def password_reminder(email, request):
"""
For an email address, find the corresponding team and send a password
reset token. If no team is found send an email that no user was found for
this address.
"""
mailer = get_mailer(request)
team = DBSession.query(Team).filter(Team.email == email).first()
if team:
# send mail with reset token
team.reset_token = random_token()
html = render('mail_password_reset_valid.mako', {'team': team},
request=request)
recipients = [team.email]
else:
# send mail with information that no team was found for that address.
html = render('mail_password_reset_invalid.mako', {'email': email},
request=request)
recipients = [email]
competition = request.registry.settings['competition_title']
message = Message(subject="Password Reset for %s" % competition,
recipients=recipients,
html=html,
)
mailer.send(message)
return team
def profile(self):
"""
Here a team can alter their profile, i.e. change their email, password,
location or timezone. The team name is fixed and can only be changed
by administrators.
"""
form = ProfileForm(self.request.POST, self.request.team,
csrf_context=self.request)
retparams = {'form': form,
'team': self.request.team,
}
redirect = HTTPFound(location=self.request.route_url('profile'))
if self.request.method == 'POST':
if form.cancel.data:
self.request.session.flash("Edit aborted")
return redirect
if not form.validate():
return retparams
if form.avatar.delete:
self.request.team.delete_avatar()
elif form.avatar.data is not None and form.avatar.data != '':
# Handle new avatar
ext = form.avatar.data.filename.rsplit('.', 1)[-1]
if ext not in ('gif', 'jpg', 'jpeg', 'bmp', 'png'):
self.request.session.flash("Invalid file extension.")
return redirect
self.request.team.avatar_filename = random_token() + "." + ext
with open(self.request.team.full_avatar_path, "w") as out:
in_file = form.avatar.data.file
in_file.seek(0)
while True:
data = in_file.read(2 << 16)
if not data:
break
out.write(data)
in_file.seek(0)
to_update = ['email', 'avatar', 'country', 'timezone', 'size']
if form.old_password.data:
to_update.append('password')
for fieldname in to_update:
setattr(self.request.team, fieldname, form.data[fieldname])
self.request.session.flash('Your profile has been updated')
return redirect
return retparams
def test_random_token():
assert len(random_token()) == 64
assert len(random_token(32)) == 32
def test_check_password_reset_token(self):
t = self.make_team()
t.reset_token = random_token()
self.dbsession.add(t)
team = check_password_reset_token(t.reset_token)
assert team == t
