def _request_token(self): form = ResetPasswordEmailForm() if form.validate_on_submit(): user = form.user # The only case where someone would have more than one identity is after a merge. # And the worst case that can happen here is that we send the user a different # username than the one he expects. But he still gets back into his profile. # Showing a list of usernames would be a little bit more user-friendly but less # secure as we'd expose valid usernames for a specific user to an untrusted person. identity = next(iter(user.local_identities)) _send_confirmation(form.email.data, 'reset-password', '.resetpass', 'auth/emails/reset_password.txt', { 'user': user, 'username': identity.identifier }, data=identity.id) session['resetpass_email_sent'] = True return redirect(url_for('.resetpass')) return WPAuth.render_template('reset_password.html', form=form, identity=None, widget_attrs={}, email_sent=session.pop( 'resetpass_email_sent', False))
def _request_token(self): form = ResetPasswordEmailForm() if form.validate_on_submit(): user = form.user # The only case where someone would have more than one identity is after a merge. # And the worst case that can happen here is that we send the user a different # username than the one he expects. But he still gets back into his profile. # Showing a list of usernames would be a little bit more user-friendly but less # secure as we'd expose valid usernames for a specific user to an untrusted person. identity = next(iter(user.local_identities)) _send_confirmation(form.email.data, 'reset-password', '.resetpass', 'auth/emails/reset_password.txt', {'user': user, 'username': identity.identifier}, data=identity.id) session['resetpass_email_sent'] = True return redirect(url_for('.resetpass')) return WPAuth.render_template('reset_password.html', form=form, identity=None, widget_attrs={}, email_sent=session.pop('resetpass_email_sent', False))