def reset(): next_path = request.params.get('next', '/') form = PasswordResetForm(request.params) if request.user.is_authenticated: # Set arbitrary non-empty value to prevent form error. We don't really # care about this field otherwise. form.reset_token.bind_value('not needed') if not form.is_valid(): return dict(next_path=next_path, form=form) if request.user.is_authenticated: username = request.user.username else: user = User.from_reset_token(form.processed_data['reset_token']) if not user: form._error = ValidationError('invalid_token', {'value': ''}) return dict(next_path=next_path, form=form) username = user.username User.set_password(username, form.processed_data['password1']) if request.user.is_authenticated: request.user.logout() login_url = i18n_url('auth:login_form') + set_qparam( next=next_path).to_qs() return template( 'ui/feedback.tpl', # Translators, used as page title on feedback page page_title=_('New password was set'), # Translators, used as link label on feedback page in "You # will be taken to log-in page..." redirect_target=_('log-in page'), # Translators, shown after password has been changed message=_("Password for username '{username}' has been " "set.").format(username=username), status='success', redirect_url=login_url)
def reset(): next_path = request.params.get('next', '/') form = PasswordResetForm(request.params) if request.user.is_authenticated: # Set arbitrary non-empty value to prevent form error. We don't really # care about this field otherwise. form.reset_token.bind_value('not needed') if not form.is_valid(): return dict(next_path=next_path, form=form) if request.user.is_authenticated: username = request.user.username else: user = User.from_reset_token(form.processed_data['reset_token']) if not user: form._error = ValidationError('invalid_token', {'value': ''}) return dict(next_path=next_path, form=form) username = user.username User.set_password(username, form.processed_data['password1']) if request.user.is_authenticated: request.user.logout() login_url = i18n_url('auth:login_form') + set_qparam( next=next_path).to_qs() return template('ui/feedback.tpl', # Translators, used as page title on feedback page page_title=_('New password was set'), # Translators, used as link label on feedback page in "You # will be taken to log-in page..." redirect_target=_('log-in page'), # Translators, shown after password has been changed message=_("Password for username '{username}' has been " "set.").format(username=username), status='success', redirect_url=login_url)
def reset(): reset_token = request.params.get('reset_token') form = EmergencyResetForm(request.params) if not form.is_valid(): return dict(form=form, reset_token=reset_token) request.db.auth.execute(request.db.auth.Delete('users')) request.db.sessions.execute(request.db.sessions.Delete('sessions')) username = form.processed_data['username'] User.create(username, form.processed_data['password1'], is_superuser=True, db=request.db.auth, reset_token=reset_token) return template( 'ui/feedback.tpl', # Translators, used as page title on feedback page page_title=_('Emergency reset successful'), # Translators, used as link label on feedback page in "You # will be taken to log-in page..." redirect_target=_('log-in page'), # Translators, shown after emergency reset message=_("You may now log in as " "'{username}'.").format(username=username), status='success', redirect_url=i18n_url('auth:login_form'))
def setup_superuser(): form = RegistrationForm(request.forms) reset_token = request.params.get('reset_token') if not form.is_valid(): return dict(successful=False, form=form, reset_token=reset_token) User.create(form.processed_data['username'], form.processed_data['password1'], is_superuser=True, db=request.db.auth, reset_token=reset_token) return dict(successful=True)
def show_emergency_reset_form(): config = request.app.config token_path = config.get('emergency.file', '') if not os.path.isfile(token_path): # Not configured or missing emergency reset token file abort(404) with open(token_path, 'r') as f: token = f.read() if not token.strip(): # Token file is empty, so treat it as missing token file abort(404) # If user is already logged in, redirect to password reset page instead. # Thre's no need to do anything heavy-handed in this case. if request.user.is_authenticated: return redirect(i18n_url('auth:reset_form')) return dict(form=EmergencyResetForm(), reset_token=User.generate_reset_token())
def setup_superuser_form(): return dict(form=RegistrationForm(), reset_token=User.generate_reset_token())
def validate(self): username = self.processed_data['username'] password = self.processed_data['password'] if not User.login(username, password): raise form.ValidationError('login_error', {})