Ejemplo n.º 1
0
    def update(self):
        request = self.request

        principal = authenticated_userid(request)
        user = User.getByURI(principal)
        if user is None:
            self.token = token = request.params.get('token')
            if token:
                self.userid = tokenService.get(token)
                if self.userid is None:
                    return HTTPFound(location='/reset-password.html')

                user = User.getById(self.userid)

        if user is None:
            return HTTPFound(location='/reset-password.html')

        if 'form-change' in request.POST:
            password = request.POST.get('change-password')
            confirm = request.POST.get('confirm-password')
            if not password:
                return

            if password != confirm:
                self.message = \
                    'Password and Confirm password has to be identical.'

            if self.userid is not None:
                tokenService.remove(self.token)

            user.password = ptah.pwd_tool.encode(password)
            if not user.validated:
                user.validated = datetime.now()

            headers = {}
            if not principal:
                headers = remember(request, user.__uri__)

            return HTTPFound(
                location='/dashboard.html?message=Password has been changed',
                headers = headers)

        token = request.params.get('token')
        if not token and user is None:
            return HTTPFound(location='/dashboard.html')