def show_emergency_reset_form():
config = request.app.config
token_path = config.get('emergency.file', '')
if not os.path.isfile(token_path):
# Not configured or missing emergency reset token file
abort(404)
with open(token_path, 'r') as f:
token = f.read()
if not token.strip():
# Token file is empty, so treat it as missing token file
abort(404)
# If user is already logged in, redirect to password reset page instead.
# Thre's no need to do anything heavy-handed in this case.
if request.user.is_authenticated:
return redirect(i18n_url('auth:reset_form'))
return dict(form=EmergencyResetForm(),
reset_token=User.generate_reset_token())
def setup_superuser_form():
return dict(form=RegistrationForm(),
reset_token=User.generate_reset_token())
def setup_superuser_form():
return dict(form=RegistrationForm(),
reset_token=User.generate_reset_token())