From a6df156d0144823eb889515be2487255723f9a8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Ku=C5=BE=C3=ADlek?= Date: Fri, 1 May 2020 15:58:48 +0200 Subject: [PATCH] Password reset w/o email validation :D --- yadc/bp/auth.py | 14 ++++++++------ yadc/forms.py | 5 +++++ yadc/templates/auth/reset_password.html | 12 +++++++++++- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/yadc/bp/auth.py b/yadc/bp/auth.py index 3376eab..8937ad1 100644 --- a/yadc/bp/auth.py +++ b/yadc/bp/auth.py @@ -2,7 +2,7 @@ import flask_login as fl from flask import Blueprint, flash, redirect, render_template, request, url_for, current_app from yadc import db -from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm +from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm, ResetPasswordPassForm from yadc.models import User from yadc.utils import nextpage, flasherrors @@ -43,22 +43,24 @@ def reset_password(): if fl.current_user.is_authenticated: return redirect(url_for('main.index')) + form = ResetPasswordPassForm(request.form) + if request.method == 'POST' and form.validate(): + flash('Password successfully reset.') # for real + return redirect(url_for('.login')) + form = ResetPasswordForm(request.form) if request.method == 'POST' and form.validate(): user = User.query.filter_by(email=form.email.data).first() if user: - user.create_password('kuxaman') - db.session.commit() - #do something to reset the password + return render_template('auth/reset_password.html', form=ResetPasswordPassForm(request.form)) - flash('Password successfully reset. Check your email.') + flash('Password successfully reset.') # faked return redirect(url_for('.login')) flasherrors(form) return render_template('auth/reset_password.html', form=form) - @bp.route('/register', methods=['GET', 'POST']) def register(): if fl.current_user.is_authenticated: diff --git a/yadc/forms.py b/yadc/forms.py index eb69ed4..43cff86 100644 --- a/yadc/forms.py +++ b/yadc/forms.py @@ -32,6 +32,11 @@ class ResetPasswordForm(CSRFForm): email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Your email address")) submit = SubmitField('Reset password') +class ResetPasswordPassForm(ResetPasswordForm): + password = PasswordField('Password', validators=[DataRequired()], render_kw=dict(placeholder="Password")) + password_again = PasswordField('Repeat password', validators=[DataRequired(), EqualTo('password')], render_kw=dict(placeholder="Repeat password")) + really = BooleanField('I swear this really is my account and am not trying to steal anybody elses.', validators=[DataRequired()]) + class RegisterForm(CSRFForm): username = StringField('Username', validators=[DataRequired()], render_kw=dict(placeholder="Username")) email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Email")) diff --git a/yadc/templates/auth/reset_password.html b/yadc/templates/auth/reset_password.html index c916f65..c185714 100644 --- a/yadc/templates/auth/reset_password.html +++ b/yadc/templates/auth/reset_password.html @@ -4,10 +4,20 @@

Reset password

-

Please insert your email address and we will send you a request for password reset.

{{ form.csrf_token }} + {% if form.__class__.__name__ != "ResetPasswordPassForm" %} +

Please insert your email address.

{{ form.email() }} + {% else %} + {{ form.email(readonly='') }} +

Now please enter your new password.

+ {{ form.password() }} + {{ form.password_again() }} +
    +
  • {{ form.really() }}{{ form.really.label }}
  • +
+ {% endif %} {{ form.submit() }}