mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 10:53:28 -05:00
bb1db0c345
Which means the user will only be able to reset their password, and not sign-in. Once the user resets the password the user state is set to active once more. If the link is used a second time they will be redirected to the index page with a message that the link in the email is not longer valid.
20 lines
805 B
Python
20 lines
805 B
Python
from flask import render_template, flash, current_app
|
|
from app.main import main
|
|
from app.main.dao import users_dao
|
|
from app.main.forms import ForgotPasswordForm
|
|
from app.main.views import send_change_password_email
|
|
|
|
|
|
@main.route('/forgot-password', methods=['GET', 'POST'])
|
|
def forgot_password():
|
|
form = ForgotPasswordForm()
|
|
if form.validate_on_submit():
|
|
if users_dao.get_user_by_email(form.email_address.data):
|
|
users_dao.request_password_reset(form.email_address.data)
|
|
send_change_password_email(form.email_address.data)
|
|
return render_template('views/password-reset-sent.html')
|
|
else:
|
|
current_app.logger.info('The email address used does not exist.')
|
|
else:
|
|
return render_template('views/forgot-password.html', form=form)
|