reset password section completd

YogeshUpdhyay · May 12, 2021 · 513367d · 513367d
1 parent f57af72
commit 513367d
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 7 deletions.
diff --git a/app/__init__.py b/app/__init__.py
@@ -1,6 +1,7 @@
 import os
 from flask import Flask
 from flask_cors import CORS
+from flask_mail import Mail
 from flask_migrate import Migrate
 from flask_sqlalchemy import SQLAlchemy
 from flask_login import LoginManager
@@ -12,6 +13,7 @@
 
 db = SQLAlchemy()
 login_manager = LoginManager()
+mail = Mail()
 
 def dbInit(app):
     # initializing database
@@ -29,6 +31,9 @@ def loginManager(app):
     # intializing login manager
     login_manager.init_app(app)
 
+def mailInit(app):
+    mail.init_app(app)
+
 def oauth2(app):
     # oauth2 for google and github
     from .utils.oauth2 import handle_authorize
@@ -55,6 +60,9 @@ def create_app(config_name):
     # initializing login manager
     loginManager(app)
 
+    # initializing mail extension
+    mailInit(app)
+
     # configure OAuth2 
     oauth2(app)
 

diff --git a/app/auth/models.py b/app/auth/models.py
@@ -1,7 +1,10 @@
 from flask_login import UserMixin
-from .. import db, login_manager
-from sqlalchemy import Column, Integer, String, LargeBinary, ARRAY, ForeignKey
+from sqlalchemy import Column, Integer, String
 from passlib.hash import pbkdf2_sha256
+from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
+
+from config import TestConfig as config
+from .. import db, login_manager
 
 class User(db.Model, UserMixin):
 
@@ -18,6 +21,20 @@ def check_password(self, password):
     def set_password(self, password):
         self.password = pbkdf2_sha256.hash(password)
 
+    def generate_reset_token(self):
+        s = Serializer(config.SECRET_KEY, config.RESET_EXPIRATION_TIME)
+        return s.dumps({'user_id': self.id}).decode('utf-8')
+
+    @classmethod
+    def verify_reset_token(cls, token):
+        s = Serializer(config.SECRET_KEY)
+        try:
+            user_id = s.loads(token)['user_id']
+        except:
+            return None
+
+        return cls.query.get(user_id)
+
 @login_manager.user_loader
 def user_loader(id):
     return User.query.filter_by(id=id).first()

diff --git a/app/auth/routes.py b/app/auth/routes.py
@@ -4,6 +4,7 @@
 from .models import User
 from .. import login_manager, db
 from .forms import LoginForm, CreateAccountForm, ForgotPasswordForm, ResetPassswordForm
+from ..utils.mail import send_reset_email
 
 bp = Blueprint("user", __name__)
 
@@ -95,15 +96,26 @@ def forgot_password():
             return render_template("forgotpassword.html", form=form, msg="Email not found")
 
         # Send reset email to the user
+        send_reset_email(user)
 
         return render_template("forgotpassword.html", msg="Reset link has been sent to your email id", form=form)
 
 
-@bp.route("/resetpassword/<id>", methods=["GET", "POST"])
-def reset_password(id):
+@bp.route("/resetpassword/<token>", methods=["GET", "POST"])
+def reset_password(token):
     if request.method == "GET":
         form = ResetPassswordForm()
-        return render_template("resetpassword.html", form=form)
+        return render_template("resetpassword.html", form=form, token=token)
+    else:
+        user = User.verify_reset_token(token)
+        if not user:
+            return redirect(url_for('user.login'))
+
+        user.set_password(request.form['password'])
+        db.session.commit()
+
+        return redirect(url_for('user.login'))
+
 
 ## Errors
 

diff --git a/app/utils/mail.py b/app/utils/mail.py
@@ -0,0 +1,12 @@
+from .. import mail
+from flask_mail import Message
+from flask import url_for
+
+def send_reset_email(user):
+    token = user.generate_reset_token()
+    msg = Message('Password Reset Request',
+                    sender="[email protected]",
+                    recipients=[user.email])
+    msg.body = f'''To reset your password, visit the following link:
+    {url_for('user.reset_password', token=token, _external=True)}'''
+    mail.send(msg)
diff --git a/config.py b/config.py
@@ -22,8 +22,16 @@ class TestConfig(Config):
     SWAGGER_UI_DOC_EXPANSION = 'list'
     RESTPLUS_VALIDATE =True
     RESTPLUS_MASK_SWAGGER = False
-    SQLALCHEMY_DATABASE_URI = "postgresql://root:example@localhost/StockAnalyzerDB"
 
+    SQLALCHEMY_DATABASE_URI = "postgresql://root:example@localhost/StockAnalyzerDB"
+    RESET_EXPIRATION_TIME = 1800
+    MAIL_SERVER = "smtp.gmail.com"
+    MAIL_PORT = 587
+    MAIL_USE_TLS = True
+    MAIL_USE_SSL = False
+    MAIL_USERNAME = os.environ.get('EMAIL_USER') or ""
+    MAIL_PASSWORD = os.environ.get('EMAIL_PASSWORD') or ""
+
 class Production(Config):
     pass
 

diff --git a/templates/resetpassword.html b/templates/resetpassword.html
@@ -19,7 +19,7 @@
                 </div>
               {% endif %}
 
-              <form role="form" method="POST" action="{{ url_for('user.reset_password') }}">
+              <form role="form" method="POST" action="{{ url_for('user.reset_password', token=token) }}">
 
                 {{ form.hidden_tag() }}