def reset_post():
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('password_confirm')
token = request.args.get('t')
token = request.form.get('t', token)
token = Token(token)
if email:
usr = user.get_by_email(email)
if usr:
reset_email(usr)
return '', 201
if not validate_password(password, confirm, raise_error=False):
return 'Invalid password', 403
if not token.value:
return 'Invalid token', 403
if not token.user:
return 'Invalid token', 403
user.set_password(token.user, password)
login_user(token.user, remember=False)
url = request.args.get('next')
url = url or url_for('marketing.index')
return make_response(('', 201, [('Location', url)]))
def reset_post():
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('password_confirm')
token = request.args.get('t')
token = request.form.get('t', token)
token = Token(token)
if email:
usr = user.get_by_email(email)
if usr:
reset_email(usr)
return '', 201
if not validate_password(password, confirm, raise_error=False):
return 'Invalid password', 403
if not token.value:
return 'Invalid token', 403
if not token.user:
return 'Invalid token', 403
user.set_password(token.user, password)
login_user(token.user, remember=False)
url = request.args.get('next')
url = url or url_for('marketing.index')
return make_response(('', 201, [('Location', url)]))
def password_change():
old = request.json.get('old')
new = request.json.get('new')
confirm = request.json.get('confirm')
usr = current_user._get_current_object()
if not user.verify_password(usr, old):
return 'Invalid old password', 403
if new != confirm:
return 'New password not confirmed', 403
try:
user.set_password(usr, new)
except InvalidPasswordError:
return 'Invalid new password', 403
return '', 201
def password_change():
old = request.json.get('old')
new = request.json.get('new')
confirm = request.json.get('confirm')
usr = current_user._get_current_object()
if not user.verify_password(usr, old):
return 'Invalid old password', 403
if new != confirm:
return 'New password not confirmed', 403
try:
user.set_password(usr, new)
except InvalidPasswordError:
return 'Invalid new password', 403
return '', 201
