generate_email_token(email=self.email, salt='reset')
self._set_email_hash(token)
utils.send_password_reset(self, token)
