Use token based auth to reset passwords (#269)

Send a mail containing a password reset
token link instead of sending a clear text
password.

Ref #232

1 files changed, 9 insertions, 1 deletions

diff --git a/ihatemoney/forms.py b/ihatemoney/forms.py
index ead5586..c5e0b54 100644
--- a/ihatemoney/forms.py
+++ b/ihatemoney/forms.py
@@ -2,7 +2,7 @@ from flask_wtf.form import FlaskForm
 from wtforms.fields.core import SelectField, SelectMultipleField
 from wtforms.fields.html5 import DateField, DecimalField
 from wtforms.fields.simple import PasswordField, SubmitField, TextAreaField, StringField
-from wtforms.validators import Email, Required, ValidationError
+from wtforms.validators import Email, Required, ValidationError, EqualTo
 from flask_babel import lazy_gettext as _
 from flask import request
 
@@ -102,6 +102,14 @@ class PasswordReminder(FlaskForm):
             raise ValidationError(_("This project does not exists"))
 
 
+class ResetPasswordForm(FlaskForm):
+    password_validators = [Required(),
+                           EqualTo('password_confirmation', message=_("Password mismatch"))]
+    password = PasswordField(_("Password"), validators=password_validators)
+    password_confirmation = PasswordField(_("Password confirmation"), validators=[Required()])
+    submit = SubmitField(_("Reset password"))
+
+
 class BillForm(FlaskForm):
     date = DateField(_("Date"), validators=[Required()], default=datetime.now)
     what = StringField(_("What?"), validators=[Required()])