def recovery_password(request):
"""Display password recovery form or do the password change
"""
_ = get_localizer(request)
settings = request.registry.settings
user_model = UserModel(request.db_session)
user_name = request.params['user_name']
code = request.params['code']
user = user_model.get_by_name(user_name)
if user is None:
return HTTPNotFound(_('No such user %s') % user_name)
user_id = user.user_id
# generate verification
auth_secret_key = settings['auth_secret_key']
valid_code = user_model.get_recovery_code(auth_secret_key, user_id)
if code != valid_code:
return HTTPForbidden(_('Bad password recovery link'))
factory = FormFactory(_)
RecoveryPasswordForm = factory.make_recovery_password_form()
form = RecoveryPasswordForm(request.params, user_name=user_name, code=code)
invalid_msg = _(u'Invalid password recovery link')
redirect_url = request.route_url('front.home')
user = user_model.get_by_name(user_name)
if user is None:
request.add_flash(invalid_msg, 'error')
raise HTTPFound(location=redirect_url)
user_id = user.user_id
if request.method == 'POST' and form.validate():
new_password = request.POST['new_password']
with transaction.manager:
user_model.update_password(user_id, new_password)
msg = _(u'Your password has been updated')
request.add_flash(msg, 'success')
raise HTTPFound(location=redirect_url)
return dict(form=form)
def user_edit(request):
_ = get_localizer(request)
user_model = UserModel(request.db_session)
group_model = GroupModel(request.db_session)
user_name = request.matchdict['user_name']
user = user_model.get_by_name(user_name)
if user is None:
msg = _(u'User %s does not exists') % user_name
return HTTPNotFound(msg)
user_groups = [str(g.group_id) for g in user.groups]
factory = FormFactory(_)
UserEditForm = factory.make_user_edit_form()
form = UserEditForm(
request.params,
display_name=user.display_name,
email=user.email,
groups=user_groups
)
groups = group_model.get_list()
form.groups.choices = [
(str(g.group_id), '%s - %s' % (g.group_name, g.display_name), )
for g in groups
]
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
display_name = request.params['display_name']
password = request.params['password']
email = request.params['email']
groups = request.params.getall('groups')
by_email = user_model.get_by_email(email)
if by_email is not None and email != user.email:
msg = _(u'Email %s already exists') % email
form.email.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
user_model.update_user(
user_id=user.user_id,
display_name=display_name,
email=email,
)
if password:
user_model.update_password(user.user_id, password)
user_model.update_groups(user.user_id, map(int, groups))
msg = _(u"User ${user_name} has been updated",
mapping=dict(user_name=user_name))
request.add_flash(msg, 'success')
url = request.route_url('admin.user_edit',
user_name=user.user_name)
return HTTPFound(location=url)
return dict(form=form, user=user)