def forgot_password(request):
"""Display forgot password form or do the password recovery
"""
import urllib
settings = request.registry.settings
_ = get_localizer(request)
factory = FormFactory(_)
ForgotPasswordForm = factory.make_forgot_password_form()
form = ForgotPasswordForm(request.params)
session = request.db_session
user_model = UserModel(session)
if request.method == 'POST' and form.validate():
email = request.params['email']
user = user_model.get_by_email(email)
if user is None:
msg = _(u'Cannot find the user')
form.email.errors.append(msg)
return dict(form=form)
user_name = user.user_name
user_id = user.user_id
# TODO: limit frequency here
# generate verification
auth_secret_key = settings['auth_secret_key']
code = user_model.get_recovery_code(auth_secret_key, user_id)
link = request.route_url('account.recovery_password')
query = dict(user_name=user_name, code=code)
link = link + '?' + urllib.urlencode(query)
params = dict(link=link, user_name=user_name)
html = render_mail(
request,
'ez2pay:templates/mails/password_recovery.genshi',
params
)
send_mail(
request=request,
subject=_('ez2pay password recovery'),
to_addresses=[email],
format='html',
body=html
)
request.add_flash(_(u'To reset your password, please check your '
'mailbox and click the password recovery link'))
return dict(form=form)
def recovery_password(request):
"""Display password recovery form or do the password change
"""
_ = get_localizer(request)
settings = request.registry.settings
user_model = UserModel(request.db_session)
user_name = request.params['user_name']
code = request.params['code']
user = user_model.get_by_name(user_name)
if user is None:
return HTTPNotFound(_('No such user %s') % user_name)
user_id = user.user_id
# generate verification
auth_secret_key = settings['auth_secret_key']
valid_code = user_model.get_recovery_code(auth_secret_key, user_id)
if code != valid_code:
return HTTPForbidden(_('Bad password recovery link'))
factory = FormFactory(_)
RecoveryPasswordForm = factory.make_recovery_password_form()
form = RecoveryPasswordForm(request.params, user_name=user_name, code=code)
invalid_msg = _(u'Invalid password recovery link')
redirect_url = request.route_url('front.home')
user = user_model.get_by_name(user_name)
if user is None:
request.add_flash(invalid_msg, 'error')
raise HTTPFound(location=redirect_url)
user_id = user.user_id
if request.method == 'POST' and form.validate():
new_password = request.POST['new_password']
with transaction.manager:
user_model.update_password(user_id, new_password)
msg = _(u'Your password has been updated')
request.add_flash(msg, 'success')
raise HTTPFound(location=redirect_url)
return dict(form=form)
