def reset():
form = EmailForm(request.form)
if request.method == 'POST' and form.validate():
con = engine.connect()
user = current_user(con, form.email.data)
con.close()
if user is not None:
subject = "Reajuste de contraseña solicitado"
# Here we use the URLSafeTimedSerializer we created in `util` at the
# beginning of the chapter
token = ts.dumps(form.email.data, salt='recover-key')
recover_url = url_for(
'user.reset_with_token',
token=token,
_external=True)
html = render_template(
'user/recover.html',
recover_url=recover_url)
# Let's assume that send_email was defined in myapp/util.py
send_email(form.email.data, subject, html)
flash('Se envió un correo electrónico a esa dirección si el correo electrónico se registró en nuestro sitio.',
'success')
return redirect(url_for('user.login'))
return render_template('user/reset.html', form=form)
def validate(self):
initial_validation = super(EmailForm, self).validate()
if not initial_validation:
return False
con = engine.connect()
user = current_user(con, self.email.data)
con.close()
if user is None:
self.email.errors.append(
"Este correo electrónico no está registrado")
return False
return True
def validate(self):
from flask import session
initial_validation = super(ChangePasswordForm, self).validate()
if not initial_validation:
return False
con = engine.connect()
user_pass = current_user(con, session['email']).contrasena
con.close()
if not bcrypt.verify(str(self.old_password.data), user_pass):
self.old_password.errors.append("Contraseña invalida")
return False
return True
def validate(self):
initial_validation = super(LoginForm, self).validate()
if not initial_validation:
return False
con = engine.connect()
user = current_user(con, self.email.data)
con.close()
if user is None:
self.email.errors.append(
"Este correo electrónico no está registrado")
return False
if user.prohibido:
self.email.errors.append("Esta cuenta ha sido prohibida.")
return False
if not bcrypt.verify(str(self.password.data), user.contrasena):
self.password.errors.append("Contraseña invalida")
return False
return True
def reset_with_token(token):
try:
email = ts.loads(token, salt="recover-key", max_age=86400)
except:
abort(404)
form = PasswordForm()
if request.method == 'POST' and form.validate():
con = engine.connect()
user = current_user(con, email)
if user and user.confirmado:
password = bcrypt.using(rounds=13).hash(str(form.contrasena.data))
reset_pass = text("""UPDATE public.usuario SET contrasena=:password
WHERE usuario_id=:id""")
con.execute(reset_pass, id=user.usuario_id, password=password)
con.close()
flash('La contraseña fue cambiada con éxito', 'success')
return redirect(url_for('user.login'))
else:
con.close()
flash('Este correo electrónico no está registrado.', 'danger')
return redirect(url_for('user.register'))
return render_template('user/reset_with_token.html', form=form, token=token)