about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2024-08-20 17:03:52 -0500
committerFrederick Muriuki Muriithi2024-08-20 17:03:52 -0500
commit212ba692337f8e4ba052291a3bda240db9744ff2 (patch)
tree3300f0e3105c62af1940e3e651272d09f49c2f2a
parent41d5835414082fc6e21f2d668ffd07a34afcf6ec (diff)
downloadgn-auth-212ba692337f8e4ba052291a3bda240db9744ff2.tar.gz
Handle the "GET" part of the change-password request
- Delete any expired tokens
- Display the UI if token is valid, else redirect with error notification.
Diffstat
-rw-r--r--gn_auth/auth/authorisation/users/views.py27
1 files changed, 26 insertions, 1 deletions
diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py
index 3323f4d..839111e 100644
--- a/gn_auth/auth/authorisation/users/views.py
+++ b/gn_auth/auth/authorisation/users/views.py
@@ -453,4 +453,29 @@ def forgot_password():
 @users.route("/change-password/<forgot_password_token>", methods=["GET", "POST"])
 def change_password(forgot_password_token):
     """Enable user to perform password change."""
-    return "Would change password..."
+    login_page = redirect(url_for("oauth2.auth.authorise",
+                                  client_id=request.args["client_id"],
+                                  redirect_uri=request.args["redirect_uri"],
+                                  response_type=request.args["response_type"]))
+    with (db.connection(current_app.config["AUTH_DB"]) as conn,
+          db.cursor(conn) as cursor):
+        cursor.execute("DELETE FROM forgot_password_tokens WHERE expires<=?",
+                       (int(datetime.now().timestamp()),))
+        cursor.execute(
+            "SELECT fpt.*, u.email FROM forgot_password_tokens AS fpt "
+            "INNER JOIN users AS u ON fpt.user_id=u.user_id WHERE token=?",
+            (forgot_password_token,))
+        if request.method == "GET":
+            token = cursor.fetchone()
+            if bool(token):
+                return render_template(
+                    "users/change-password.html",
+                    email=token["email"],
+                    client_id=request.args["client_id"],
+                    redirect_uri=request.args["redirect_uri"],
+                    response_type=request.args["response_type"],
+                    forgot_password_token=forgot_password_token)
+            flash("Invalid Token: We cannot change your password!",
+                  "alert-danger")
+            return login_page
+        return "Do actual password change..."
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-06 04:49:56 +0000