def reset_password(self, token: str, new_password: str) -> None:
"""Reset a users password by using a token.
.. note:: Don't forget to commit the database.
:param token: A token as generated by :py:meth:`User.get_reset_token`.
:param new_password: The new password to set.
:returns: Nothing.
:raises psef.auth.PermissionException: If something was wrong with the
given token.
"""
ts = URLSafeTimedSerializer(psef.app.config['SECRET_KEY'])
try:
username = ts.loads(
token,
max_age=psef.app.config['RESET_TOKEN_TIME'],
salt=self.reset_token
)
except BadSignature:
import traceback
traceback.print_exc()
raise psef.auth.PermissionException(
'The given token is not valid',
f'The given token {token} is not valid.',
psef.errors.APICodes.INVALID_CREDENTIALS, 403
)
# This should never happen but better safe than sorry.
if (username != self.username or
self.reset_token is None): # pragma: no cover
raise psef.auth.PermissionException(
'The given token is not valid for this user',
f'The given token {token} is not valid for user "{self.id}".',
psef.errors.APICodes.INVALID_CREDENTIALS, 403
)
self.password = new_password
self.reset_token = None
评论列表
文章目录
