From b94bad829c1fd4b4325a4af280d33d50f164e05f Mon Sep 17 00:00:00 2001 From: 0livd Date: Thu, 26 Oct 2017 19:46:34 +0200 Subject: Use token based auth to reset passwords (#269) Send a mail containing a password reset token link instead of sending a clear text password. Ref #232 --- ihatemoney/forms.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'ihatemoney/forms.py') diff --git a/ihatemoney/forms.py b/ihatemoney/forms.py index ead5586..c5e0b54 100644 --- a/ihatemoney/forms.py +++ b/ihatemoney/forms.py @@ -2,7 +2,7 @@ from flask_wtf.form import FlaskForm from wtforms.fields.core import SelectField, SelectMultipleField from wtforms.fields.html5 import DateField, DecimalField from wtforms.fields.simple import PasswordField, SubmitField, TextAreaField, StringField -from wtforms.validators import Email, Required, ValidationError +from wtforms.validators import Email, Required, ValidationError, EqualTo from flask_babel import lazy_gettext as _ from flask import request @@ -102,6 +102,14 @@ class PasswordReminder(FlaskForm): raise ValidationError(_("This project does not exists")) +class ResetPasswordForm(FlaskForm): + password_validators = [Required(), + EqualTo('password_confirmation', message=_("Password mismatch"))] + password = PasswordField(_("Password"), validators=password_validators) + password_confirmation = PasswordField(_("Password confirmation"), validators=[Required()]) + submit = SubmitField(_("Reset password")) + + class BillForm(FlaskForm): date = DateField(_("Date"), validators=[Required()], default=datetime.now) what = StringField(_("What?"), validators=[Required()]) -- cgit v1.1