def new_link(token):
try:
userID, email = ts.loads(token, salt="email-confirm-key") # ignore age
except:
abort(404)
user = User.query.filter_by(id=userID).first_or_404()
if user.email != email:
abort(404) # this shouldn't ever happen
if send_confirm_link(userID, email):
flash("New confirmation link sent, check your email!", "success")
return redirect(url_for("index"))
else:
# send them back to the expired confirm page
return redirect(url_for("confirm_email", token=token))
def confirm_email(token):
try:
userID, email = ts.loads(token, salt="email-confirm-key", max_age=DAY)
except itsdangerous.SignatureExpired:
return render_template("activate_expired.html", token=token)
except:
abort(404)
user = User.query.filter_by(id=userID).first_or_404()
if user.email != email:
abort(404) # this shouldn't ever happen
if user.email_confirmed == True:
return render_template("already_confirmed.html")
user.email_confirmed = True
db.session.commit()
flash("Email confirmed! Sign in!", "success")
return redirect(url_for("signin"))
def reset_with_token(token):
if current_user.is_authenticated:
return redirect(url_for("index"))
try:
username = ts.loads(token, salt="recover-key", max_age=DAY)
except itsdangerous.SignatureExpired:
return render_template("recover_expired.html")
except:
abort(404)
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(username=username).first_or_404()
user.password = form.password.data
db.session.commit()
flash("Password reset successfully! Sign in!", "success")
return redirect(url_for("signin"))
return render_template("reset_with_token.html", form=form)