Add company dashboard improvements and upload/auth features

2026-01-23 20:21:11 +01:00
parent 1394ef6f67
commit ea3d0164f2
14 changed files with 1004 additions and 112 deletions
--- a/app/auth_tokens.py
+++ b/app/auth_tokens.py
@@ -0,0 +1,27 @@
+"""Shared auth token helpers.
+
+We keep password reset/invite token logic in one place so it can be used by:
+ - the normal "forgot password" flow
+ - company "invite user" flow
+
+Tokens are signed with Flask SECRET_KEY and time-limited.
+"""
+
+from __future__ import annotations
+
+from itsdangerous import URLSafeTimedSerializer
+
+
+def _serializer(secret_key: str) -> URLSafeTimedSerializer:
+    return URLSafeTimedSerializer(secret_key, salt="password-reset")
+
+
+def make_password_reset_token(*, secret_key: str, user_id: int) -> str:
+    s = _serializer(secret_key)
+    return s.dumps({"user_id": int(user_id)})
+
+
+def load_password_reset_user_id(*, secret_key: str, token: str, max_age_seconds: int) -> int:
+    s = _serializer(secret_key)
+    data = s.loads(token, max_age=max_age_seconds)
+    return int(data.get("user_id"))