View function that handles a forgotten password request.
()
| 971 | @pgCSRFProtect.exempt |
| 972 | @anonymous_user_required |
| 973 | def forgot_password(): |
| 974 | """View function that handles a forgotten password request.""" |
| 975 | has_error = False |
| 976 | form_class = _security.forms.get('forgot_password_form').cls |
| 977 | req_json = request.get_json(silent=True) |
| 978 | |
| 979 | if req_json: |
| 980 | form = form_class(MultiDict(req_json)) |
| 981 | else: |
| 982 | form = form_class() |
| 983 | |
| 984 | if form.validate_on_submit(): |
| 985 | # Check the Authentication source of the User |
| 986 | user = User.query.filter_by( |
| 987 | email=form.data['email'], |
| 988 | auth_source=INTERNAL |
| 989 | ).first() |
| 990 | |
| 991 | if user is None: |
| 992 | # If the user is not an internal user, raise the exception |
| 993 | flash(gettext('Your account is authenticated using an ' |
| 994 | 'external {} source. ' |
| 995 | 'Please contact the administrators of this ' |
| 996 | 'service if you need to reset your password.' |
| 997 | ).format(form.user.auth_source), |
| 998 | MessageType.ERROR) |
| 999 | has_error = True |
| 1000 | if not has_error: |
| 1001 | try: |
| 1002 | send_reset_password_instructions(form.user) |
| 1003 | except SOCKETErrorException as e: |
| 1004 | # Handle socket errors which are not |
| 1005 | # covered by SMTPExceptions. |
| 1006 | logging.exception(str(e), exc_info=True) |
| 1007 | flash(gettext(SMTP_SOCKET_ERROR).format(e), |
| 1008 | MessageType.ERROR) |
| 1009 | has_error = True |
| 1010 | except (SMTPConnectError, SMTPResponseException, |
| 1011 | SMTPServerDisconnected, SMTPDataError, SMTPHeloError, |
| 1012 | SMTPException, SMTPAuthenticationError, |
| 1013 | SMTPSenderRefused, SMTPRecipientsRefused) as e: |
| 1014 | |
| 1015 | # Handle smtp specific exceptions. |
| 1016 | logging.exception(str(e), exc_info=True) |
| 1017 | flash(gettext(SMTP_ERROR).format(e), |
| 1018 | MessageType.ERROR) |
| 1019 | has_error = True |
| 1020 | except Exception as e: |
| 1021 | # Handle other exceptions. |
| 1022 | logging.exception(str(e), exc_info=True) |
| 1023 | flash(gettext(PASS_ERROR).format(e), |
| 1024 | MessageType.ERROR) |
| 1025 | has_error = True |
| 1026 | |
| 1027 | if request.get_json(silent=True) is None and not has_error: |
| 1028 | do_flash(*get_message('PASSWORD_RESET_REQUEST', |
| 1029 | email=form.user.email)) |
| 1030 |
nothing calls this directly
no test coverage detected