Concept Flow - Password reset email pattern

User requests password reset

↓

Generate secure token

↓

Create reset URL with token

↓

Send email with reset link

↓

User clicks link

↓

Verify token validity

↓

Show reset form

↓

User submits new password

↓

Update password in database

↓

Confirm success to user

This flow shows how a password reset email is generated, sent, and used to securely reset a user's password.

Execution Sample

Flask

from flask import Flask, request, url_for
from itsdangerous import URLSafeTimedSerializer

app = Flask(__name__)
app.config['SECRET_KEY'] = 'secret!'

serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])

def send_reset_email(user_email):
    token = serializer.dumps(user_email, salt='password-reset-salt')
    reset_url = url_for('reset_password', token=token, _external=True)
    print(f"Send email to {user_email} with link: {reset_url}")

This code generates a secure token for the user's email and prints a reset link simulating sending an email.

Execution Table

Step	Action	Input	Output	Notes
1	User requests password reset	user@example.com	user@example.com	User submits email to reset
2	Generate token	user@example.com	token_string	Token created with serializer.dumps
3	Create reset URL	token_string	https://host/reset_password?token=token_string	URL includes token as query param
4	Send email	reset URL	Email sent with reset link	Simulated by print statement
5	User clicks link	token_string	Token received by server	Server gets token from URL
6	Verify token	token_string	user@example.com or error	Token decoded or invalid
7	Show reset form	valid token	Password reset form displayed	User can enter new password
8	User submits new password	new_password	Password updated	Password saved in database
9	Confirm success		Success message shown	User notified of reset
10	Invalid token case	invalid or expired token	Error message shown	User informed token is invalid

💡 Process ends after password reset success or invalid token error

Variable Tracker

Variable	Start	After Step 2	After Step 3	After Step 6	Final
user_email	None	user@example.com	user@example.com	user@example.com	user@example.com
token	None	token_string	token_string	token_string	token_string or error
reset_url	None	None	https://host/reset_password?token=token_string	https://host/reset_password?token=token_string	https://host/reset_password?token=token_string
password	None	None	None	None	new_password (updated)

Key Moments - 3 Insights

Why do we use a token instead of sending the email directly?

What happens if the token is invalid or expired?

Why do we include the token in the URL?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the output at Step 3?

AA reset URL containing the token

BAn error message

CThe user's new password

DThe user's email address

Concept Snapshot

Password reset email pattern in Flask:
- User requests reset with email
- Generate secure token with serializer
- Create URL with token
- Send email with reset link
- User clicks link, server verifies token
- Show reset form if valid
- Update password on submission
- Handle invalid/expired tokens with error

Full Transcript

This visual execution trace shows how a password reset email pattern works in Flask. First, the user requests a password reset by providing their email. The server generates a secure token encoding the email and creates a reset URL containing this token. This URL is sent to the user via email. When the user clicks the link, the server receives the token and verifies its validity. If valid, the user sees a form to enter a new password. After submission, the password is updated in the database and the user is notified of success. If the token is invalid or expired, the server shows an error message and does not allow the reset. This process ensures secure password resets without exposing sensitive data.