diff --git a/ffmap/usertools.py b/ffmap/usertools.py
index 16275f7..a4904e4 100644
--- a/ffmap/usertools.py
+++ b/ffmap/usertools.py
@@ -73,7 +73,7 @@ def check_login_details(nickname, password):
return False
def reset_user_password(mysql, email, token=None, password=None):
- userid = mysql.findone("SELECT id FROM users WHERE email = %s LIMIT 1",(email,),"id")
+ user = mysql.findone("SELECT id, nickname, token FROM users WHERE email = %s LIMIT 1",(email,))
if not user:
raise AccountNotExisting()
elif password:
@@ -83,7 +83,7 @@ def reset_user_password(mysql, email, token=None, password=None):
SET password = %s, token = NULL
WHERE id = %s
LIMIT 1
- """,(generate_password_hash(password),userid,))
+ """,(generate_password_hash(password),user["id"],))
mysql.commit()
else:
raise InvalidToken()
@@ -93,8 +93,9 @@ def reset_user_password(mysql, email, token=None, password=None):
SET token = %s
WHERE id = %s
LIMIT 1
- """,(token,userid,))
+ """,(token,user["id"],))
mysql.commit()
+ return user
def set_user_password(mysql, nickname, password):
userid = mysql.findone("SELECT id FROM users WHERE nickname = %s LIMIT 1",(nickname,),"id")
diff --git a/ffmap/web/application.py b/ffmap/web/application.py
index 5e96145..23f0b23 100755
--- a/ffmap/web/application.py
+++ b/ffmap/web/application.py
@@ -415,36 +415,34 @@ def resetpw():
if request.method == 'POST':
token = base64.b32encode(os.urandom(10)).decode()
mysql = FreifunkMySQL()
- user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.form['email'],))
- reset_user_password(mysql, request.form['email'], token)
+ user = reset_user_password(mysql, request.form['email'], token)
+ mysql.close()
send_email(
recipient = request.form['email'],
subject = "Password reset link",
content = "Hello %s,\n\n" % user["nickname"] +
- "You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
- "To verify you a reset link was sent to you:\n" +
- "%s\n" % url_for('resetpw', email=request.form['email'], token=token, _external=True) +
- "Clicking this link will reset your password and send the new password to your email address.\n\n" +
- "Regards,\nFreifunk Franken Monitoring System"
+ "You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
+ "To verify you a reset link was sent to you:\n" +
+ "%s\n" % url_for('resetpw', email=request.form['email'], token=token, _external=True) +
+ "Clicking this link will reset your password and send the new password to your email address.\n\n" +
+ "Regards,\nFreifunk Franken Monitoring System"
)
flash("A password reset link was sent to %s" % request.form['email'], "success")
- mysql.close()
elif "token" in request.args:
password = base64.b32encode(os.urandom(10)).decode()
mysql = FreifunkMySQL()
- reset_user_password(mysql, request.args['email'], request.args['token'], password)
- user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.args['email'],))
+ user = reset_user_password(mysql, request.args['email'], request.args['token'], password)
+ mysql.close()
send_email(
recipient = request.args['email'],
subject = "Your new Password",
content = "Hello %s,\n\n" % user["nickname"] +
- "You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
- "Your new Password: %s\n" % password +
- "Please log in and change it\n\n" +
- "Regards,\nFreifunk Franken Monitoring System"
+ "You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
+ "Your new Password: %s\n" % password +
+ "Please log in and change it\n\n" +
+ "Regards,\nFreifunk Franken Monitoring System"
)
flash("Password reset successful! - Your password was sent to %s" % request.args['email'], "success")
- mysql.close()
except AccountNotExisting:
flash("No Account found with this E-Mail address!", "danger")
except InvalidToken: