def update_password(self, request): """ Updates the password using the form data (if permitted to do so). Returns True if successful, False if not successful. """ data = request.load_url_safe_token(self.token.data, max_age=86400) if not data: return False if not data.get('username') == self.email.data: return False users = UserCollection(request.app.session()) user = users.by_username(self.email.data) if not user: return False modified = user.modified.isoformat() if user.modified else '' if modified != data['modified']: return False user.password = self.password.data return True
def handle_user_profile(self, request, form): """ Handles the GET and POST login requests. """ layout = DefaultLayout(self, request) collection = UserCollection(request.app.session()) user = collection.by_username(request.identity.userid) if form.submitted(request): form.update_model(user) request.success(_("Your changes were saved")) else: form.apply_model(user) layout.breadcrumbs = [ Link(_("Homepage"), layout.homepage_url), Link(_("User Profile"), request.link(self)) ] return { 'layout': layout, 'title': _("User Profile"), 'form': form, 'username': user.username, 'role': user.role }
def handle_password_reset_request(self, request, form): """ Handles the password reset requests. """ show_form = True callout = None if form.submitted(request): users = UserCollection(request.session) user = users.by_username(form.email.data) if user: url = password_reset_url( user, request, request.link(self, name='reset-password') ) request.app.send_transactional_email( subject=request.translate(_("Password reset")), receivers=(user.username, ), reply_to=request.app.mail['transactional']['sender'], content=render_template( 'mail_password_reset.pt', request, { 'title': request.translate(_("Password reset")), 'model': None, 'url': url, 'layout': MailLayout(self, request) } ) ) else: log.info( "Failed password reset attempt by {}".format( request.client_addr ) ) show_form = False callout = _( ( 'A password reset link has been sent to ${email}, provided an ' 'account exists for this email address.' ), mapping={'email': form.email.data} ) return { 'layout': DefaultLayout(self, request), 'title': _('Reset password'), 'form': form, 'show_form': show_form, 'callout': callout }
def handle_password_reset_request(self, request, form): """ Handles the password reset requests. """ show_form = True callout = None if form.submitted(request): users = UserCollection(request.session) user = users.by_username(form.email.data) if user: url = password_reset_url( user, request, request.link(self, name='reset-password') ) request.app.send_transactional_email( subject=request.translate(_("Password reset")), receivers=(user.username, ), reply_to=request.app.mail['transactional']['sender'], content=render_template( 'mail_password_reset.pt', request, { 'title': request.translate(_("Password reset")), 'model': None, 'url': url, 'layout': MailLayout(self, request) } ) ) else: log.info( "Failed password reset attempt by {}".format( request.client_addr ) ) show_form = False callout = _( ( 'A password reset link has been sent to ${email}, provided an ' 'account exists for this email address.' ), mapping={'email': form.email.data} ) return { 'layout': Layout(self, request), 'title': _('Reset password'), 'form': form, 'show_form': show_form, 'callout': callout }
def get_token(self, request): """ Returns the user and a token for the given username to reset the password. If the username is not found, (None, None) is returned. """ users = UserCollection(request.app.session()) user = users.by_username(self.email.data) token = None if user is not None: modified = user.modified.isoformat() if user.modified else "" token = request.new_url_safe_token({"username": user.username, "modified": modified}) return user, token
def get_identity(self, request): """ Returns the given user by username, token and the new password. If the username is not found or the token invalid, None is returned. """ data = request.load_url_safe_token(self.token.data, max_age=86400) if data and data["username"] == self.email.data: users = UserCollection(request.app.session()) user = users.by_username(self.email.data) if user: modified = user.modified.isoformat() if user.modified else "" if modified == data["modified"]: user.password = self.password.data return morepath.Identity( userid=user.username, role=user.role, application_id=request.app.application_id ) return None
def delete_user(self, request, form): """ Delete a user. Publishers may only edit members. Admins can not be deleted. """ layout = Layout(self, request) if self.role != 'member' and not request.is_secret(self): raise HTTPForbidden() if self.official_notices or self.changes: request.message(_("There are official notices linked to this user!"), 'warning') if form.submitted(request): collection = UserCollection(request.session) user = collection.by_username(self.username) if user.role != 'admin': self.logout_all_sessions(request) collection.delete(self.username) request.message(_("User deleted."), 'success') return redirect(layout.manage_users_link) return { 'message': _('Do you really want to delete "${item}"?', mapping={'item': self.title}), 'layout': layout, 'form': form, 'title': self.title, 'subtitle': _("Delete User"), 'button_text': _("Delete User"), 'button_class': 'alert', 'cancel': layout.manage_users_link }
def user(self): users = UserCollection(self.request.session) return users.by_username(self.username)