From 94514721bb268b0abfb3c9797832e1798401f56a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?James=20Sigur=C3=B0arson?= <jamiees2@gmail.com>
Date: Thu, 14 Jul 2016 17:29:48 +0000
Subject: [PATCH] fixed password reset

---
 app.py                         | 19 ++++++++-----------
 templates/forgot_password.html |  7 ++++---
 templates/reset_password.html  |  1 +
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/app.py b/app.py
index 53e59c1..c50f779 100644
--- a/app.py
+++ b/app.py
@@ -238,23 +238,20 @@ def forgot_password():
     if request.method == "GET":
         return render_template("forgot_password.html")
     elif request.method == "POST":
-        user_email = request.form["email"].strip()
-
-        if not (user_email and "." in user_email and "@" in user_email):
-            flash("You must have a valid email!")
-            return redirect(url_for('forgot_password'))
-
-        if not email.is_valid_email(user_email):
-            flash("You're lying")
+        username = request.form["username"].strip()
+        if len(username) > 50 or not username:
+            flash("You must have a username!")
             return redirect(url_for('forgot_password'))
 
         try:
-            user = User.get(User.email == user_email)
+            user = User.get(User.username == username)
             user.password_reset_token = misc.generate_confirmation_key()
             user.password_reset_expired = datetime.today() + datetime.timedelta(days=1)
             email.send_password_reset_email(user.email, user.password_reset_token)
+            flash("Forgot password email sent! Check your email.")
+            return render_template("forgot_password.html")
         except User.DoesNotExist:
-            flash("Email is not registered", "error")
+            flash("Username is not registered", "error")
             return render_template("forgot_password.html")
 
 @app.route('/reset_password/<password_reset_token>', methods=["GET", "POST"])
@@ -280,7 +277,7 @@ def reset_password(password_reset_token):
                 return redirect(url_for("forgot_password"))
 
             user.setPassword(password)
-            user.password_reset_token = null
+            user.password_reset_token = None
             flash("Password successfully reset")
             return redirect(url_for("login"))
         except User.DoesNotExist:
diff --git a/templates/forgot_password.html b/templates/forgot_password.html
index 29bf849..d3945f1 100644
--- a/templates/forgot_password.html
+++ b/templates/forgot_password.html
@@ -7,12 +7,13 @@
     <div class="form-title blue-text">Forgot Password</div>
     <form method="POST">
         <div class="input-field">
-            <input required id="email" name="email" type="email" />
-            <label for="email">Email</label>
+            <input required id="username" name="username" type="text" />
+            <label for="username">Username</label>
         </div>
         <div class="row no-bot">
-            <button class="btn waves-effect waves-light right" type="submit">Login</button>
+            <button class="btn waves-effect waves-light right" type="submit">Reset Password</button>
         </div>
+        <input name="_csrf_token" type="hidden" value="{{ csrf_token() }}" />
     </form>
 </div>
 {% endblock %}
diff --git a/templates/reset_password.html b/templates/reset_password.html
index 9b417fc..51bee2a 100644
--- a/templates/reset_password.html
+++ b/templates/reset_password.html
@@ -17,6 +17,7 @@
         <div class="row no-bot">
             <button class="btn waves-effect waves-light right" type="submit">Login</button>
         </div>
+        <input name="_csrf_token" type="hidden" value="{{ csrf_token() }}" />
     </form>
 </div>
 {% endblock %}