diff options
Diffstat (limited to 'gn_auth')
-rw-r--r-- | gn_auth/auth/authorisation/users/views.py | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py index 4cd498c..2a6ff29 100644 --- a/gn_auth/auth/authorisation/users/views.py +++ b/gn_auth/auth/authorisation/users/views.py @@ -435,8 +435,7 @@ def forgot_password(): flash("You MUST provide an email.", "alert-danger") return redirect(url_for("oauth2.users.forgot_password")) - with (db.connection(current_app.config["AUTH_DB"]) as conn, - db.cursor(conn) as cursor): + with db.connection(current_app.config["AUTH_DB"]) as conn: user = user_by_email(conn, form["email"]) if not bool(user): flash("We could not find an account with that email.", @@ -467,8 +466,8 @@ def change_password(forgot_password_token): "SELECT fpt.*, u.email FROM forgot_password_tokens AS fpt " "INNER JOIN users AS u ON fpt.user_id=u.user_id WHERE token=?", (forgot_password_token,)) + token = cursor.fetchone() if request.method == "GET": - token = cursor.fetchone() if bool(token): return render_template( "users/change-password.html", @@ -480,4 +479,28 @@ def change_password(forgot_password_token): flash("Invalid Token: We cannot change your password!", "alert-danger") return login_page - return "Do actual password change..." + + password = request.form["password"] + confirm_password = request.form["confirm-password"] + change_password_page = redirect(url_for( + "oauth2.users.change_password", + client_id=request.args["client_id"], + redirect_uri=request.args["redirect_uri"], + response_type=request.args["response_type"], + forgot_password_token=forgot_password_token)) + if bool(password) and bool(confirm_password): + if password == confirm_password: + _user, _hashed_password = set_user_password( + cursor, user_by_email(conn, token["email"]), password) + cursor.execute( + "DELETE FROM forgot_password_tokens WHERE token=?", + (forgot_password_token,)) + flash("Password changed successfully!", "alert-success") + return login_page + + flash("Passwords do not match!", "alert-danger") + return change_password_page + + flash("Both the password and its confirmation MUST be provided!", + "alert-danger") + return change_password_page |