def reset_with_token(token):
try:
password_reset_serializer = URLSafeTimedSerializer(
app.config['SECRET_KEY'])
email = password_reset_serializer.loads(token,
salt='password-reset-salt',
max_age=3600)
except:
flash('The password reset link is invalid or has expired.', 'error')
return redirect(url_for('users.login'))
form = PasswordForm()
if form.validate_on_submit():
try:
user = User.query.filter_by(email=email).first_or_404()
except:
flash('Invalid email address!', 'error')
return redirect(url_for('users.login'))
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('users.login'))
return render_template('reset_password_with_token.html',
form=form,
token=token)
def reset_with_token(token):
try:
serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
email = serializer.loads(token, salt='password-reset', max_age=3600)
except BadData:
flash('The password reset link is invalid or has expired.', 'error')
return redirect(url_for('user.reset'))
form = PasswordForm()
if request.method == 'POST':
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
if user is None:
flash("Invalid email address!", 'error')
return redirect(url_for('user.login'))
user.password_ = form.password.data
db.session.add(user)
db.session.commit()
flash("Your password has been updated!", 'success')
return redirect(url_for('user.login'))
return render_template('form_reset_password_with_token.html',
form=form,
token=token)
def user_password_change():
form = PasswordForm()
if request.method == 'POST':
if form.validate_on_submit():
user = current_user
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash('Password has been updated!', 'success')
return redirect(url_for('users.user_profile'))
return render_template('password_change.html', form=form)
def user_password_change():
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate_on_submit():
user = current_user
if not user.is_correct_password(form.old_password.data):
flash('Sorry, your current password is incorrect', 'error')
return redirect(url_for('user.user_password_change'))
user.password_ = form.password.data
db.session.add(user)
db.session.commit()
flash('Password had been updated!', 'success')
return render_template('form_password_change.html', form=form)
def show(id):
found_user = User.query.get(id)
if request.method == 'GET':
form = EditForm(obj=found_user)
return render_template('users/show.html', user=found_user, form=form)
if request.method == b'PATCH':
if request.form.get('username', None) is not None:
form = EditForm(request.form)
if form.validate():
found_user.username = form.username.data
found_user.email = form.email.data
is_authenticated = bcrypt.check_password_hash(
found_user.password, form.password.data)
if is_authenticated:
db.session.add(found_user)
db.session.commit()
return redirect(url_for('root'))
return render_template('users/show.html',
user=found_user,
form=form)
else:
form2 = PasswordForm(request.form)
if form2.validate():
if bcrypt.check_password_hash(found_user.password,
form2.current.data):
found_user.new_password = bcrypt.generate_password_hash(
form2.new_password.data).decode('UTF-8')
db.session.add(found_user)
db.session.commit()
flash('You have succesfully changed your password')
return redirect(url_for('root'))
flash('Please provide the right password')
return render_template('users/password.html',
form=form2,
user=found_user)
return render_template('users/password.html',
form=form2,
user=found_user)
def password(id):
user = User.query.get(id)
form = PasswordForm(request.form)
return render_template('users/password.html', form=form, user=user)