From d3c23c1994e08fbb2697fc2398efed9fe67d4a42 Mon Sep 17 00:00:00 2001
From: Matt Wright <mdw1980@gmail.com>
Date: Tue, 21 Aug 2012 17:34:38 -0400
Subject: [PATCH] Polish

---
 flask_security/recoverable.py | 7 +++++--
 flask_security/views.py       | 9 ++++-----
 tests/functional_tests.py     | 2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/flask_security/recoverable.py b/flask_security/recoverable.py
index 54ab50f..a038f46 100644
--- a/flask_security/recoverable.py
+++ b/flask_security/recoverable.py
@@ -88,8 +88,11 @@ def reset_by_token(token, password):
 
     except SignatureExpired:
         sig_okay, data = serializer.loads_unsafe(token)
-        raise ResetPasswordError('Password reset token expired',
-                                 user=_datastore.find_user(id=data[0]))
+        user = _datastore.find_user(id=data[0])
+        msg = get_message('PASSWORD_RESET_EXPIRED',
+                          within=_security.reset_password_within,
+                          email=user.email)
+        raise ResetPasswordError(msg[0], user=user)
 
     except BadSignature:
         raise ResetPasswordError(get_message('INVALID_RESET_PASSWORD_TOKEN')[0])
diff --git a/flask_security/views.py b/flask_security/views.py
index 83f8a58..37d8309 100644
--- a/flask_security/views.py
+++ b/flask_security/views.py
@@ -79,10 +79,12 @@ def login():
     """View function for login view"""
 
     user, msg, confirm_url = None, None, None
-    form = LoginForm(request.form, csrf_enabled=not app.testing)
+    form_data = request.form
 
     if request.json:
-        form = LoginForm(MultiDict(request.json), csrf_enabled=not app.testing)
+        form_data = MultiDict(request.json)
+
+    form = LoginForm(form_data, csrf_enabled=not app.testing)
 
     if form.validate_on_submit():
         user = form.user
@@ -276,9 +278,6 @@ def reset_password(token):
             msg = (str(e), 'error')
             if e.user:
                 send_reset_password_instructions(e.user)
-                msg = get_message('PASSWORD_RESET_EXPIRED',
-                                  within=_security.reset_password_within,
-                                  email=e.user.email)
             _logger.debug('Password reset error: ' + msg[0])
 
         do_flash(*msg)
diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index 9a46562..8e67e37 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -404,7 +404,7 @@ class RecoverableTests(SecurityTest):
         r = self.client.post('/reset',
                              data=dict(email='larry@lp.com'),
                              follow_redirects=True)
-        self.assertIn('Invalid email address', r.data)
+        self.assertIn("Specified user does not exist", r.data)
 
     def test_reset_password_with_valid_token(self):
         with capture_reset_password_requests() as requests: