def reset_password():
"""
Reset password method.
Returns a Jinja2 template.
"""
key = request.args.get('key')
if key is None:
abort(403)
userdict = {}
try:
timeout = current_app.config.get('ACCOUNT_LINK_EXPIRATION', 3600)
userdict = signer.loads(key, max_age=timeout, salt='password-reset')
except BadData:
abort(403)
username = userdict.get('user')
if not username or not userdict.get('password'):
abort(403)
user = user_repo.get_by_name(username)
if user.passwd_hash != userdict.get('password'):
abort(403)
form = ChangePasswordForm(request.body)
if form.validate_on_submit():
user.set_password(form.new_password.data)
user_repo.update(user)
flash(gettext('You reset your password successfully!'), 'success')
return _sign_in_user(user)
if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
response = dict(template='/account/password_reset.html', form=form)
return handle_content_type(response)
评论列表
文章目录
