fixed password reset

app.py

@@ -238,23 +238,20 @@ def forgot_password():
     if request.method == "GET":
         return render_template("forgot_password.html")
     elif request.method == "POST":
-        user_email = request.form["email"].strip()
-
-        if not (user_email and "." in user_email and "@" in user_email):
-            flash("You must have a valid email!")
-            return redirect(url_for('forgot_password'))
-
-        if not email.is_valid_email(user_email):
-            flash("You're lying")
+        username = request.form["username"].strip()
+        if len(username) > 50 or not username:
+            flash("You must have a username!")
             return redirect(url_for('forgot_password'))
 
         try:
-            user = User.get(User.email == user_email)
+            user = User.get(User.username == username)
             user.password_reset_token = misc.generate_confirmation_key()
             user.password_reset_expired = datetime.today() + datetime.timedelta(days=1)
             email.send_password_reset_email(user.email, user.password_reset_token)
+            flash("Forgot password email sent! Check your email.")
+            return render_template("forgot_password.html")
         except User.DoesNotExist:
-            flash("Email is not registered", "error")
+            flash("Username is not registered", "error")
             return render_template("forgot_password.html")
 
 @app.route('/reset_password/<password_reset_token>', methods=["GET", "POST"])
@@ -280,7 +277,7 @@ def reset_password(password_reset_token):
                 return redirect(url_for("forgot_password"))
 
             user.setPassword(password)
-            user.password_reset_token = null
+            user.password_reset_token = None
             flash("Password successfully reset")
             return redirect(url_for("login"))
         except User.DoesNotExist:

templates/forgot_password.html

@@ -7,12 +7,13 @@
     <div class="form-title blue-text">Forgot Password</div>
     <form method="POST">
         <div class="input-field">
-            <input required id="email" name="email" type="email" />
-            <label for="email">Email</label>
+            <input required id="username" name="username" type="text" />
+            <label for="username">Username</label>
         </div>
         <div class="row no-bot">
-            <button class="btn waves-effect waves-light right" type="submit">Login</button>
+            <button class="btn waves-effect waves-light right" type="submit">Reset Password</button>
         </div>
+        <input name="_csrf_token" type="hidden" value="{{ csrf_token() }}" />
     </form>
 </div>
 {% endblock %}

templates/reset_password.html

@@ -17,6 +17,7 @@
         <div class="row no-bot">
             <button class="btn waves-effect waves-light right" type="submit">Login</button>
         </div>
+        <input name="_csrf_token" type="hidden" value="{{ csrf_token() }}" />
     </form>
 </div>
 {% endblock %}