def new_link(token): try: userID, email = ts.loads(token, salt="email-confirm-key") # ignore age except: abort(404) user = User.query.filter_by(id=userID).first_or_404() if user.email != email: abort(404) # this shouldn't ever happen if send_confirm_link(userID, email): flash("New confirmation link sent, check your email!", "success") return redirect(url_for("index")) else: # send them back to the expired confirm page return redirect(url_for("confirm_email", token=token))
def confirm_email(token): try: userID, email = ts.loads(token, salt="email-confirm-key", max_age=DAY) except itsdangerous.SignatureExpired: return render_template("activate_expired.html", token=token) except: abort(404) user = User.query.filter_by(id=userID).first_or_404() if user.email != email: abort(404) # this shouldn't ever happen if user.email_confirmed == True: return render_template("already_confirmed.html") user.email_confirmed = True db.session.commit() flash("Email confirmed! Sign in!", "success") return redirect(url_for("signin"))
def reset_with_token(token): if current_user.is_authenticated: return redirect(url_for("index")) try: username = ts.loads(token, salt="recover-key", max_age=DAY) except itsdangerous.SignatureExpired: return render_template("recover_expired.html") except: abort(404) form = ResetPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(username=username).first_or_404() user.password = form.password.data db.session.commit() flash("Password reset successfully! Sign in!", "success") return redirect(url_for("signin")) return render_template("reset_with_token.html", form=form)