From 730a75c44df3e8df55cac074a2848c4b7dc51c71 Mon Sep 17 00:00:00 2001
From: Vivek Santayana <me@viveksantayana.co.uk>
Date: Thu, 11 Aug 2022 16:05:28 +0100
Subject: [PATCH] Bugfix: reset password

---
 ref-test/app/admin/views.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ref-test/app/admin/views.py b/ref-test/app/admin/views.py
index aecec68..39a2599 100644
--- a/ref-test/app/admin/views.py
+++ b/ref-test/app/admin/views.py
@@ -117,7 +117,8 @@ def _reset():
         user.clear_reset_tokens()
         if request.args.get('verification') == verification_token:
             form = UpdatePassword()
-            return render_template('/admin/auth/update-password.html', form=form, user=user.id)
+            session['user'] = user.id
+            return render_template('/admin/auth/update-password.html', form=form)
         flash('The verification of your password reset request failed and the token has been invalidated. Please make a new reset password request.', 'error')
 
     return render_template('/admin/auth/reset.html', form=form)
@@ -126,7 +127,7 @@ def _reset():
 def _update_password():
     form = UpdatePassword()
     if form.validate_on_submit():
-        user = request.form.get('user')
+        user = session.pop('user')
         user = User.query.filter_by(id=user).first()
         user.update(password=request.form.get('password'))
         session['remembered_username'] = user.get_username()