def beforeMailPassword(self, login, REQUEST, **kw): """ Password reset only with Role 'Member' """ portal = getSite() reject_non_members = IAnnotations(portal).get('rohberg.doorman.reject_non_members', True) if reject_non_members: membership = getToolByName(self, 'portal_membership') member = membership.getMemberById(login) if member: if not (member.has_role("Member") or member.has_role("Manager")): raise ValueError(_(u"Your account is locked.")) return self.original_mailPassword(login, REQUEST, **kw)
def testPasswordValidity(self, password, confirm=None): """ Verify that the password satisfies the portal's requirements. o If the password is valid, return None. o If not, return a string explaining why. """ if not password: return _(u'You must enter a password.') # if len(password) < 5 and not _checkPermission(ManagePortal, self): # return _(u'Your password must contain at least 5 characters.') if confirm is not None and confirm != password: return _(u'Your password and confirmation did not match. ' u'Please try again.') # changes: # Use PAS to test validity pas_instance = self.acl_users plugins = pas_instance._getOb('plugins') validators = plugins.listPlugins(IValidationPlugin) err = [] for validator_id, validator in validators: user = None set_id = '' set_info = {'password':password} errors = validator.validateUserInfo( user, set_id, set_info ) err += [info['error'] for info in errors if info['id'] == 'password' ] if err: return ' '.join(err) else: # original policy if no custom policy defined if len(password) < 5 and not _checkPermission(ManagePortal, self): return _(u'Your password must contain at least 5 characters.') return None
def redirect_to_loggedout_reset_password(user): """ Redirects the user to reset password form :return: True or False depending if we found a redirect target or not """ portal = getSite() request = getattr(portal, "REQUEST", None) if not request: return False username = user.getId() def isPasswordDurationExpired(portal, member): try: member.getUserId() except: return False plugin = portal.acl_users.get(PLUGIN_ID, None) if not plugin: return False password_duration = plugin.getPasswordDuration() # if no password_duration defined or password_duration == 0: no password reset neccessary if password_duration < 1: return False jetzt = DateTime() last_password_reset = member.getProperty('last_password_reset', jetzt-1000) cond = last_password_reset+password_duration < jetzt if cond: return True return False def getPasswordResetURL(portal, username): reset_tool = getToolByName(portal, 'portal_password_reset') reset = reset_tool.requestReset(username) url = u"%s/passwordreset/%s?userid=%s" % (portal.absolute_url(), reset.get('randomstring',""), username) return url # reject non-members and redirect to info page annotations = IAnnotations(portal) reject_non_members = annotations.get('rohberg.doorman.reject_non_members', True) if reject_non_members: if not user.has_role('Member') and not user.has_role('Manager'): # logout: noSecurityManager() logger.info("Redirecting non-member %s to info page" % username) msg = _(u"Your account is locked.") portal.plone_utils.addPortalMessage(msg, type='info') url = portal.absolute_url() + "/login" return request.response.redirect(url) if isPasswordDurationExpired(portal, user): # logout: noSecurityManager() url = getPasswordResetURL(portal, username) logger.info("Redirecting user %s to reset password form %s" % (username, url)) msg = _(u"Your password is expired. Please reset your password.") portal.plone_utils.addPortalMessage(msg, type='error') request.response.redirect(url) return True # Let the normal login proceed to the page "You are now logged in" etc. return False