Example #1
0
def restpass(request):
    title = "Reset password"
    submitted_hmac = request.matchdict.get('hmac')
    user_id = request.matchdict.get('user_id')
    form = Form(request, schema=ResetPasswordForm)
    if 'form_submitted' in request.POST and form.validate():
        user = Users.get_by_id(user_id)
        current_time = time.time()
        time_key = int(base64.b64decode(submitted_hmac[10:]))
        if current_time < time_key:
            hmac_key = hmac.new(
                '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key),
                user.email).hexdigest()[0:10]
            if hmac_key == submitted_hmac[0:10]:
                #Fix me reset email, no such attribute email
                user.password = form.data['password']
                DBSession.merge(user)
                DBSession.flush()
                request.session.flash(
                    'success; Password Changed. Please log in')
                return HTTPFound(location=request.route_url('login'))
            else:
                request.session.flash(
                    'warning; Invalid request, please try again')
                return HTTPFound(location=request.route_url('forgot_password'))
    action_url = request.route_url("reset_password",
                                   user_id=user_id,
                                   hmac=submitted_hmac)
    return {
        'title': title,
        'form': FormRenderer(form),
        'action_url': action_url
    }
Example #2
0
def verify_email(request):
    title = "Email Confirmation"
    submitted_hmac = request.matchdict.get('hmac')
    user_id = request.matchdict.get('user_id')
    user = Users.get_by_id(user_id)
    current_time = time.time()
    time_key = int(base64.b64decode(submitted_hmac[10:]))
    if current_time < time_key:
        hmac_key = hmac.new(
            '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key),
            user.email).hexdigest()[0:10]
        if hmac_key == submitted_hmac[0:10]:
            #Fix me reset email, no such attribute email
            user.email_verified = True
            DBSession.merge(user)
            DBSession.flush()
    if user.email_verified:
        message = 'Your email is now confirmed. Thank you for joining us'
        request.session.flash('success;%s' % message)
        return HTTPFound(location='/')
    else:
        message = 'Error verifying message'
        request.session.flash('success;%s' % message)
        return HTTPFound(location='/')
Example #3
0
def change_pass(request):
    title = "Change your password"
    user = request.user
    username = user.fullname
    changepass_url = request.route_url('change_password')
    referrer = request.url
    if referrer == changepass_url:
        referrer = '/'  # never use the change_pass form itself as came_from
    came_from = request.params.get('came_from', referrer)
    form = Form(request, schema=ChangePasswordForm)

    if 'form_submitted' in request.POST and form.validate():
        user.password = form.data['password']
        DBSession.merge(user)
        DBSession.flush()
        return HTTPFound(location=came_from)
    action_url = request.route_url('change_password')
    return {
        'title': title,
        'form': FormRenderer(form),
        'username': username,
        'user': user,
        'action_url': action_url
    }