def request_password_reset(username):
"""
Emails a user a link to reset their password.
Checks that a username was submitted to the function and grabs the relevant team info from the db.
Generates a secure token and inserts it into the team's document as 'password_reset_token'.
A link is emailed to the registered email address with the random token in the url. The user can go to this
link to submit a new password, if the token submitted with the new password matches the db token the password
is hashed and updated in the db.
Args:
username: the username of the account
"""
validate(password_reset_request_schema, {"username":username})
user = safe_fail(api.user.get_user, name=username)
if user is None:
raise WebException("No registration found for '{}'.".format(username))
token_value = api.token.set_token({"uid": user['uid']}, "password_reset")
body = """We recently received a request to reset the password for the following {0} account:\n\n\t{2}\n\nOur records show that this is the email address used to register the above account. If you did not request to reset the password for the above account then you need not take any further steps. If you did request the password reset please follow the link below to set your new password. \n\n {1}/reset#{3} \n\n Best of luck! \n The {0} Team""".format(api.config.competition_name, api.config.competition_urls[0], username, token_value)
subject = "{} Password Reset".format(api.config.competition_name)
message = Message(body=body, recipients=[user['email']], subject=subject)
mail.send(message)
评论列表
文章目录
