When the user request a reset password link, the user.state is set to request_password_reset.

Which means the user will only be able to reset their password, and not sign-in. Once the user resets the password the user state is set to active once more. If the link is used a second time they will be redirected to the index page with a message that the link in the email is not longer valid.
2026-02-04 18:32:33 -05:00 · 2016-01-11 12:06:52 +00:00
parent 0c1592905f
commit bb1db0c345
8 changed files with 53 additions and 17 deletions
--- a/config.py
+++ b/config.py
@@ -29,7 +29,7 @@ class Config(object):
    SECRET_KEY = 'secret-key'
    HTTP_PROTOCOL = 'http'
    DANGEROUS_SALT = 'itsdangeroussalt'
-    TOKEN_MAX_AGE_SECONDS = 120
+    TOKEN_MAX_AGE_SECONDS = 120000


 class Development(Config):