Пример #1
0
def password_reset():
    form = PasswordResetForm(reset_token=request.args.get('reset_token'))

    if form.validate_on_submit():
        u = User.deserialize_token(request.form.get('reset_token'))

        if u is None:
            flash(_('Your reset token has expired or was tampered with.'),
                  'error')
            return redirect(url_for('user.begin_password_reset'))

        form.populate_obj(u)
        u.password = User.encrypt_password(request.form.get('password', None))
        u.save()

        if login_user(u):
            flash(_('Your password has been reset.'), 'success')
            return redirect(url_for('user.settings'))

    return render_template('user/password_reset.jinja2', form=form)
def password_reset():
    form = PasswordResetForm(reset_token=request.args.get('reset_token'))

    if form.validate_on_submit():
        u = User.deserialize_token(request.form.get('reset_token'))

        if u is None:
            flash(_('Your reset token has expired or was tampered with.'),
                  'error')
            return redirect(url_for('user.begin_password_reset'))

        form.populate_obj(u)
        u.password = User.encrypt_password(request.form.get('password', None))
        u.save()

        if login_user(u):
            flash(_('Your password has been reset.'), 'success')
            return redirect(url_for('user.settings'))

    return render_template('user/password_reset.jinja2', form=form)
Пример #3
0
 def test_deserialize_token(self, token):
     """ Token de-serializer de-serializes a JWS correctly. """
     user = User.deserialize_token(token)
     assert user.email == '*****@*****.**'
Пример #4
0
 def test_deserialize_token_tampered(self, token):
     """ Token deserializer returns None when it's been tampered with. """
     user = User.deserialize_token('{0}1337'.format(token))
     assert user is None