def reset_password(request, account_id, primary_secret): """ http://localhost/accounts/[email protected]/reset_password/taOFzInlYlDKLbiM """ params = {'ACCOUNT_ID': account_id, 'PRIMARY_SECRET': primary_secret, 'SETTINGS': settings} if HTTP_METHOD_POST == request.method: secondary_secret = request.POST.get('conf1') + request.POST.get('conf2') # check the validity of the primary and secondary secrets api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, settings.INDIVO_SERVER_LOCATION) ret = api.check_account_secrets(account_id=account_id, primary_secret=primary_secret, parameters={ 'secondary_secret': secondary_secret }) # secrets are valid, set the new password: if 200 == ret.response.get('response_status', 0): params['SECONDARY_SECRET'] = secondary_secret # get account info ret = api.account_info(account_id = account_id) account = utils.parse_account_xml(ret.response.get('response_data') or '<root/>') # check passwords pw1 = request.POST.get('pw1') if len(pw1) >= (settings.REGISTRATION['min_password_length'] or 8): pw2 = request.POST.get('pw2') if pw1 == pw2: ret = api.account_set_password(account_id=account_id, data={'password': pw1}) # password was reset, log the user in if 200 == ret.response.get('response_status', 0): try: try: username = account['auth_systems'][0]['username'] # TODO: I don't like this... tokens_get_from_server(request, username, pw1) except Exception as e: params['ERROR'] = ErrorStr(str(e)) # We'll never see this return HttpResponseRedirect(reverse(index)) except IOError as e: params['ERROR'] = ErrorStr(e.strerror) else: params['ERROR'] = ErrorStr(ret.response.get('response_data') or 'Password reset failed') else: params['ERROR'] = ErrorStr('Passwords do not match') else: params['ERROR'] = ErrorStr('Password too short') # wrong secrets (primary or secondary) else: params['ERROR'] = ErrorStr(ret.response.get('response_data') or 'Wrong confirmation code') return utils.render_template('ui/reset_password', params)
def forgot_password_3(request): errors = {'generic': 'There was a problem resetting your password. Please try again. If you are unable to set up your account please contact support.'} account_id = request.POST['account_id'] password = request.POST['pw1'] api = IndivoClient(settings.CONSUMER_KEY, settings.CONSUMER_SECRET, settings.INDIVO_SERVER_LOCATION) ret = api.account_info(account_id = account_id) e = ET.fromstring(ret.response['response_data']) username = e.find('authSystem').get('username') ret = api.account_set_password(account_id = account_id, data={'password':password}) if ret.response['response_status'] == 200: tokens_get_from_server(request, username, password) return HttpResponseRedirect(reverse(index)) else: return utils.render_template('ui/forgot_password_3', {'ERROR': errors['generic']})