diff options
Diffstat (limited to 'app.py')
-rw-r--r-- | app.py | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -142,10 +142,10 @@ def lost_password(): if request.method == 'POST' and form.validate(): #TODO: make the link only usable once (e.g include a hash of the old pw) # atm the only thing we do is make the link valid for only little time - confirm_token = make_confirmation('lost_password', (form.username.data,)) + confirm_token = make_confirmation('lost_password', (form.user.uid,)) confirm_link = url_for('lost_password_complete', token=confirm_token, _external=True) - body = render_template('mail/lost_password.txt', username=form.username.data, + body = render_template('mail/lost_password.txt', username=form.user.uid, link=confirm_link) send_mail(form.user.mail, u'Passwort vergessen', body, |