def reset_password(id, id_type, current_password, new_password): user = get_user_from_id(id, id_type, include_items=False) if user.check_password(current_password): user.set_password(new_password) else: raise PasswordResetError("invalid-password") return user
def get_user_for_response(id, request, include_products=True): id_type = request.args.get("id_type", "userid") retrieved_user = get_user_from_id(id, id_type, include_products) if retrieved_user is None: logger.debug(u"in get_user_for_response, user {id} doesn't exist".format( id=id)) abort(404, "That user doesn't exist.") return retrieved_user
def reset_password_from_token(reset_token, new_password): s = TimestampSigner(os.getenv("SECRET_KEY"), salt="reset-password") try: email = s.unsign(reset_token, max_age=60 * 60 * 24).lower() # 24 hours except SignatureExpired: raise PasswordResetError("expired-token") except (BadTimeSignature, BadSignature): raise PasswordResetError("invalid-token") user = get_user_from_id(email, "email", include_items=False) user.set_password(new_password) return user
def get_user_for_response(id, request): id_type = unicode(request.args.get("id_type", "url_slug")) try: logged_in = unicode(getattr(current_user, id_type)) == id except AttributeError: logged_in = False retrieved_user = get_user_from_id(id, id_type, logged_in) if retrieved_user is None: logger.debug( u"in get_user_for_response, user {id} doesn't exist".format(id=id)) abort(404, "That user doesn't exist.") g.profile_slug = retrieved_user.url_slug return retrieved_user
def get_user_for_response(id, request): id_type = unicode(request.args.get("id_type", "url_slug")) try: logged_in = unicode(getattr(current_user, id_type)) == id except AttributeError: logged_in = False retrieved_user = get_user_from_id(id, id_type, logged_in) if retrieved_user is None: logger.debug(u"in get_user_for_response, user {id} doesn't exist".format( id=id)) abort(404, "That user doesn't exist.") g.profile_slug = retrieved_user.url_slug return retrieved_user