flask-security
flask-security copied to clipboard
mattupstate
A conflict in validation between forgot_password view function and ForgotPasswordForm.validate method.
Using Flask_security forgot_password default view and turning ON the SECURITY_CONFIRMABLE flag, during validation process of the ForgotPasswordForm, the forgot_password view requires anonymous_user while the form checks if a confirmation is required which passes self.user to requires_confirmation. self.user is by default None and I don't see in related code how it could be something else, thus I got the following error each time I try to reset the password:
File ".../lib/python3.4/site-packages/flask_security/confirmable.py", line 63, in requires_confirmation
user.confirmed_at is None)
AttributeError: 'NoneType' object has no attribute 'confirmed_at'
May be to solve this issue, before checking if a confirmation is requested, the form fetches the user using the entered email and thus self.user will not be None? Or am I missing something else here?
It is worth mentioning that I'm sub-classing from ForgotPasswordForm as below:
class PasswordResetRequestForm(ForgotPasswordForm):
email = StringField('Email', validators=[Required(), Length(1,64), Email()])
submit = SubmitField('Reset Password')
So, I believe by doing so, I'm not calling the ForgotPasswordForm validators, how can I include them in my subclassed form validators?
your custom email field need a validator valid_user_email,this function assign the form.user,in flask_security.forms
def valid_user_email(form, field):
form.user = _datastore.get_user(field.data)
if form.user is None:
raise ValidationError(get_message('USER_DOES_NOT_EXIST')[0])
in class UserEmailFormMixin
class UserEmailFormMixin():
user = None
email = StringField(
get_form_field_label('email'),
validators=[email_required, email_validator, valid_user_email])
default ForgotPasswordForm inheritance from this class
