Password reset w/o email validation :D

5 years ago · a6df156d01
parent 2f8f7920f8
commit a6df156d01
3 changed files with 24 additions and 7 deletions
--- a/yadc/bp/auth.py
+++ b/yadc/bp/auth.py
@ -2,7 +2,7 @@ import flask_login as fl
 from flask import Blueprint, flash, redirect, render_template, request, url_for, current_app

 from yadc import db
-from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm
+from yadc.forms import LoginForm, RegisterForm, ResetPasswordForm, ResetPasswordPassForm
 from yadc.models import User
 from yadc.utils import nextpage, flasherrors

@ -43,22 +43,24 @@ def reset_password():
    if fl.current_user.is_authenticated:
        return redirect(url_for('main.index'))

+    form = ResetPasswordPassForm(request.form)
+    if request.method == 'POST' and form.validate():
+        flash('Password successfully reset.') # for real
+        return redirect(url_for('.login'))
+
    form = ResetPasswordForm(request.form)
    if request.method == 'POST' and form.validate():
        user = User.query.filter_by(email=form.email.data).first()

        if user:
-            user.create_password('kuxaman')
-            db.session.commit()
-            #do something to reset the password
+            return render_template('auth/reset_password.html', form=ResetPasswordPassForm(request.form))

-        flash('Password successfully reset. Check your email.')
+        flash('Password successfully reset.') # faked
        return redirect(url_for('.login'))

    flasherrors(form)
    return render_template('auth/reset_password.html', form=form)

-
@bp.route('/register', methods=['GET', 'POST'])
 def register():
    if fl.current_user.is_authenticated:
--- a/yadc/forms.py
+++ b/yadc/forms.py
@ -32,6 +32,11 @@ class ResetPasswordForm(CSRFForm):
    email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Your email address"))
    submit = SubmitField('Reset password')

+class ResetPasswordPassForm(ResetPasswordForm):
+    password = PasswordField('Password', validators=[DataRequired()], render_kw=dict(placeholder="Password"))
+    password_again = PasswordField('Repeat password', validators=[DataRequired(), EqualTo('password')], render_kw=dict(placeholder="Repeat password"))
+    really = BooleanField('I swear this really is my account and am not trying to steal anybody elses.', validators=[DataRequired()])
+
 class RegisterForm(CSRFForm):
    username = StringField('Username', validators=[DataRequired()], render_kw=dict(placeholder="Username"))
    email = StringField('Email', validators=[DataRequired(), Email()], render_kw=dict(placeholder="Email"))
--- a/yadc/templates/auth/reset_password.html
+++ b/yadc/templates/auth/reset_password.html
@ -4,10 +4,20 @@
 <div class="pageform">
    <h2>Reset password</h2>
    <form action="" method="post">
-        <p>Please insert your email address and we will send you a request for password reset.</p>
        {{ form.csrf_token }}

+        {% if form.__class__.__name__ != "ResetPasswordPassForm" %}
+        <p>Please insert your email address.</p>
        {{ form.email() }}
+        {% else %}
+        {{ form.email(readonly='') }}
+        <p>Now please enter your new password.</p>
+        {{ form.password() }}
+        {{ form.password_again() }}
+        <ul>
+            <li>{{ form.really() }}{{ form.really.label }}</li>
+        </ul>
+        {% endif %}

        {{ form.submit() }}
    </form>