60 lines
1.7 KiB
Python
60 lines
1.7 KiB
Python
import arrow
|
|
from flask import request, flash, render_template, redirect, url_for
|
|
from flask_login import login_user
|
|
from flask_wtf import FlaskForm
|
|
from wtforms import StringField, validators
|
|
|
|
from app.auth.base import auth_bp
|
|
from app.extensions import db
|
|
from app.models import ResetPasswordCode
|
|
|
|
|
|
class ResetPasswordForm(FlaskForm):
|
|
password = StringField(
|
|
"Password", validators=[validators.DataRequired(), validators.Length(min=8)]
|
|
)
|
|
|
|
|
|
@auth_bp.route("/reset_password", methods=["GET", "POST"])
|
|
def reset_password():
|
|
form = ResetPasswordForm(request.form)
|
|
|
|
reset_password_code_str = request.args.get("code")
|
|
|
|
reset_password_code: ResetPasswordCode = ResetPasswordCode.get_by(
|
|
code=reset_password_code_str
|
|
)
|
|
|
|
if not reset_password_code:
|
|
error = (
|
|
"The reset password link can be used only once. "
|
|
"Please make a new request to reset password"
|
|
)
|
|
return render_template("auth/reset_password.html", form=form, error=error)
|
|
|
|
if reset_password_code.expired < arrow.now():
|
|
error = (
|
|
"The link is already expired. Please make a new request to reset password"
|
|
)
|
|
return render_template("auth/reset_password.html", form=form, error=error)
|
|
|
|
if form.validate_on_submit():
|
|
user = reset_password_code.user
|
|
|
|
user.set_password(form.password.data)
|
|
|
|
flash("Your new password has been set", "success")
|
|
|
|
# this can be served to activate user too
|
|
user.activated = True
|
|
|
|
# remove the reset password code
|
|
reset_password_code.delete()
|
|
|
|
db.session.commit()
|
|
login_user(user)
|
|
|
|
return redirect(url_for("dashboard.index"))
|
|
|
|
return render_template("auth/reset_password.html", form=form)
|