Unifying user reset auth routes

* update routes paths * update aud in JWT * update reset link

Unifying user reset auth routes
4e431c15 · f00wl · 8aef6d64 · 4e431c15
Unverified Commit 4e431c15 authored 2 years ago by f00wl
--- a/hiboo/user/views.py
+++ b/hiboo/user/views.py
@@ -29,7 +29,7 @@ def details(user_uuid):
    return flask.render_template("user_details.html", user=user)


-@blueprint.route("/reset/<user_uuid>", methods=["GET", "POST"])
+@blueprint.route("/auth/password/reset/<user_uuid>", methods=["GET", "POST"])
 @security.admin_required()
 @security.confirmation_required("generate a password reset link")
 def password_reset(user_uuid):
@@ -37,13 +37,13 @@ def password_reset(user_uuid):
    expired = datetime.datetime.now() + datetime.timedelta(days=1)
    payload = {
        "exp": int(expired.timestamp()),
-        "aud": flask.url_for('account.reset'),
+        "aud": flask.url_for('account.password_reset'),
        "user_uuid": user.uuid
    }
    header = {"alg": "HS512"}
    key = flask.current_app.config["SECRET_KEY"]
    token = jwt.encode(header, payload, key)
-    reset_link = flask.url_for("account.reset", token=token, _external=True)
+    reset_link = flask.url_for("account.password_reset", token=token, _external=True)
    flask.flash(_("Reset link: {}").format(reset_link), "success")
    return flask.redirect(flask.url_for(".details", user_uuid=user.uuid))