From b94bad829c1fd4b4325a4af280d33d50f164e05f Mon Sep 17 00:00:00 2001
From: 0livd <github@destras.fr>
Date: Thu, 26 Oct 2017 19:46:34 +0200
Subject: Use token based auth to reset passwords (#269)

Send a mail containing a password reset
token link instead of sending a clear text
password.

Ref #232
---
 ihatemoney/templates/password_reminder.en | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ihatemoney/templates/password_reminder.en')

diff --git a/ihatemoney/templates/password_reminder.en b/ihatemoney/templates/password_reminder.en
index 31210aa..bc7e609 100644
--- a/ihatemoney/templates/password_reminder.en
+++ b/ihatemoney/templates/password_reminder.en
@@ -1,8 +1,8 @@
 Hi,
 
-You requested to be reminded about your password for "{{ project.name }}".
-
-You can access it here: {{ config['SITE_URL'] }}{{ url_for(".list_bills", project_id=project.id) }}, the private code is "{{ project.password }}".
+You requested to reset the password of the following project: "{{ project.name }}". 
+You can reset it here: {{ url_for(".reset_password", _external=True, token=project.generate_token(expiration=3600)) }}.
+This link is only valid for 1 hour.
 
 Hope this helps,
 Some weird guys (with beards)
-- 
cgit v1.1