def _login(username, password): user = User.get_from_credentials(username, password) if not user: record_user_event(username, 'login failed', commit=True) abort(400, error='invalid_grant') record_user_event(username, 'login succeeded', user=user) return user
def reset_password(self): user = User.get_from_credentials(request.form['username'], None) if not user: abort(400) record_user_event(user.username, 'password reset requested', user=user, commit=True) send_password_reset(user.id)