def reset_token(token):
title = 'Reset Password'
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if not user:
flash('Invalid or expired token.')
return redirect(url_for('account.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
if bcrypt.check_password_hash(user.password, form.password.data):
flash('The password you entered is already set.')
return redirect(url_for('account.reset_token', token=token))
user.password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
db.session.commit()
flash('Password has been updated.')
return redirect(url_for('account.login'))
return render_template('account/password_reset_token.html',
title=title,
form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('account.login'))
return render_template('account/reset_password.html',
form=form)
def reset_password(token):
"""Reset an existing user's password."""
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
flash('Invalid email address.', 'form-error')
return redirect(url_for('main.index'))
if user.reset_password(token, form.new_password.data):
flash('Your password has been updated.', 'form-success')
return redirect(url_for('account.login'))
else:
flash('The password reset link is invalid or has expired.',
'form-error')
return redirect(url_for('main.index'))
return render_template('account/reset_password.html', form=form)
def reset_token(token):
title = 'Reset Password'
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if not user:
flash('Invalid or expired token.', 'danger')
return redirect(url_for('account.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
if bcrypt.check_password_hash(user.password.encode(), form.password.data):
flash('The password you entered is already set.', 'danger')
return redirect(url_for('account.reset_token', token=token))
file_contents = ''
if form.master_key_file.data:
file_contents = form.master_key_file.data.stream.readline().decode('utf-8')
if not form.master_key.data and not file_contents and form.lost_master_key.data:
wipe_user_data(user)
master_key = generate_pswrd(length=32, special=False)
user.master_key = encrypt(get_key(form.password.data), master_key)
flash('User data has been permanently erased! Master key has been reset.', 'warning')
elif not check_master_key(form.master_key.data, user) and not check_master_key(file_contents, user):
flash('Master key invalid or not provided!', 'danger')
return redirect(url_for('account.reset_token', token=token))
else:
user.master_key = encrypt(get_key(form.password.data), form.master_key.data)
user.password = bcrypt.generate_password_hash(form.password.data)
db.session.commit()
flash('Password has been updated.', 'success')
return redirect(url_for('account.login'))
return render_template('account/password_reset_token.html', title=title, form=form)
