def password_reset(): form = PasswordResetForm(reset_token=request.args.get('reset_token')) if form.validate_on_submit(): u = User.deserialize_token(request.form.get('reset_token')) if u is None: flash(_('Your reset token has expired or was tampered with.'), 'error') return redirect(url_for('user.begin_password_reset')) form.populate_obj(u) u.password = User.encrypt_password(request.form.get('password', None)) u.save() if login_user(u): flash(_('Your password has been reset.'), 'success') return redirect(url_for('user.settings')) return render_template('user/password_reset.jinja2', form=form)
def password_reset(): form = PasswordResetForm(reset_token=request.args.get('reset_token')) if form.validate_on_submit(): u = User.deserialize_token(request.form.get('reset_token')) if u is None: flash(_('Your reset token has expired or was tampered with.'), 'error') return redirect(url_for('user.begin_password_reset')) form.populate_obj(u) u.password = User.encrypt_password(request.form.get('password', None)) u.save() if login_user(u): flash(_('Your password has been reset.'), 'success') return redirect(url_for('user.settings')) return render_template('user/password_reset.jinja2', form=form)
def test_deserialize_token(self, token): """ Token de-serializer de-serializes a JWS correctly. """ user = User.deserialize_token(token) assert user.email == '*****@*****.**'
def test_deserialize_token_tampered(self, token): """ Token deserializer returns None when it's been tampered with. """ user = User.deserialize_token('{0}1337'.format(token)) assert user is None