def changePassword(token):
form = ChangePasswordForm(request.form)
if form.validate():
email = database_helper.getUserEmailByToken(token)
if email is not None:
if validLogin(email, request.form['oldPassword']):
passwordHash = bcrypt.generate_password_hash(request.form['newPassword'])
result = database_helper.updateUserPassword(email, passwordHash)
if result == True:
return json.dumps({'success': True, 'message': 'Password changed.'}), 200
else:
return json.dumps({'success': False, 'message': 'Could not update password.'}), 503
else:
return json.dumps({'success': False, 'message': 'Wrong password.'}), 400
else:
return json.dumps({'success': False, 'message': 'You are not signed in.'}), 405
else:
return json.dumps({'success': False, 'message': 'Form data missing or incorrect type.'}), 400
def changePassword(email):
"""Changes password for a user."""
clientHash = request.headers.get('Hash-Hmac')
utcTimestamp = request.headers.get('Hash-Timestamp')
data = ['email=' + email, '&oldPassword='******'oldPassword'], '&newPassword='******'newPassword']]
if validHMACHash(clientHash, data, email, utcTimestamp):
form = ChangePasswordForm(request.form)
if form.validate():
if validLogin(email, request.form['oldPassword']):
passwordHash = bcrypt.generate_password_hash(request.form['newPassword'])
result = database_helper.updateUserPassword(email, passwordHash)
if result == True:
return json.dumps({'success': True, 'message': 'Password changed.'}), 200
else:
return json.dumps({'success': False, 'message': 'Could not update password.'}), 503
else:
return json.dumps({'success': False, 'message': 'Wrong password.'}), 400
else:
return json.dumps({'success': False, 'message': 'Form data missing or incorrect type.'}), 405
else:
return json.dumps({'success': False, 'message': 'Invalid hash.'}), 405
