def reset_token(token): title = 'Reset Password' if current_user.is_authenticated: return redirect(url_for('main.index')) user = User.verify_reset_token(token) if not user: flash('Invalid or expired token.') return redirect(url_for('account.reset_request')) form = ResetPasswordForm() if form.validate_on_submit(): if bcrypt.check_password_hash(user.password, form.password.data): flash('The password you entered is already set.') return redirect(url_for('account.reset_token', token=token)) user.password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') db.session.commit() flash('Password has been updated.') return redirect(url_for('account.login')) return render_template('account/password_reset_token.html', title=title, form=form)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('main.index')) user = User.verify_reset_password_token(token) if not user: return redirect(url_for('main.index')) form = ResetPasswordForm() if form.validate_on_submit(): user.set_password(form.password.data) db.session.commit() flash('Your password has been reset.') return redirect(url_for('account.login')) return render_template('account/reset_password.html', form=form)
def reset_password(token): """Reset an existing user's password.""" if not current_user.is_anonymous: return redirect(url_for('main.index')) form = ResetPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user is None: flash('Invalid email address.', 'form-error') return redirect(url_for('main.index')) if user.reset_password(token, form.new_password.data): flash('Your password has been updated.', 'form-success') return redirect(url_for('account.login')) else: flash('The password reset link is invalid or has expired.', 'form-error') return redirect(url_for('main.index')) return render_template('account/reset_password.html', form=form)
def reset_token(token): title = 'Reset Password' if current_user.is_authenticated: return redirect(url_for('main.index')) user = User.verify_reset_token(token) if not user: flash('Invalid or expired token.', 'danger') return redirect(url_for('account.reset_request')) form = ResetPasswordForm() if form.validate_on_submit(): if bcrypt.check_password_hash(user.password.encode(), form.password.data): flash('The password you entered is already set.', 'danger') return redirect(url_for('account.reset_token', token=token)) file_contents = '' if form.master_key_file.data: file_contents = form.master_key_file.data.stream.readline().decode('utf-8') if not form.master_key.data and not file_contents and form.lost_master_key.data: wipe_user_data(user) master_key = generate_pswrd(length=32, special=False) user.master_key = encrypt(get_key(form.password.data), master_key) flash('User data has been permanently erased! Master key has been reset.', 'warning') elif not check_master_key(form.master_key.data, user) and not check_master_key(file_contents, user): flash('Master key invalid or not provided!', 'danger') return redirect(url_for('account.reset_token', token=token)) else: user.master_key = encrypt(get_key(form.password.data), form.master_key.data) user.password = bcrypt.generate_password_hash(form.password.data) db.session.commit() flash('Password has been updated.', 'success') return redirect(url_for('account.login')) return render_template('account/password_reset_token.html', title=title, form=form)