chelsea/balanceboard
0
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

Add password reset mechanism (Issue #1)

Browse Source 
- Added reset_token and reset_token_expiry fields to User model
- Implemented generate_reset_token(), verify_reset_token(), and clear_reset_token() methods
- Created password reset request form (/password-reset-request)
- Created password reset form (/password-reset/<token>)
- Added "Forgot password?" link to login page
- Reset tokens expire after 1 hour for security
- Created migration script to add new database columns
- Reset links are logged (would be emailed in production)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
chelsea
2025-10-11 18:46:18 -05:00
parent a1d8c9d373
commit 51911f2c48
6 changed files with 244 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
app.py
View File

@@ -630,6 +630,78 @@ def login():
return render_template('login.html') return render_template('login.html')
@app.route('/password-reset-request', methods=['GET', 'POST'])
def password_reset_request():
"""Request a password reset"""
if current_user.is_authenticated:
return redirect(url_for('index'))
if request.method == 'POST':
email = request.form.get('email', '').strip().lower()
if not email:
flash('Please enter your email address', 'error')
return render_template('password_reset_request.html')
# Find user by email
user = User.query.filter_by(email=email).first()
# Always show success message for security (don't reveal if email exists)
flash('If an account exists with that email, a password reset link has been sent.', 'success')
if user and user.password_hash: # Only send reset if user has a password (not OAuth only)
# Generate reset token
token = user.generate_reset_token()
# Build reset URL
reset_url = url_for('password_reset', token=token, _external=True)
# Log the reset URL (in production, this would be emailed)
logger.info(f"Password reset requested for {email}. Reset URL: {reset_url}")
# For now, also flash it for development (remove in production)
flash(f'Reset link (development only): {reset_url}', 'info')
return redirect(url_for('login'))
return render_template('password_reset_request.html')
@app.route('/password-reset/<token>', methods=['GET', 'POST'])
def password_reset(token):
"""Reset password with token"""
if current_user.is_authenticated:
return redirect(url_for('index'))
# Find user by token
user = User.query.filter_by(reset_token=token).first()
if not user or not user.verify_reset_token(token):
flash('Invalid or expired reset token', 'error')
return redirect(url_for('login'))
if request.method == 'POST':
password = request.form.get('password', '')
confirm_password = request.form.get('confirm_password', '')
if not password or len(password) < 6:
flash('Password must be at least 6 characters', 'error')
return render_template('password_reset.html')
if password != confirm_password:
flash('Passwords do not match', 'error')
return render_template('password_reset.html')
# Set new password
user.set_password(password)
user.clear_reset_token()
flash('Your password has been reset successfully. You can now log in.', 'success')
return redirect(url_for('login'))
return render_template('password_reset.html')
# Auth0 Routes # Auth0 Routes
@app.route('/auth0/login') @app.route('/auth0/login')
def auth0_login(): def auth0_login():

54
migrate_password_reset.py Normal file
View File

@@ -0,0 +1,54 @@
#!/usr/bin/env python3
"""
Database migration to add password reset fields to users table.
Run this once to add the new columns for password reset functionality.
"""
import sys
from app import app, db
def migrate():
"""Add password reset columns to users table"""
with app.app_context():
try:
# Check if columns already exist
from sqlalchemy import inspect
inspector = inspect(db.engine)
columns = [col['name'] for col in inspector.get_columns('users')]
if 'reset_token' in columns and 'reset_token_expiry' in columns:
print("✓ Password reset columns already exist")
return True
# Add the new columns using raw SQL
with db.engine.connect() as conn:
if 'reset_token' not in columns:
print("Adding reset_token column...")
conn.execute(db.text(
"ALTER TABLE users ADD COLUMN reset_token VARCHAR(100) UNIQUE"
))
conn.execute(db.text(
"CREATE INDEX IF NOT EXISTS ix_users_reset_token ON users(reset_token)"
))
conn.commit()
if 'reset_token_expiry' not in columns:
print("Adding reset_token_expiry column...")
conn.execute(db.text(
"ALTER TABLE users ADD COLUMN reset_token_expiry TIMESTAMP"
))
conn.commit()
print("✓ Password reset columns added successfully")
return True
except Exception as e:
print(f"✗ Migration failed: {e}")
import traceback
traceback.print_exc()
return False
if __name__ == '__main__':
print("Running password reset migration...")
success = migrate()
sys.exit(0 if success else 1)

30
models.py
View File

@@ -41,6 +41,10 @@ class User(UserMixin, db.Model):
# User settings (JSON stored as text) # User settings (JSON stored as text)
settings = db.Column(db.Text, default='{}') settings = db.Column(db.Text, default='{}')
# Password reset
reset_token = db.Column(db.String(100), nullable=True, unique=True, index=True)
reset_token_expiry = db.Column(db.DateTime, nullable=True)
def __init__(self, username, email, password=None, is_admin=False, auth0_id=None): def __init__(self, username, email, password=None, is_admin=False, auth0_id=None):
""" """
Initialize a new user. Initialize a new user.
@@ -102,6 +106,32 @@ class User(UserMixin, db.Model):
self.last_login = datetime.utcnow() self.last_login = datetime.utcnow()
db.session.commit() db.session.commit()
def generate_reset_token(self):
"""Generate a password reset token that expires in 1 hour"""
import secrets
from datetime import timedelta
self.reset_token = secrets.token_urlsafe(32)
self.reset_token_expiry = datetime.utcnow() + timedelta(hours=1)
db.session.commit()
return self.reset_token
def verify_reset_token(self, token):
"""Verify if the provided reset token is valid and not expired"""
if not self.reset_token or not self.reset_token_expiry:
return False
if self.reset_token != token:
return False
if datetime.utcnow() > self.reset_token_expiry:
return False
return True
def clear_reset_token(self):
"""Clear the reset token after use"""
self.reset_token = None
self.reset_token_expiry = None
db.session.commit()
def get_id(self): def get_id(self):
"""Required by Flask-Login""" """Required by Flask-Login"""
return self.id return self.id

4
templates/login.html
View File

@@ -37,6 +37,10 @@
<label for="remember" style="margin-bottom: 0;">Remember me</label> <label for="remember" style="margin-bottom: 0;">Remember me</label>
</div> </div>
<div style="text-align: right; margin-bottom: 16px;">
<a href="{{ url_for('password_reset_request') }}" style="color: var(--primary-color); text-decoration: none; font-size: 14px;">Forgot password?</a>
</div>
<button type="submit">Log In</button> <button type="submit">Log In</button>
</form> </form>

43
templates/password_reset.html Normal file
View File

@@ -0,0 +1,43 @@
{% extends "base.html" %}
{% block title %}Set New Password - BalanceBoard{% endblock %}
{% block content %}
<div class="auth-container">
<div class="auth-card">
<div class="auth-logo">
<img src="{{ url_for('serve_logo') }}" alt="BalanceBoard Logo">
<h1><span class="balance">balance</span>Board</h1>
<p style="color: var(--text-secondary); margin-top: 8px;">Set a new password</p>
</div>
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
<div class="flash-messages">
{% for category, message in messages %}
<div class="flash-message {{ category }}">{{ message }}</div>
{% endfor %}
</div>
{% endif %}
{% endwith %}
<form method="POST" class="auth-form">
<div class="form-group">
<label for="password">New Password</label>
<input type="password" id="password" name="password" required autofocus minlength="6">
</div>
<div class="form-group">
<label for="confirm_password">Confirm New Password</label>
<input type="password" id="confirm_password" name="confirm_password" required minlength="6">
</div>
<button type="submit">Reset Password</button>
</form>
<div class="auth-footer">
<p>Remember your password? <a href="{{ url_for('login') }}">Log in</a></p>
</div>
</div>
</div>
{% endblock %}

41
templates/password_reset_request.html Normal file
View File

@@ -0,0 +1,41 @@
{% extends "base.html" %}
{% block title %}Reset Password - BalanceBoard{% endblock %}
{% block content %}
<div class="auth-container">
<div class="auth-card">
<div class="auth-logo">
<img src="{{ url_for('serve_logo') }}" alt="BalanceBoard Logo">
<h1><span class="balance">balance</span>Board</h1>
<p style="color: var(--text-secondary); margin-top: 8px;">Reset your password</p>
</div>
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
<div class="flash-messages">
{% for category, message in messages %}
<div class="flash-message {{ category }}">{{ message }}</div>
{% endfor %}
</div>
{% endif %}
{% endwith %}
<form method="POST" class="auth-form">
<div class="form-group">
<label for="email">Email Address</label>
<input type="email" id="email" name="email" required autofocus>
<small style="color: var(--text-secondary); display: block; margin-top: 4px;">
Enter the email address associated with your account and we'll send you a password reset link.
</small>
</div>
<button type="submit">Send Reset Link</button>
</form>
<div class="auth-footer">
<p>Remember your password? <a href="{{ url_for('login') }}">Log in</a></p>
</div>
</div>
</div>
{% endblock %}