def reset_email(userid, secret): logout_internal() user = User.query.filter_by(userid=userid).first() if not user: abort(404) resetreq = PasswordResetRequest.query.filter_by(user=user, reset_code=secret).first() if not resetreq: return render_message(title="Invalid reset link", message=Markup("The reset link you clicked on is invalid.")) if resetreq.created_at < datetime.utcnow() - timedelta(days=1): # Reset code has expired (> 24 hours). Delete it db.session.delete(resetreq) db.session.commit() return render_message(title="Expired reset link", message=Markup("The reset link you clicked on has expired.")) # Reset code is valid. Now ask user to choose a new password form = PasswordResetForm() if form.validate_on_submit(): user.password = form.password.data db.session.delete(resetreq) db.session.commit() return render_message(title="Password reset complete", message=Markup( 'Your password has been reset. You may now <a href="%s">login</a> with your new password.' % escape(url_for('login')))) return render_form(form=form, title="Reset password", formid='reset', submit="Reset password", message=Markup('Hello, <strong>%s</strong>. You may now choose a new password.' % user.fullname), ajax=True)
def change_password(): if g.user.pw_hash is None: form = PasswordResetForm() else: form = PasswordChangeForm() if form.validate_on_submit(): g.user.password = form.password.data db.session.commit() flash("Your new password has been saved.", category="info") return render_redirect(url_for("profile"), code=303) return render_form(form=form, title="Change password", formid="changepassword", submit="Change password", ajax=True)
def change_password(): if g.user.pw_hash is None: form = PasswordResetForm() else: form = PasswordChangeForm() if form.validate_on_submit(): g.user.password = form.password.data db.session.commit() flash("Your new password has been saved.", category='success') return render_redirect(url_for('profile'), code=303) return render_form(form=form, title="Change password", formid="changepassword", submit="Change password", ajax=True)
def reset_email(user, kwargs): logout_internal() resetreq = PasswordResetRequest.query.filter_by( user=user, reset_code=kwargs['secret']).first() if not resetreq: return render_message( title="Invalid reset link", message=Markup("The reset link you clicked on is invalid.")) if resetreq.created_at < datetime.utcnow() - timedelta(days=1): # Reset code has expired (> 24 hours). Delete it db.session.delete(resetreq) db.session.commit() return render_message( title="Expired reset link", message=Markup("The reset link you clicked on has expired.")) # Reset code is valid. Now ask user to choose a new password form = PasswordResetForm() if form.validate_on_submit(): user.password = form.password.data db.session.delete(resetreq) db.session.commit() return render_message( title="Password reset complete", message=Markup( 'Your password has been reset. You may now <a href="%s">login</a> with your new password.' % escape(url_for('login')))) return render_form( form=form, title="Reset password", formid='reset', submit="Reset password", message=Markup( 'Hello, <strong>%s</strong>. You may now choose a new password.' % user.fullname), ajax=True)