def create_forgot_password_request(self, email, location=None) -> Response:
"""Create a new email activation token for a user and produce the following screen.
* Sets user password reset token
* Sends out reset password email
* The existing of user with such email should be validated beforehand
:raise: CannotResetPasswordException if there is any reason the password cannot be reset. Usually wrong email.
"""
request = self.request
user_registry = get_user_registry(request)
reset_info = user_registry.create_password_reset_token(email)
if not reset_info:
raise CannotResetPasswordException("Cannot reset password for email: {}".format(email))
user, token, expiration_seconds = reset_info
link = request.route_url('reset_password', code=token)
context = dict(link=link, user=user, expiration_hours=int(expiration_seconds/3600))
send_templated_mail(request, [email,], "login/email/forgot_password", context=context)
messages.add(request, msg="Please check your email to continue password reset.", kind='success', msg_id="msg-check-email")
if not location:
location = get_config_route(request, 'websauna.request_password_reset_redirect')
assert location
return HTTPFound(location=location)
def create_activation(request, user):
"""Create through-the-web user sign up with his/her email.
We don't want to force the users to pick up an usernames, so we just generate an username.
The user is free to change their username later.
"""
assert user.id
user.username = user.generate_username()
user.registration_source = "email"
db = get_session(request)
Activation = request.registry.getUtility(IActivationClass)
activation = Activation()
db.add(activation)
user.activation = activation
db.flush()
# TODO Create a hook for this, don't assume create_activation() call
# TODO We don't need pystache just for this!
context = {
'link': request.route_url('activate', user_id=uuid_to_slug(user.uuid), code=user.activation.code)
}
send_templated_mail(request, [user.email], "login/email/activate", context)
site_creator = get_site_creator(request.registry)
site_creator.check_empty_site_init(request.dbsession, user)
def push_notification(self, a: Activity):
user = a.stream.user
# No email configured
if not user.email:
return
renderer = get_activity_renderer(self.request, a)
title = renderer.render_title(self.request, self.__name__)
html_body = renderer.render_html_body(self.request, self.__name__)
link = renderer.render_link(self.request, self.__name__)
context = {"title": title, "html_body": html_body, "link": link}
send_templated_mail(self.request, [user.email],
"activitystream/email/notification",
context=context)
def create_forgot_password_request(self,
email: str,
location: str = None) -> Response:
"""Create a new email activation token for a user and produce the following screen.
* Sets user password reset token
* Sends out reset password email
* The existing of user with such email should be validated beforehand
:param email: User email.
:param location: URL to redirect the user after the password request.
:return: Redirect to location.
:raise: CannotResetPasswordException if there is any reason the password cannot be reset. Usually wrong email.
"""
request = self.request
user_registry = get_user_registry(request)
reset_info = user_registry.create_password_reset_token(email)
if not reset_info:
raise CannotResetPasswordException(
"Cannot reset password for email: {email}".format(email=email))
user, token, expiration_seconds = reset_info
link = request.route_url('reset_password', code=token)
context = dict(link=link,
user=user,
expiration_hours=int(expiration_seconds / 3600))
send_templated_mail(request, [
email,
],
"login/email/forgot_password",
context=context)
messages.add(request,
msg="Please check your email to continue password reset.",
kind='success',
msg_id="msg-check-email")
if not location:
location = get_config_route(
request, 'websauna.request_password_reset_redirect')
assert location
return HTTPFound(location=location)
def create_email_activation(self, user: IUser):
"""Create through-the-web user sign up with his/her email.
We don't want to force the users to pick up an usernames, so we just generate an username.
The user is free to change their username later.
"""
user_registry = get_user_registry(self.request)
activation_code, expiration_seconds = user_registry.create_email_activation_token(user)
context = {
'link': self.request.route_url('activate', code=activation_code),
'expiration_hours': int(expiration_seconds/3600),
}
logger.info("Sending sign up email to %s", user.email)
# TODO: Broken abstraction, we assume user.email is a attribute
send_templated_mail(self.request, [user.email], "login/email/activate", context)
def start_email_login(request: Request,
email: str,
next_url: Optional[str] = None,
extras: Optional[dict] = None):
request.session["email"] = email
token, data = set_verification_token(request,
"email",
email,
next_url=next_url,
extras=extras)
verify_link = request.route_url("verify_email_login", token=token)
verify_minutes = int(
int(
request.registry.settings.get(
"magiclink.email_token_expiration_seconds", 300)) / 60)
logger.info("Sending email login verification email to %s, next url: %s",
email, next_url)
send_templated_mail(
request, [email], "magiclogin/email/verify_email",
dict(verify_link=verify_link, verify_minutes=verify_minutes))
def forgot_password(self):
req = self.request
schema = req.registry.getUtility(IForgotPasswordSchema)
schema = schema().bind(request=req)
form = req.registry.getUtility(IForgotPasswordForm)
form = form(schema)
if req.method == 'GET':
if req.user:
return HTTPFound(location=self.forgot_password_redirect_view)
else:
return {'form': form.render()}
# From here on, we know it's a POST. Let's validate the form
controls = req.POST.items()
try:
captured = form.validate(controls)
except deform.ValidationFailure as e:
# This catches if the email does not exist, too.
return {'form': e.render(), 'errors': e.error.children}
user = self.User.get_by_email(req, captured['email'])
activation = self.Activation()
self.db.add(activation)
self.db.flush()
user.activation = activation
assert user.activation.code, "Could not generate the password reset code"
link = req.route_url('reset_password', code=user.activation.code)
context = dict(link=link, user=user)
send_templated_mail(req, [user.email], "login/email/forgot_password", context=context)
FlashMessage(req, "Please check your email to continue password reset.", kind='success')
return HTTPFound(location=self.reset_password_redirect_view)
