From 4e431c15166c06cbf4806017e48f14bcc59229ce Mon Sep 17 00:00:00 2001
From: f00wl <f00wl@felinn.org>
Date: Fri, 10 Feb 2023 13:18:53 +0100
Subject: [PATCH] Unifying user reset auth routes * update routes paths *
 update aud in JWT * update reset link

---
 hiboo/user/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hiboo/user/views.py b/hiboo/user/views.py
index 86b4cdd..cf24233 100644
--- a/hiboo/user/views.py
+++ b/hiboo/user/views.py
@@ -29,7 +29,7 @@ def details(user_uuid):
     return flask.render_template("user_details.html", user=user)
 
 
-@blueprint.route("/reset/<user_uuid>", methods=["GET", "POST"])
+@blueprint.route("/auth/password/reset/<user_uuid>", methods=["GET", "POST"])
 @security.admin_required()
 @security.confirmation_required("generate a password reset link")
 def password_reset(user_uuid):
@@ -37,13 +37,13 @@ def password_reset(user_uuid):
     expired = datetime.datetime.now() + datetime.timedelta(days=1)
     payload = {
         "exp": int(expired.timestamp()),
-        "aud": flask.url_for('account.reset'),
+        "aud": flask.url_for('account.password_reset'),
         "user_uuid": user.uuid
     }
     header = {"alg": "HS512"}
     key = flask.current_app.config["SECRET_KEY"]
     token = jwt.encode(header, payload, key)
-    reset_link = flask.url_for("account.reset", token=token, _external=True)
+    reset_link = flask.url_for("account.password_reset", token=token, _external=True)
     flask.flash(_("Reset link: {}").format(reset_link), "success")
     return flask.redirect(flask.url_for(".details", user_uuid=user.uuid))
 
-- 
GitLab