Update the password if the user has forgotten while Login-in, Python Flask

Question

I am trying to update the password if the user has forgotten while Login-in. But continuously it is giving the same error given below.

Bad Request: The browser (or proxy) sent a request that this server could not understand.

app.py

@app.route('/NewPassword', methods=['POST', 'GET'])
def NewPassword():
    if request.method == 'POST':
        OldEmail = request.form['NewPswdInputEmail']
        OldPhone = request.form['NewPswdInputPhoneNo']
        NewPaswd = request.form['NewPaswdInputPassword']

        cur = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
        cur.execute("UPDATE USERS SET Paswd='" + NewPaswd + "' WHERE Email ='" + OldEmail + "' OR Phone ='" + OldPhone + "'")
        cur.connection.commit()

        return "Password Updated"

    return render_template('NewPassword.html')

NewPassword.html

<form action="/NewPassword" method="post" oninput='NewPaswdConPassword.setCustomValidity(NewPaswdConPassword.value != NewPaswdInputPassword.value ? "Password does not match." : "")'>
                    <div class="form-group">
                        <label for="customRadio">Select Option to Change Password Between Email & Phone No.</label>
                        <div class="custom-control custom-radio custom-control-inline">
                            <input type="radio" id="customRadioInline1" name="customRadioInline" value="Email" class="custom-control-input" checked>
                            <label class="custom-control-label" for="customRadioInline1">Email Id</label>
                        </div>
                        <div class="custom-control custom-radio custom-control-inline">
                            <input type="radio" id="customRadioInline2" name="customRadioInline" value="Phone" class="custom-control-input">
                            <label class="custom-control-label" for="customRadioInline2">Phone No.</label>
                        </div>
                    </div>

                    <div class="form-group" id="EmailShowHide">
                        <label for="NewPswdInputEmail">Email Address</label>
                        <input type="email" class="form-control" name="loginInputEmail" id="NewPswdInputEmail" aria-describedby="emailHelp" placeholder="Email address">
                        <small id="loginemailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
                    </div>

                    <div class="form-group" id="PhoneShowHide" style="display: none">
                        <label for="NewPswdInputPhoneNo">Phone Number</label>
                        <input type="tel" id="NewPswdInputPhoneNo" name="NewPswdInputPhoneNo" class="form-control" pattern="[0-9]{4}[0-9]{2}[0-9]{4}" placeholder="Phone number">
                        <small id="NewPswdPhoneHelpInline" class="text-muted">Enter Valid Number</small>
                    </div>

                    <div class="form-group">
                        <div class="tool">
                            <label for="NewPaswdInputPassword">New Password</label>
                            <div class="input-group" id="NewPaswdShowHide">
                                <input type="password" class="form-control" name="NewPaswdInputPassword" id="NewPaswdInputPassword" pattern="^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9]).{8,20}$" placeholder="New password" required>
                                <div class="input-group-append">
                                    <a class="btn btn-primary">
                                        <i class="bi bi-eye-slash" aria-hidden="true"></i>
                                    </a>
                                </div>
                            </div>
                            <span class="tooltext">Password Must be Alphanumeric with atleast an UpperCase & LowerCase Characters</span>
                            <small id="NewPaswdHelpInline" class="text-muted">Must be 8-20 characters long.</small>
                        </div>
                    </div>
                    <div class="form-group">
                        <label for="NewPaswdInputConPassword">Confirm New Password</label>
                        <input type="password" class="form-control" name="NewPaswdConPassword" id="NewPaswdInputConPassword" placeholder="Confirm new password" required>
                    </div>
                    <button type="submit" name="Login" id="NewPaswdSubmit" class="btn btn-primary">Submit</button>
                </form>

I am trying to do is, if my database "USERS" has Email or Phone no. then Paswd will get updated with the new password which is input by the user

Please tell me what I am doing wrong.

Answer 1

I assume you are using Flask. Is your application running in debug mode? Running the application in debug mode can help identify where the issue is.

The issue is with the email HTML form input. When you submit a form, the data is sent as key=value pairs, in this case you are using Flask so it is a python dictionary. So in the /NewPassword route, when you request request.form['NewPswdInputEmail'] , you are grabbing a value in that dictionary submitted from the form with 'NewPswdInputEmail' as a key. In the form input the key is the name attribute.

That's why you get the KeyError because the name in the email input form has name="loginInputEmail" instead of name="NewPswdInputEmail"

All you need to do is rename loginInputEmail attribute in the email input field to NewPswdInputEmail .