1 files changed, 51 insertions, 1 deletions

diff --git a/app.py b/app.py
index 8eb8ece..518be05 100644
--- a/app.py
+++ b/app.py
@@ -104,6 +104,55 @@ def register_complete(token):
     }
 
 
+@app.route('/lost_password', methods=['GET', 'POST'])
+@templated('lost_password.html')
+@logout_required
+def lost_password():
+    form = LostPasswordForm(request.form)
+    if request.method == 'POST' and form.validate():
+        #TODO: make the link only usable once (e.g include a hash of the old pw)
+        # atm the only thing we do is make the link valid for only little time
+        confirm_token = make_confirmation('lost_password', (form.username.data,))
+        confirm_link = url_for('lost_password_complete', token=confirm_token, _external=True)
+
+        body = render_template('mail/lost_password.txt', username=form.username.data,
+                               link=confirm_link)
+
+        send_mail(form.user.mail, u'Passwort vergessen', body,
+                  sender=app.config.get('MAIL_CONFIRM_SENDER'))
+
+        flash(u'Wir haben dir eine E-Mail mit einem Link zum Passwort ändern '
+              u'geschickt. Bitte folge den Anweisungen in der E-Mail.', 'success')
+
+        return redirect(url_for('index'))
+
+    return {'form': form}
+
+
+@app.route('/lost_password/<token>', methods=['GET', 'POST'])
+@templated('lost_password_complete.html')
+@logout_required
+def lost_password_complete(token):
+    username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60)
+
+    form = RegisterCompleteForm(request.form)
+    if request.method == 'POST' and form.validate():
+        user = g.ldap.get_by_uid(username)
+        user.change_password(form.password.data)
+        g.ldap.update(user, as_admin=True)
+
+        session['username'] = username
+        session['password'] = encrypt_password(form.password.data)
+        flash(u'Passwort geändert.', 'success')
+
+        return redirect(url_for('settings'))
+
+    return {
+        'form': form,
+        'token': token,
+        'username': username,
+    }
+
 
 @app.route('/settings', methods=['GET', 'POST'])
 @templated('settings.html')
@@ -186,7 +235,8 @@ def debug():
 
 
 # we need the app to exist before initializing the forms
-from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm
+from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\
+                  LostPasswordForm
 
 
 if __name__ == '__main__':