def GET(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError return render.auth.reset_change(passwordChangeForm) except AuthError: flash.set(_(reset_text)) raise web.seeother("/")
def POST(self, uid, token): # artificial delay (to slow down brute force attacks) sleep(0.5) form = passwordChangeForm(web.input()) if form.valid: try: user = auth.get_user(user_id=uid, with_password=True) if not user or not check_token(user, token, auth.config.reset_expire_after): raise AuthError auth.set_password(user.email, form.d.password) auth.login(user) flash.set(_(changed_text)) except AuthError: flash.set(_(reset_text)) raise web.seeother("/") else: return render.auth.reset_change(form)