def beforeMailPassword(self, login, REQUEST, **kw):
""" Password reset only with Role 'Member' """
portal = getSite()
reject_non_members = IAnnotations(portal).get('rohberg.doorman.reject_non_members', True)
if reject_non_members:
membership = getToolByName(self, 'portal_membership')
member = membership.getMemberById(login)
if member:
if not (member.has_role("Member") or member.has_role("Manager")):
raise ValueError(_(u"Your account is locked."))
return self.original_mailPassword(login, REQUEST, **kw)
def testPasswordValidity(self, password, confirm=None):
""" Verify that the password satisfies the portal's requirements.
o If the password is valid, return None.
o If not, return a string explaining why.
"""
if not password:
return _(u'You must enter a password.')
# if len(password) < 5 and not _checkPermission(ManagePortal, self):
# return _(u'Your password must contain at least 5 characters.')
if confirm is not None and confirm != password:
return _(u'Your password and confirmation did not match. '
u'Please try again.')
# changes:
# Use PAS to test validity
pas_instance = self.acl_users
plugins = pas_instance._getOb('plugins')
validators = plugins.listPlugins(IValidationPlugin)
err = []
for validator_id, validator in validators:
user = None
set_id = ''
set_info = {'password':password}
errors = validator.validateUserInfo( user, set_id, set_info )
err += [info['error'] for info in errors if info['id'] == 'password' ]
if err:
return ' '.join(err)
else:
# original policy if no custom policy defined
if len(password) < 5 and not _checkPermission(ManagePortal, self):
return _(u'Your password must contain at least 5 characters.')
return None
def redirect_to_loggedout_reset_password(user):
"""
Redirects the user to reset password form
:return: True or False depending if we found a redirect target or not
"""
portal = getSite()
request = getattr(portal, "REQUEST", None)
if not request:
return False
username = user.getId()
def isPasswordDurationExpired(portal, member):
try:
member.getUserId()
except:
return False
plugin = portal.acl_users.get(PLUGIN_ID, None)
if not plugin:
return False
password_duration = plugin.getPasswordDuration()
# if no password_duration defined or password_duration == 0: no password reset neccessary
if password_duration < 1:
return False
jetzt = DateTime()
last_password_reset = member.getProperty('last_password_reset', jetzt-1000)
cond = last_password_reset+password_duration < jetzt
if cond:
return True
return False
def getPasswordResetURL(portal, username):
reset_tool = getToolByName(portal, 'portal_password_reset')
reset = reset_tool.requestReset(username)
url = u"%s/passwordreset/%s?userid=%s" % (portal.absolute_url(), reset.get('randomstring',""), username)
return url
# reject non-members and redirect to info page
annotations = IAnnotations(portal)
reject_non_members = annotations.get('rohberg.doorman.reject_non_members', True)
if reject_non_members:
if not user.has_role('Member') and not user.has_role('Manager'):
# logout:
noSecurityManager()
logger.info("Redirecting non-member %s to info page" % username)
msg = _(u"Your account is locked.")
portal.plone_utils.addPortalMessage(msg, type='info')
url = portal.absolute_url() + "/login"
return request.response.redirect(url)
if isPasswordDurationExpired(portal, user):
# logout:
noSecurityManager()
url = getPasswordResetURL(portal, username)
logger.info("Redirecting user %s to reset password form %s" % (username, url))
msg = _(u"Your password is expired. Please reset your password.")
portal.plone_utils.addPortalMessage(msg, type='error')
request.response.redirect(url)
return True
# Let the normal login proceed to the page "You are now logged in" etc.
return False
