So I have this function to reset the user password through email, everything works fine (Almost) The email is send with the token and I am able to open the link which redirects me to the page to type in my new password, but when I do and submit. It redirects me to a 404 page I created to go to when the user tries to go to an incorect page
Here is my relevant code
def send_reset_email(user):
token = user.get_reset_token().decode('utf-8') # Decode bytes to string
print("Reset Token:", token)
msg = Message('Password Reset Request', sender='[email protected]', recipients=[user.email])
msg.body = f'''
To reset your password, visit the following link:
{url_for('reset_token', token=token, _external=True)}
If you did not make this request, please ignore this email and consider changing your email and password.
'''
mail.send(msg)
@app.route("/reset_password", methods=['GET', 'POST'])
def reset_request():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = RequestResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
send_reset_email(user)
flash('Reset password email has been send', 'info')
return redirect(url_for('signin'))
return render_template('reset_request.html', title='Reset Password', form=form)
@app.route("/reset_password/<token>", methods=['GET', 'POST'])
def reset_token(token):
print( url_for('signin') )
print("Reset Token Route Triggered")
if current_user.is_authenticated:
print('redirecting you to index')
return redirect(url_for('index'))
user = User.verify_reset_token(token)
if user is None:
print('The user value was none')
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_password
print(f"new password is {user.password}")
db.session.commit()
print("Password has been committed")
flash(f'Your password has been updated', 'success')
print("Redirecting you now to sign in")
return redirect(url_for('signin'))
return render_template('reset_token.html', title='Reset Password', form=form)
User Model
class User(db.Model, UserMixin):
# Manual Table name choice
__tablename__ = 'users'
id = db.Column(db.Integer, primary_key=True)
firstname = db.Column(db.String(100), nullable=False)
lastname = db.Column(db.String(100), nullable=False)
email = db.Column(db.String(100), unique=True, nullable=False, index=True)
password = db.Column(db.String(130), nullable=False)
def get_reset_token(self, expires_sec=1800):
s = Serializer(app.config['SECRET_KEY'])
return s.dumps({'user_id': self.id}).encode('utf-8')
@staticmethod
def verify_reset_token(token):
s = Serializer(app.config['SECRET_KEY'])
try:
user_id = s.loads(token)['user_id']
except:
return None
return User.query.get(user_id)
def __init__(self,firstname,lastname,email,password):
self.firstname = firstname
self.lastname = lastname
self.email = email
self.password = password
and finally my fors to reset password and request reset form
class RequestResetForm(FlaskForm):
email = StringField('Email', validators=[InputRequired(), Email()])
submit = SubmitField('Request Password Reset')
def validate_email(self, email):
user = User.query.filter_by(email=email.data).first()
if user is None:
raise ValidationError("There is no account with this email.")
class ResetPasswordForm(FlaskForm):
password = PasswordField('Password', validators=[InputRequired(), Length(min=4, max=200)])
confirm_password = PasswordField('Confirm Password', validators=[InputRequired(), Length(min=2, max=200), EqualTo('password')])
submit = SubmitField('Reset Password')
Would highly appreciate anyone's help here
Thank you!
I believe my issue is here in my reset_token function as it is supposed to commits the updated password tot he db and then redirects the user to the sign in page but it is not doing so