aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-08-20 17:03:52 -0500
committerFrederick Muriuki Muriithi2024-08-20 17:03:52 -0500
commit212ba692337f8e4ba052291a3bda240db9744ff2 (patch)
tree3300f0e3105c62af1940e3e651272d09f49c2f2a
parent41d5835414082fc6e21f2d668ffd07a34afcf6ec (diff)
downloadgn-auth-212ba692337f8e4ba052291a3bda240db9744ff2.tar.gz
Handle the "GET" part of the change-password request
- Delete any expired tokens - Display the UI if token is valid, else redirect with error notification.
-rw-r--r--gn_auth/auth/authorisation/users/views.py27
1 files changed, 26 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py
index 3323f4d..839111e 100644
--- a/gn_auth/auth/authorisation/users/views.py
+++ b/gn_auth/auth/authorisation/users/views.py
@@ -453,4 +453,29 @@ def forgot_password():
@users.route("/change-password/<forgot_password_token>", methods=["GET", "POST"])
def change_password(forgot_password_token):
"""Enable user to perform password change."""
- return "Would change password..."
+ login_page = redirect(url_for("oauth2.auth.authorise",
+ client_id=request.args["client_id"],
+ redirect_uri=request.args["redirect_uri"],
+ response_type=request.args["response_type"]))
+ with (db.connection(current_app.config["AUTH_DB"]) as conn,
+ db.cursor(conn) as cursor):
+ cursor.execute("DELETE FROM forgot_password_tokens WHERE expires<=?",
+ (int(datetime.now().timestamp()),))
+ cursor.execute(
+ "SELECT fpt.*, u.email FROM forgot_password_tokens AS fpt "
+ "INNER JOIN users AS u ON fpt.user_id=u.user_id WHERE token=?",
+ (forgot_password_token,))
+ if request.method == "GET":
+ token = cursor.fetchone()
+ if bool(token):
+ return render_template(
+ "users/change-password.html",
+ email=token["email"],
+ client_id=request.args["client_id"],
+ redirect_uri=request.args["redirect_uri"],
+ response_type=request.args["response_type"],
+ forgot_password_token=forgot_password_token)
+ flash("Invalid Token: We cannot change your password!",
+ "alert-danger")
+ return login_page
+ return "Do actual password change..."