Bugfix: reset password

ref-test/app/admin/views.py

@@ -117,7 +117,8 @@ def _reset():
         user.clear_reset_tokens()
         if request.args.get('verification') == verification_token:
             form = UpdatePassword()
-            return render_template('/admin/auth/update-password.html', form=form, user=user.id)
+            session['user'] = user.id
+            return render_template('/admin/auth/update-password.html', form=form)
         flash('The verification of your password reset request failed and the token has been invalidated. Please make a new reset password request.', 'error')
 
     return render_template('/admin/auth/reset.html', form=form)
@@ -126,7 +127,7 @@ def _reset():
 def _update_password():
     form = UpdatePassword()
     if form.validate_on_submit():
-        user = request.form.get('user')
+        user = session.pop('user')
         user = User.query.filter_by(id=user).first()
         user.update(password=request.form.get('password'))
         session['remembered_username'] = user.get_username()