def reset():
# User wants to reset password
# Ask for username or email, verify it, and send a reset code
form = PasswordResetRequestForm()
if getbool(request.args.get('expired')):
message = _(u"Your password has expired. Please enter your username "
"or email address to request a reset code and set a new password")
else:
message = None
if request.method == 'GET':
form.username.data = request.args.get('username')
if form.validate_on_submit():
username = form.username.data
user = form.user
if '@' in username and not username.startswith('@'):
# They provided an email address. Send reset email to that address
email = username
else:
# Send to their existing address
# User.email is a UserEmail object
email = unicode(user.email)
if not email and user.emailclaims:
email = user.emailclaims[0].email
if not email:
# They don't have an email address. Maybe they logged in via Twitter
# and set a local username and password, but no email. Could happen.
if len(user.externalids) > 0:
extid = user.externalids[0]
return render_message(title=_("Cannot reset password"), message=Markup(_(u"""
We do not have an email address for your account. However, your account
is linked to <strong>{service}</strong> with the id <strong>{username}</strong>.
You can use that to login.
""").format(service=login_registry[extid.service].title, username=extid.username or extid.userid)))
else:
return render_message(title=_("Cannot reset password"), message=Markup(_(
u"""
We do not have an email address for your account and therefore cannot
email you a reset link. Please contact
<a href="mailto:{email}">{email}</a> for assistance.
""").format(email=escape(current_app.config['SITE_SUPPORT_EMAIL']))))
resetreq = PasswordResetRequest(user=user)
db.session.add(resetreq)
send_password_reset_link(email=email, user=user, secret=resetreq.reset_code)
db.session.commit()
return render_message(title=_("Reset password"), message=_(u"""
We sent a link to reset your password to your email address: {masked_email}.
Please check your email. If it doesn’t arrive in a few minutes,
it may have landed in your spam or junk folder.
The reset link is valid for 24 hours.
""".format(masked_email=mask_email(email))))
return render_form(form=form, title=_("Reset password"), message=message, submit=_("Send reset code"), ajax=False)
def reset():
# User wants to reset password
# Ask for username or email, verify it, and send a reset code
form = PasswordResetRequestForm()
if form.validate_on_submit():
username = form.username.data
user = form.user
if '@' in username and not username.startswith('@'):
# They provided an email address. Send reset email to that address
email = username
else:
# Send to their existing address
# User.email is a UserEmail object
email = unicode(user.email)
if not email:
# They don't have an email address. Maybe they logged in via Twitter
# and set a local username and password, but no email. Could happen.
return render_message(title="Reset password",
message=Markup(u"""
We do not have an email address for your account and therefore cannot
email you a reset link. Please contact
<a href="mailto:%s">%s</a> for assistance.
""" % (escape(current_app.config['SITE_SUPPORT_EMAIL']),
escape(current_app.config['SITE_SUPPORT_EMAIL']))))
resetreq = PasswordResetRequest(user=user)
db.session.add(resetreq)
send_password_reset_link(email=email,
user=user,
secret=resetreq.reset_code)
db.session.commit()
return render_message(title="Reset password",
message=u"""
We sent you an email with a link to reset your password.
Please check your email. If it doesn’t arrive in a few minutes,
it may have landed in your spam or junk folder.
The reset link is valid for 24 hours.
""")
return render_form(form=form,
title="Reset password",
submit="Send reset code",
ajax=True)