Exemplo n.º 1
0
def reset():
    next_path = request.params.get('next', '/')
    form = PasswordResetForm(request.params)
    if request.user.is_authenticated:
        # Set arbitrary non-empty value to prevent form error. We don't really
        # care about this field otherwise.
        form.reset_token.bind_value('not needed')
    if not form.is_valid():
        return dict(next_path=next_path, form=form)
    if request.user.is_authenticated:
        username = request.user.username
    else:
        user = User.from_reset_token(form.processed_data['reset_token'])
        if not user:
            form._error = ValidationError('invalid_token', {'value': ''})
            return dict(next_path=next_path, form=form)
        username = user.username
    User.set_password(username, form.processed_data['password1'])
    if request.user.is_authenticated:
        request.user.logout()
    login_url = i18n_url('auth:login_form') + set_qparam(
        next=next_path).to_qs()
    return template(
        'ui/feedback.tpl',
        # Translators, used as page title on feedback page
        page_title=_('New password was set'),
        # Translators, used as link label on feedback page in "You
        # will be taken to log-in page..."
        redirect_target=_('log-in page'),
        # Translators, shown after password has been changed
        message=_("Password for username '{username}' has been "
                  "set.").format(username=username),
        status='success',
        redirect_url=login_url)
Exemplo n.º 2
0
def reset():
    next_path = request.params.get('next', '/')
    form = PasswordResetForm(request.params)
    if request.user.is_authenticated:
        # Set arbitrary non-empty value to prevent form error. We don't really
        # care about this field otherwise.
        form.reset_token.bind_value('not needed')
    if not form.is_valid():
        return dict(next_path=next_path, form=form)
    if request.user.is_authenticated:
        username = request.user.username
    else:
        user = User.from_reset_token(form.processed_data['reset_token'])
        if not user:
            form._error = ValidationError('invalid_token', {'value': ''})
            return dict(next_path=next_path, form=form)
        username = user.username
    User.set_password(username, form.processed_data['password1'])
    if request.user.is_authenticated:
        request.user.logout()
    login_url = i18n_url('auth:login_form') + set_qparam(
        next=next_path).to_qs()
    return template('ui/feedback.tpl',
                    # Translators, used as page title on feedback page
                    page_title=_('New password was set'),
                    # Translators, used as link label on feedback page in "You
                    # will be taken to log-in page..."
                    redirect_target=_('log-in page'),
                    # Translators, shown after password has been changed
                    message=_("Password for username '{username}' has been "
                              "set.").format(username=username),
                    status='success',
                    redirect_url=login_url)
def reset():
    reset_token = request.params.get('reset_token')
    form = EmergencyResetForm(request.params)
    if not form.is_valid():
        return dict(form=form, reset_token=reset_token)

    request.db.auth.execute(request.db.auth.Delete('users'))
    request.db.sessions.execute(request.db.sessions.Delete('sessions'))
    username = form.processed_data['username']
    User.create(username,
                form.processed_data['password1'],
                is_superuser=True,
                db=request.db.auth,
                reset_token=reset_token)
    return template(
        'ui/feedback.tpl',
        # Translators, used as page title on feedback page
        page_title=_('Emergency reset successful'),
        # Translators, used as link label on feedback page in "You
        # will be taken to log-in page..."
        redirect_target=_('log-in page'),
        # Translators, shown after emergency reset
        message=_("You may now log in as "
                  "'{username}'.").format(username=username),
        status='success',
        redirect_url=i18n_url('auth:login_form'))
Exemplo n.º 4
0
def setup_superuser():
    form = RegistrationForm(request.forms)
    reset_token = request.params.get('reset_token')
    if not form.is_valid():
        return dict(successful=False, form=form, reset_token=reset_token)

    User.create(form.processed_data['username'],
                form.processed_data['password1'],
                is_superuser=True,
                db=request.db.auth,
                reset_token=reset_token)
    return dict(successful=True)
Exemplo n.º 5
0
def setup_superuser():
    form = RegistrationForm(request.forms)
    reset_token = request.params.get('reset_token')
    if not form.is_valid():
        return dict(successful=False, form=form, reset_token=reset_token)

    User.create(form.processed_data['username'],
                form.processed_data['password1'],
                is_superuser=True,
                db=request.db.auth,
                reset_token=reset_token)
    return dict(successful=True)
def show_emergency_reset_form():
    config = request.app.config
    token_path = config.get('emergency.file', '')

    if not os.path.isfile(token_path):
        # Not configured or missing emergency reset token file
        abort(404)

    with open(token_path, 'r') as f:
        token = f.read()
        if not token.strip():
            # Token file is empty, so treat it as missing token file
            abort(404)

    # If user is already logged in, redirect to password reset page instead.
    # Thre's no need to do anything heavy-handed in this case.
    if request.user.is_authenticated:
        return redirect(i18n_url('auth:reset_form'))

    return dict(form=EmergencyResetForm(),
                reset_token=User.generate_reset_token())
Exemplo n.º 7
0
def setup_superuser_form():
    return dict(form=RegistrationForm(),
                reset_token=User.generate_reset_token())
Exemplo n.º 8
0
def setup_superuser_form():
    return dict(form=RegistrationForm(),
                reset_token=User.generate_reset_token())
Exemplo n.º 9
0
    def validate(self):
        username = self.processed_data['username']
        password = self.processed_data['password']

        if not User.login(username, password):
            raise form.ValidationError('login_error', {})
Exemplo n.º 10
0
    def validate(self):
        username = self.processed_data['username']
        password = self.processed_data['password']

        if not User.login(username, password):
            raise form.ValidationError('login_error', {})