Beispiel #1
0
 def GET(self, uid, token):
     # artificial delay (to slow down brute force attacks)
     sleep(0.5)
     try:
         user = auth.get_user(user_id=uid, with_password=True)
         if not user or not check_token(user, token,
                                        auth.config.reset_expire_after):
             raise AuthError
         return render.auth.reset_change(passwordChangeForm)
     except AuthError:
         flash.set(_(reset_text))
         raise web.seeother("/")
Beispiel #2
0
 def POST(self):
     form = passwordResetForm()
     if form.validates():
         try:
             user = auth.get_user(email=form.d.email, with_password=True)
             token_url = "%s%s/%s$%s" % (web.ctx.home, "/password_reset",
                                         user.id, make_token(user))
             mailer.send(
                 user.email,
                 render_email.password_reset(user, token_url),
                 send_now=True,
                 is_secure=True,
             )
             flash.set(_(sent_text))
             raise web.seeother("/")
         except IndexError:
             form.note = _(email_doesnt_exist_text)
     return render.auth.reset_token(form)
Beispiel #3
0
 def POST(self, uid, token):
     # artificial delay (to slow down brute force attacks)
     sleep(0.5)
     form = passwordChangeForm(web.input())
     if form.valid:
         try:
             user = auth.get_user(user_id=uid, with_password=True)
             if not user or not check_token(user, token,
                                            auth.config.reset_expire_after):
                 raise AuthError
             auth.set_password(user.email, form.d.password)
             auth.login(user)
             flash.set(_(changed_text))
         except AuthError:
             flash.set(_(reset_text))
         raise web.seeother("/")
     else:
         return render.auth.reset_change(form)
Beispiel #4
0
 def GET(self, user_id, method):
     user = auth.get_user(user_id=user_id, is_deleted=True)
     if user.id != auth.get_user().id:
         auth.update_user(user.id, is_deleted=method == "delete")
         if method == "delete":
             flash.set(_(undo_user_text) %
                       link_to("users", user, "undelete"))
             applog.info(_(deleted_user_text) %
                         user.title, "users", user.id, "warn")
         else:
             flash.set(_(undelete_user_text))
             applog.info(undeleted_user_text %
                         user.title, "users", user.id, "warn")
         auth.delete_session(user.id)
     else:
         flash.set(_(cannot_delete_self_text), "error")
     raise web.seeother("/a/users")