Skip to content

Commit

Permalink
add a callback url to password reset flow
Browse files Browse the repository at this point in the history
  • Loading branch information
@miguelgrinberg
miguelgrinberg committed Dec 30, 2021
1 parent 4d937a4 commit 324138d
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 2 deletions.
1 change: 1 addition & 0 deletions api/schemas.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ class Meta:

email = ma.String(required=True, validate=[validate.Length(max=120),
validate.Email()])
callback_url = ma.String(required=True, validate=validate.Length(min=1))


class PasswordResetSchema(ma.Schema):
Expand Down
3 changes: 2 additions & 1 deletion api/tokens.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ def reset(args):
user = db.session.scalar(User.select().filter_by(email=args['email']))
if user is not None:
reset_token = user.generate_reset_token()
reset_url = (request.referrer or '') + '?token=' + reset_token
reset_url = request.referrer.strip('/') + args['callback_url'] + \
'?token=' + reset_token
send_email(args['email'], 'Reset Your Password', 'reset',
token=reset_token, url=reset_url)
return {}
Expand Down
2 changes: 1 addition & 1 deletion config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ class Config:
ACCESS_TOKEN_EXPIRATION = int(os.environ.get(
'ACCESS_TOKEN_EXPIRATION', '60')) * 60 # 1 hour
REFRESH_TOKEN_EXPIRATION = int(os.environ.get(
'REFRESH_TOKEN_EXPIRATION', '1440')) * 60 # 24 hours
'REFRESH_TOKEN_EXPIRATION', '4320')) * 60 # 3 days
RESET_TOKEN_EXPIRATION = int(os.environ.get(
'RESET_TOKEN_EXPIRATION', '15')) * 60 # 15 minutes

Expand Down

0 comments on commit 324138d

Please sign in to comment.