def activate(self): # k is used in emails # activation_key is the form name key = self.request.get('k') profile = Profile.get_by_activation_key(key) if not profile or profile.activated: self.session.add_flash(messages.PROFILE_ACTIVATION_NOT_FOUND, level='error') self.redirect_to('home') form = ProfileActivationForm(self.request.POST, obj=profile) form.activation_key = key if self.request.method == 'POST' and form.validate(): # Create the webapp2_extras.auth user. model = self.auth.store.user_model ok, user = model.create_user(profile.email, password_raw=form.data['password']) if not ok: self.session.add_flash(messages.PROFILE_ACTIVATION_ERROR, level='error') return self.redirect_to('profile.activate', k=key) # Setup profile, create authentication token and activate profile.name = ' '.join([form.data['first_name'], form.data['last_name']]) # Set as activated (since they've confirmed their e-mail). profile.activated = True profile.activation_key = None profile.auth_user_id = user.key.id() profile.put() # Change the password for the auth_user. user = self.auth.store.user_model.get_by_id(profile.auth_user_id) user.password = security.generate_password_hash(form.data['password'], length=12) user.put() # Log the user in. user_id = user.key.id() self.auth._user = None self.auth.get_user_by_token(user_id, user.create_auth_token(user_id)) # Redirect to the dashboard. self.session.add_flash(messages.PROFILE_ACTIVATION_SUCCESS) return self.redirect_to('home') return self.render_to_response('activate.haml', {'profile': profile, 'form': form})
def forgot_password(self): if self.get_current_profile(): return self.redirect_to('home') key = self.request.get('k') if key: profile = Profile.get_by_activation_key(key) else: profile = None # GET request (either with or without an activation key and profile); # We should show either the form to send the recovery e-mail, or the # form to change your password. if self.request.method == 'GET': return self.render_to_response('forgot_password.haml', {'profile': profile}) if self.request.method == 'POST': email = self.request.POST.get('email', '').strip() password = self.request.POST.get('password', '').strip() # POST request that had an activation key and a matching profile; # We should update their password, log them in, and redirect. if key and profile: # If we didn't submit a password, then start the process over. if not password: return self.redirect_to('forgot-password', k=key) # Set as activated (since they've confirmed their e-mail). profile.activated = True profile.put() # Change the password for the auth_user. user = self.auth.store.user_model.get_by_id(profile.auth_user_id) user.password = security.generate_password_hash(password, length=12) user.put() # Log the user in. user_id = user.key.id() self.auth._user = None self.auth.get_user_by_token(user_id, user.create_auth_token(user_id)) # Redirect to the dashboard. return self.redirect_to('home') # POST request that didn't find a profile, but POST'ed an e-mail address; # We should send them a recovery e-mail. elif email and not profile: profile = Profile.get_by_email(email) if profile: profile.activation_key = None profile.put() context = {'profile': profile} self.send_mail( profile=profile, defer=True, context=context, subject='{0.PRODUCT_NAME} Password Recovery'.format(constants), template='emails/forgot_password.haml') return self.render_to_response('forgot_password.haml') # POST request that was missing something... # We should redirect back to start the process over. else: return self.redirect_to('forgot-password')
def forgot_password(self): if self.get_current_profile(): return self.redirect_to('home') key = self.request.get('k') if key: profile = Profile.get_by_activation_key(key) else: profile = None # GET request (either with or without an activation key and profile); # We should show either the form to send the recovery e-mail, or the # form to change your password. if self.request.method == 'GET': return self.render_to_response('forgot_password.haml', {'profile': profile}) if self.request.method == 'POST': email = self.request.POST.get('email', '').strip() password = self.request.POST.get('password', '').strip() # POST request that had an activation key and a matching profile; # We should update their password, log them in, and redirect. if key and profile: # If we didn't submit a password, then start the process over. if not password: return self.redirect_to('forgot-password', k=key) # Set as activated (since they've confirmed their e-mail). profile.activated = True profile.put() # Change the password for the auth_user. user = self.auth.store.user_model.get_by_id( profile.auth_user_id) user.password = security.generate_password_hash(password, length=12) user.put() # Log the user in. user_id = user.key.id() self.auth._user = None self.auth.get_user_by_token(user_id, user.create_auth_token(user_id)) # Redirect to the dashboard. return self.redirect_to('home') # POST request that didn't find a profile, but POST'ed an e-mail address; # We should send them a recovery e-mail. elif email and not profile: profile = Profile.get_by_email(email) if profile: profile.activation_key = None profile.put() context = {'profile': profile} self.send_mail( profile=profile, defer=True, context=context, subject='{0.PRODUCT_NAME} Password Recovery'.format( constants), template='emails/forgot_password.haml') return self.render_to_response('forgot_password.haml') # POST request that was missing something... # We should redirect back to start the process over. else: return self.redirect_to('forgot-password')