def reset_password(token):
"""
重设密码
:param token: 点击邮件中的链接携带的token
"""
logger.info('url = ' + str(request.url))
# 如果用户已经登录,不需要重设密码
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
# 用户不存在
if user is None:
return redirect(url_for('main.index'))
# 验证token的有效性
if validate_token(user=user, token=token, operation=Operations.RESET_PASSWORD,
new_password=form.password.data):
flash('密码重置成功!', 'success')
return redirect(url_for('.login'))
else:
flash('无效或过期链接!', 'danger')
# 跳转到忘记密码页面
return redirect(url_for('.forget_password'))
# 重设密码
return render_template('auth/reset_password.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user is None:
return False
if validate_token(user=user, token=token, operation=Operations.RESET_PASSWORD, new_password=form.password.data):
flash('Password updated', 'info')
return redirect(url_for('auth.login'))
else:
flash('Invalid or expired token', 'danger')
return redirect(url_for('auth.forget_password'))
return render_template('auth/reset_password.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user is None:
flash('用户不存在!', 'warning')
return redirect(url_for('main.index'))
if validate_token(user=user,
token=token,
operation=Operations.RESET_PASSWORD,
new_password=form.password.data): # 传入新密码
flash('重置密码成功。', 'success')
return redirect(url_for('.login'))
return render_template('auth/reset_password.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for("main.index"))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user is None:
return redirect(url_for("main.index"))
if validate_token(user=user,
token=token,
operation=Operations.RESET_PASSWORD,
new_password=form.password.data):
flash("Password updated successfully.", "success")
return redirect(url_for("auth.login"))
else:
flash("Invalid or expired link.", "danger")
return redirect(url_for("auth.forget_password"))
return render_template("auth/reset_password.html", form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
email = form.email.data.lower()
user = User.query.filter_by(email=email).first()
if not user:
return redirect(url_for('main.index'))
new_password = form.password.data
if validate_token(user, token, Operations.RESET_PASSWORD, new_password=new_password):
flash('Password updated', 'success')
return redirect(url_for('.login'))
else:
flash('Invalid or expired link.', 'danger')
return redirect(url_for('.forget_password'))
# 问题:如何针对未登录用户进行验证?要怎么修改?user参数怎么传?
# 在post时候再验证
return render_template('auth/reset_password.html', form=form)