def update_password(self, request):
""" Updates the password using the form data (if permitted to do so).
Returns True if successful, False if not successful.
"""
data = request.load_url_safe_token(self.token.data, max_age=86400)
if not data:
return False
if not data.get('username') == self.email.data:
return False
users = UserCollection(request.app.session())
user = users.by_username(self.email.data)
if not user:
return False
modified = user.modified.isoformat() if user.modified else ''
if modified != data['modified']:
return False
user.password = self.password.data
return True
def handle_user_profile(self, request, form):
""" Handles the GET and POST login requests. """
layout = DefaultLayout(self, request)
collection = UserCollection(request.app.session())
user = collection.by_username(request.identity.userid)
if form.submitted(request):
form.update_model(user)
request.success(_("Your changes were saved"))
else:
form.apply_model(user)
layout.breadcrumbs = [
Link(_("Homepage"), layout.homepage_url),
Link(_("User Profile"), request.link(self))
]
return {
'layout': layout,
'title': _("User Profile"),
'form': form,
'username': user.username,
'role': user.role
}
def handle_password_reset_request(self, request, form):
""" Handles the password reset requests. """
show_form = True
callout = None
if form.submitted(request):
users = UserCollection(request.session)
user = users.by_username(form.email.data)
if user:
url = password_reset_url(
user,
request,
request.link(self, name='reset-password')
)
request.app.send_transactional_email(
subject=request.translate(_("Password reset")),
receivers=(user.username, ),
reply_to=request.app.mail['transactional']['sender'],
content=render_template(
'mail_password_reset.pt',
request,
{
'title': request.translate(_("Password reset")),
'model': None,
'url': url,
'layout': MailLayout(self, request)
}
)
)
else:
log.info(
"Failed password reset attempt by {}".format(
request.client_addr
)
)
show_form = False
callout = _(
(
'A password reset link has been sent to ${email}, provided an '
'account exists for this email address.'
),
mapping={'email': form.email.data}
)
return {
'layout': DefaultLayout(self, request),
'title': _('Reset password'),
'form': form,
'show_form': show_form,
'callout': callout
}
def handle_password_reset_request(self, request, form):
""" Handles the password reset requests. """
show_form = True
callout = None
if form.submitted(request):
users = UserCollection(request.session)
user = users.by_username(form.email.data)
if user:
url = password_reset_url(
user,
request,
request.link(self, name='reset-password')
)
request.app.send_transactional_email(
subject=request.translate(_("Password reset")),
receivers=(user.username, ),
reply_to=request.app.mail['transactional']['sender'],
content=render_template(
'mail_password_reset.pt',
request,
{
'title': request.translate(_("Password reset")),
'model': None,
'url': url,
'layout': MailLayout(self, request)
}
)
)
else:
log.info(
"Failed password reset attempt by {}".format(
request.client_addr
)
)
show_form = False
callout = _(
(
'A password reset link has been sent to ${email}, provided an '
'account exists for this email address.'
),
mapping={'email': form.email.data}
)
return {
'layout': Layout(self, request),
'title': _('Reset password'),
'form': form,
'show_form': show_form,
'callout': callout
}
def get_token(self, request):
""" Returns the user and a token for the given username to reset the
password. If the username is not found, (None, None) is returned.
"""
users = UserCollection(request.app.session())
user = users.by_username(self.email.data)
token = None
if user is not None:
modified = user.modified.isoformat() if user.modified else ""
token = request.new_url_safe_token({"username": user.username, "modified": modified})
return user, token
def get_identity(self, request):
""" Returns the given user by username, token and the new password.
If the username is not found or the token invalid, None is returned.
"""
data = request.load_url_safe_token(self.token.data, max_age=86400)
if data and data["username"] == self.email.data:
users = UserCollection(request.app.session())
user = users.by_username(self.email.data)
if user:
modified = user.modified.isoformat() if user.modified else ""
if modified == data["modified"]:
user.password = self.password.data
return morepath.Identity(
userid=user.username, role=user.role, application_id=request.app.application_id
)
return None
def delete_user(self, request, form):
""" Delete a user.
Publishers may only edit members. Admins can not be deleted.
"""
layout = Layout(self, request)
if self.role != 'member' and not request.is_secret(self):
raise HTTPForbidden()
if self.official_notices or self.changes:
request.message(_("There are official notices linked to this user!"),
'warning')
if form.submitted(request):
collection = UserCollection(request.session)
user = collection.by_username(self.username)
if user.role != 'admin':
self.logout_all_sessions(request)
collection.delete(self.username)
request.message(_("User deleted."), 'success')
return redirect(layout.manage_users_link)
return {
'message':
_('Do you really want to delete "${item}"?',
mapping={'item': self.title}),
'layout':
layout,
'form':
form,
'title':
self.title,
'subtitle':
_("Delete User"),
'button_text':
_("Delete User"),
'button_class':
'alert',
'cancel':
layout.manage_users_link
}
def user(self):
users = UserCollection(self.request.session)
return users.by_username(self.username)
