def change_password(request): """Allow the current user to change his password.""" form = ChangePasswordForm(request.user) if request.method == 'POST': if request.form.get('cancel'): return form.redirect('account/index') if form.validate(request.form): form.set_password() db.commit() flash(_(u'Password changed successfully.'), 'configure') return form.redirect('account/index') return render_account_response('account/change_password.html','profile.password', form=form.as_widget() )
def reset_password(request, req_id=None): """Help users with forgotten passwords.""" if req_id is None: raise NotFound() reset_request = PasswordRequest.query.get(req_id) if reset_request is None: raise NotFound() form = ChangePasswordForm(reset_request.user) del form.old_password if request.method == 'POST' and form.validate(request.form): form.set_password() request.login(reset_request.user) db.delete(reset_request) db.commit() return form.redirect('account/index') return render_account_response('account/reset_password.html', form=form.as_widget())