def password_reminder(email, request): """ For an email address, find the corresponding team and send a password reset token. If no team is found send an email that no user was found for this address. """ mailer = get_mailer(request) team = DBSession.query(Team).filter(Team.email == email).first() if team: # send mail with reset token team.reset_token = random_token() html = render('mail_password_reset_valid.mako', {'team': team}, request=request) recipients = [team.email] else: # send mail with information that no team was found for that address. html = render('mail_password_reset_invalid.mako', {'email': email}, request=request) recipients = [email] competition = request.registry.settings['competition_title'] message = Message(subject="Password Reset for %s" % competition, recipients=recipients, html=html, ) mailer.send(message) return team
def profile(self): """ Here a team can alter their profile, i.e. change their email, password, location or timezone. The team name is fixed and can only be changed by administrators. """ form = ProfileForm(self.request.POST, self.request.team, csrf_context=self.request) retparams = {'form': form, 'team': self.request.team, } redirect = HTTPFound(location=self.request.route_url('profile')) if self.request.method == 'POST': if form.cancel.data: self.request.session.flash("Edit aborted") return redirect if not form.validate(): return retparams if form.avatar.delete: self.request.team.delete_avatar() elif form.avatar.data is not None and form.avatar.data != '': # Handle new avatar ext = form.avatar.data.filename.rsplit('.', 1)[-1] if ext not in ('gif', 'jpg', 'jpeg', 'bmp', 'png'): self.request.session.flash("Invalid file extension.") return redirect self.request.team.avatar_filename = random_token() + "." + ext with open(self.request.team.full_avatar_path, "w") as out: in_file = form.avatar.data.file in_file.seek(0) while True: data = in_file.read(2 << 16) if not data: break out.write(data) in_file.seek(0) to_update = ['email', 'avatar', 'country', 'timezone', 'size'] if form.old_password.data: to_update.append('password') for fieldname in to_update: setattr(self.request.team, fieldname, form.data[fieldname]) self.request.session.flash('Your profile has been updated') return redirect return retparams
def test_random_token(): assert len(random_token()) == 64 assert len(random_token(32)) == 32
def test_check_password_reset_token(self): t = self.make_team() t.reset_token = random_token() self.dbsession.add(t) team = check_password_reset_token(t.reset_token) assert team == t