Finalize mail settings admin UI and Mailrise compatibility

2025-07-26 18:50:42 +03:00
parent 2a5b5ee468
commit 377e379883
23 changed files with 629 additions and 170 deletions
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -3,8 +3,12 @@ from flask_login import login_user, logout_user, login_required, current_user
 from werkzeug.security import check_password_hash
 from app.models import User, db
 from app.forms import LoginForm, RegisterForm, ForgotPasswordForm
+from app.routes.reset_password import RequestResetForm, ResetPasswordForm
+from flask_mail import Message
+from app.routes.mail import mail
+from app.utils.token import generate_reset_token, verify_reset_token
 import re
-
+from app.forms import LoginForm, RegisterForm, ForgotPasswordForm
 auth = Blueprint('auth', __name__)

@auth.route('/login', methods=['GET', 'POST'])
@@ -83,18 +87,44 @@ def forgot_password():
    """Forgot password page"""
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
-    
-    form = ForgotPasswordForm()
+    form = RequestResetForm()
    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data).first()
        if user:
-            # TODO: Implement email sending for password reset
-            flash('If an account with that email exists, we\'ve sent password reset instructions.', 'info')
-        else:
-            flash('If an account with that email exists, we\'ve sent password reset instructions.', 'info')
+            token = generate_reset_token(user.email)
+            reset_url = url_for('auth.reset_password', token=token, _external=True)
+            msg = Message(
+                subject="Password Reset Request",
+                recipients=[user.email],
+                body=f"Hello {user.nickname},\n\nTo reset your password, click the link below:\n{reset_url}\n\nIf you did not request this, please ignore this email."
+            )
+            try:
+                mail.send(msg)
+            except Exception as e:
+                flash(f"Failed to send reset email: {e}", "danger")
+        flash('If an account with that email exists, we\'ve sent password reset instructions.', 'info')
        return redirect(url_for('auth.login'))
-    
    return render_template('auth/forgot_password.html', form=form)
+# Password reset route
+@auth.route('/reset-password/<token>', methods=['GET', 'POST'])
+def reset_password(token):
+    if current_user.is_authenticated:
+        return redirect(url_for('main.index'))
+    email = verify_reset_token(token)
+    if not email:
+        flash('Invalid or expired reset link.', 'danger')
+        return redirect(url_for('auth.forgot_password'))
+    user = User.query.filter_by(email=email).first()
+    if not user:
+        flash('Invalid or expired reset link.', 'danger')
+        return redirect(url_for('auth.forgot_password'))
+    form = ResetPasswordForm()
+    if form.validate_on_submit():
+        user.set_password(form.password.data)
+        db.session.commit()
+        flash('Your password has been reset. You can now log in.', 'success')
+        return redirect(url_for('auth.login'))
+    return render_template('auth/reset_password.html', form=form)

 def is_valid_password(password):
    """Validate password strength"""