Source code for user.forms.reset_password
from onegov.form import Form
from onegov.user import _
from onegov.user import UserCollection
from wtforms.fields import HiddenField
from wtforms.fields import PasswordField
from wtforms.fields import StringField
from wtforms.validators import Email
from wtforms.validators import InputRequired
from wtforms.validators import Length
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from onegov.core.request import CoreRequest
[docs]
class RequestPasswordResetForm(Form):
""" A generic password reset request form for onegov.user. """
[docs]
email = StringField(
label=_('E-Mail Address'),
validators=[InputRequired(), Email()],
render_kw={'autofocus': True}
)
[docs]
class PasswordResetForm(Form):
""" A generic password reset form for onegov.user. """
[docs]
email = StringField(
label=_('E-Mail Address'),
validators=[InputRequired(), Email()],
render_kw={'autofocus': True}
)
[docs]
password = PasswordField(
label=_('New Password'),
validators=[InputRequired(), Length(min=8)],
render_kw={'autocomplete': 'new-password'}
)
[docs]
def update_password(self, request: 'CoreRequest') -> bool:
""" Updates the password using the form data (if permitted to do so).
Returns True if successful, False if not successful.
"""
data = request.load_url_safe_token(
self.token.data or '',
max_age=86400
)
if not data or not data.get('username') or 'modified' not in data:
return False
# this should be true if the form has been validated
assert self.email.data is not None
assert self.password.data is not None
if data['username'].lower() != self.email.data.lower():
return False
users = UserCollection(request.session)
user = users.by_username(self.email.data)
if not user:
return False
modified = user.modified.isoformat() if user.modified else ''
if modified != data['modified']:
return False
user.password = self.password.data
return True