def reset_password(db): try: email = request.forms.email.strip() token = request.forms.token.strip() if not email or not token: return HTTPError(400, 'Bad request') user = db.query(model.User).filter_by(email=email).first() if user: # validate hmac token json_payload = json.dumps(gen_pw_reset_payload(user)) new_token = hmac.new(config.site_secret, json_payload).hexdigest() if token != new_token: return HTTPError(401, 'Unauthorized') # change password user.password = request.forms.password.strip() # pw reset can also be used in activating the account user.verified = True else: return HTTPError(401, 'Unauthorized') except AssertionError: return HTTPError(400, 'Bad request')
def send_reset_email(db): email = request.forms.email.strip() if not email: return HTTPError(400, 'Bad request') user = db.query(model.User).filter_by(email=email).first() if user: json_payload = json.dumps(gen_pw_reset_payload(user)) token = hmac.new(config.site_secret, json_payload).hexdigest() subject = config.pw_reset_email_subject body = template('mail_pw_reset', email=user.email, site_name=config.site_name, site_url=config.site_url, token=token) send_email(email, subject, body)
def send_reset_email(db): email = request.forms.email.strip() if not email: return HTTPError(400, 'Bad request') user = db.query(model.User).filter_by(email=email).first() if user: json_payload = json.dumps(gen_pw_reset_payload(user)) token = hmac.new(config.site_secret, json_payload).hexdigest() subject = config.pw_reset_email_subject body = template( 'mail_pw_reset', email=user.email, site_name=config.site_name, site_url=config.site_url, token=token ) send_email(email, subject, body)