def reset_password():
"""GET /reset-password: choose new password
"""
# get password-reset entry
f = (PasswordResetRequest.key == request.args.get('key'),
User.email == request.args.get('email'))
r = PasswordResetRequest\
.query\
.filter(*f)\
.filter(PasswordResetRequest.fk_user == User.id)\
.first()
# return error response if link doesn't exist or wrong email
if r == None or r.user.email != request.args['email']:
return render_template('/auth/reset-password-error.html'), 400
# expired if older than 1 day
delta = datetime.datetime.utcnow() - r.create_ts
if delta.days > 0:
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-error.html'), 400
# handle form
form = ResetPasswordForm()
if form.validate_on_submit():
# save new password
u = r.user
u.password = generate_password_hash(form.password.data)
db.session.add(u)
# login user
login_user(u, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
# delete password reset
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-followup.html')
return render_template('/auth/reset-password.html', form=form)
def create_account():
"""GET|POST /create-account: create account form handler
"""
form = CreateAccountForm()
if form.validate_on_submit():
# add user to database
u = User(email=form.email.data,
password=generate_password_hash(form.password.data))
db.session.add(u)
db.session.flush()
# send verification email
send_verification_email(u)
# login user
login_user(u, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
return redirect(request.args.get('next') or url_for('content.home'))
return render_template('/auth/create-account.html', form=form)
def reset_password():
"""GET /reset-password: choose new password
"""
# get password-reset entry
f = (PasswordResetRequest.key == request.args.get('key'),
User.email == request.args.get('email'))
r = PasswordResetRequest.query.filter(*f).first()
# return error response if link doesn't exist or wrong email
if r == None or r.user.email != request.args['email']:
return render_template('/auth/reset-password-error.html'), 400
# expired if older than 1 day
delta = datetime.datetime.utcnow() - r.create_ts
if delta.days > 0:
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-error.html'), 400
# handle form
form = ResetPasswordForm()
if form.validate_on_submit():
# save new password
u = r.user
u.password = generate_password_hash(form.password.data)
db.session.add(u)
# login user
login_user(u, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
# delete password reset
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-followup.html')
return render_template('/auth/reset-password.html', form=form)
def create_account():
"""GET|POST /create-account: create account form handler
"""
form = CreateAccountForm()
if form.validate_on_submit():
# add user to database
u = User(email=form.email.data,
password=generate_password_hash(form.password.data))
db.session.add(u)
db.session.flush()
# send verification email
send_verification_email(u)
# login user
login_user(u, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
return redirect(request.args.get('next') or url_for('content.home'))
return render_template('/auth/create-account.html', form=form)