def GET(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the user associated with the token password_fieldset = user_forms.NewPasswordFieldSet().bind(password_token.user) return config.views.layout(config.views.creation_form(password_fieldset))
def test_get_token(self): # These tests work because a PasswordTokenData has a similar structure to a PasswordToken # When Tournament.__eq__ is called, it compares the fields without caring of the parameters' actual types self.assertIsNone(PasswordToken.get_token(None)) self.assertIsNone(PasswordToken.get_token("")) self.assertIsNone(PasswordToken.get_token("invalid_token")) self.assertIsNone(PasswordToken.get_token("znc9TNqpajeN2nEH")) self.assertIsNone(PasswordToken.get_token("xjRp67wh3HdjEI6I")) self.assertEquals(PasswordToken.get_token("goB9Z7fhsUrjXHDi"), PasswordTokenData.password_token_expired) self.assertEquals(PasswordToken.get_token("xYCPayfPCPEPCPaL"), PasswordTokenData.password_token_active)
def GET(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the user associated with the token password_fieldset = user_forms.NewPasswordFieldSet().bind( password_token.user) return config.views.layout( config.views.creation_form(password_fieldset))
def POST(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used password_fieldset = user_forms.NewPasswordFieldSet(password_token).bind(password_token.user, data=web.input()) # Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process) if password_fieldset.validate(): password_fieldset.sync() http.register_hook(lambda: session.login_workflow(password_fieldset.model)) raise web.seeother("/") else: return config.views.layout(config.views.creation_form(password_fieldset))
def POST(self): # Reads the token in the HTTP request parameters token = web.input(token=None).token # Checks if the token is valid password_token = PasswordToken.get_token(token) if password_token is None or password_token.expired: raise http.Forbidden() # The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used password_fieldset = user_forms.NewPasswordFieldSet( password_token).bind(password_token.user, data=web.input()) # Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process) if password_fieldset.validate(): password_fieldset.sync() http.register_hook( lambda: session.login_workflow(password_fieldset.model)) raise web.seeother("/") else: return config.views.layout( config.views.creation_form(password_fieldset))