def restpass(request): title = "Reset password" submitted_hmac = request.matchdict.get('hmac') user_id = request.matchdict.get('user_id') form = Form(request, schema=ResetPasswordForm) if 'form_submitted' in request.POST and form.validate(): user = Users.get_by_id(user_id) current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new( '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key), user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: #Fix me reset email, no such attribute email user.password = form.data['password'] DBSession.merge(user) DBSession.flush() request.session.flash( 'success; Password Changed. Please log in') return HTTPFound(location=request.route_url('login')) else: request.session.flash( 'warning; Invalid request, please try again') return HTTPFound(location=request.route_url('forgot_password')) action_url = request.route_url("reset_password", user_id=user_id, hmac=submitted_hmac) return { 'title': title, 'form': FormRenderer(form), 'action_url': action_url }
def verify_email(request): title = "Email Confirmation" submitted_hmac = request.matchdict.get('hmac') user_id = request.matchdict.get('user_id') user = Users.get_by_id(user_id) current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) if current_time < time_key: hmac_key = hmac.new( '%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', time_key), user.email).hexdigest()[0:10] if hmac_key == submitted_hmac[0:10]: #Fix me reset email, no such attribute email user.email_verified = True DBSession.merge(user) DBSession.flush() if user.email_verified: message = 'Your email is now confirmed. Thank you for joining us' request.session.flash('success;%s' % message) return HTTPFound(location='/') else: message = 'Error verifying message' request.session.flash('success;%s' % message) return HTTPFound(location='/')
def change_pass(request): title = "Change your password" user = request.user username = user.fullname changepass_url = request.route_url('change_password') referrer = request.url if referrer == changepass_url: referrer = '/' # never use the change_pass form itself as came_from came_from = request.params.get('came_from', referrer) form = Form(request, schema=ChangePasswordForm) if 'form_submitted' in request.POST and form.validate(): user.password = form.data['password'] DBSession.merge(user) DBSession.flush() return HTTPFound(location=came_from) action_url = request.route_url('change_password') return { 'title': title, 'form': FormRenderer(form), 'username': username, 'user': user, 'action_url': action_url }