def _forgotten_password(self): """Action to let the user request a password change. GET returns a form for emailing them the password change confirmation. POST checks the form and then creates a confirmation record: date, email_address, and a url_hash that is a hash of a combination of date, email_address, and a random nonce. The email address must exist in the person database. The second half of the password change operation happens in the ``confirm`` action. """ c.email = self.form_result['email_address'] c.person = Person.find_by_email(c.email) if c.person is not None: # Check if there is already a password recovery in progress reset = PasswordResetConfirmation.find_by_email(c.email) if reset is not None: return render('person/in_progress.mako') # Ok kick one off c.conf_rec = PasswordResetConfirmation(email_address=c.email) meta.Session.add(c.conf_rec) meta.Session.commit() email(c.email, render('person/confirmation_email.mako')) return render('person/password_confirmation_sent.mako')