def forgot_password(request):
"""Display forgot password form or do the password recovery
"""
import urllib
settings = request.registry.settings
_ = get_localizer(request)
factory = FormFactory(_)
ForgotPasswordForm = factory.make_forgot_password_form()
form = ForgotPasswordForm(request.params)
session = request.db_session
user_model = UserModel(session)
if request.method == 'POST' and form.validate():
email = request.params['email']
user = user_model.get_by_email(email)
if user is None:
msg = _(u'Cannot find the user')
form.email.errors.append(msg)
return dict(form=form)
user_name = user.user_name
user_id = user.user_id
# TODO: limit frequency here
# generate verification
auth_secret_key = settings['auth_secret_key']
code = user_model.get_recovery_code(auth_secret_key, user_id)
link = request.route_url('account.recovery_password')
query = dict(user_name=user_name, code=code)
link = link + '?' + urllib.urlencode(query)
params = dict(link=link, user_name=user_name)
html = render_mail(
request,
'ez2pay:templates/mails/password_recovery.genshi',
params
)
send_mail(
request=request,
subject=_('ez2pay password recovery'),
to_addresses=[email],
format='html',
body=html
)
request.add_flash(_(u'To reset your password, please check your '
'mailbox and click the password recovery link'))
return dict(form=form)
def register(request):
_ = get_localizer(request)
settings = request.registry.settings
user_model = UserModel(request.db_session)
factory = FormFactory(_)
RegisterForm = factory.make_register_form()
form = RegisterForm(request.params)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
user_name = request.params['user_name']
password = request.params['password']
email = request.params['email']
black_domain = set(settings.get('email_black_domain_list', []))
domain = email.split('@')[-1].lower()
if domain in black_domain:
msg = _(u'Invalid email address')
form.email.errors.append(msg)
validate_result = False
by_name = user_model.get_by_name(user_name)
if by_name is not None:
msg = _(u'Username %s already exists') % user_name
form.user_name.errors.append(msg)
validate_result = False
by_email = user_model.get_by_email(email)
if by_email is not None:
msg = _(u'Email %s already exists') % email
form.email.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
user_id = user_model.create(
user_name=user_name,
display_name=user_name,
password=password,
email=email,
)
auth_secret_key = settings['auth_secret_key']
code = user_model.get_verification_code(
user_id=user_id,
verify_type='create_user',
secret=auth_secret_key
)
link = request.route_url(
'account.activate',
user_name=user_name,
code=code
)
params = dict(link=link, user_name=user_name)
html = render_mail(
request,
'ez2pay:templates/mails/register_link.genshi',
params
)
subject = _('ez2pay account activation')
send_mail(
request=request,
subject=subject,
to_addresses=[email],
format='html',
body=html
)
msg = _(u"User ${user_name} has been registered",
mapping=dict(user_name=user_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('account.check_mailbox'))
return dict(form=form)