def confirm_registration_view(context, request): form = Form(Confirm(), buttons=('confirm',)) pending = request.registry.queryAdapter(context, IRegistrations, name='pending') if pending is None: #pragma NO COVERAGE pending = PendingRegistrations(context) if 'confirm' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: email = appstruct['email'] token = appstruct['token'] info = pending.get(email) if info is None: return HTTPFound( location=view_url(context, request, 'register_url', 'register.html', message=REGISTER_FIRST, )) if token != info.token: return HTTPFound( location=view_url(context, request, 'confirmation_url', 'confirm_registration.html', email=email, message=CHECK_TOKEN, )) confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) pending.remove(email) uuid = getRandomToken(request) confirmed.set(uuid, email=email, login=email, password=None, security_question=None, security_answer=None, token=None, ) info = confirmed.get(uuid) after_confirmation_url = view_url(context, request, 'after_confirmation_url', 'edit_account.html', ) auto_login = request.registry.queryUtility(IAutoLogin) if auto_login is not None: headers = auto_login(uuid, request) return HTTPFound(location=after_confirmation_url, headers=headers) else: sendGeneratedPassword(request, uuid, confirmed) return HTTPFound(location=after_confirmation_url)
def edit_account_view(context, request): confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) identity = request.environ.get('repoze.who.identity') if identity is None: return HTTPUnauthorized() userid = identity['repoze.who.userid'] account_info = confirmed.get(userid) if account_info is None: return HTTPForbidden() appstruct = { 'login_name': account_info.login, 'email': account_info.email, 'security': { 'question': account_info.security_question or '', 'answer': account_info.security_answer or '', }, } schema = EditAccount().bind(current_login_name=account_info.login, confirmed=confirmed, old_password=account_info.password) form = Form(schema, buttons=('update', )) rendered_form = form.render(appstruct) if 'update' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: login = appstruct['login_name'] email = appstruct['email'] pwd_mgr = SSHAPasswordManager() password = pwd_mgr.encodePassword(appstruct['password']) security_question = appstruct['security']['question'] security_answer = appstruct['security']['answer'] confirmed.set( userid, email=email, login=login, password=password, security_question=security_question, security_answer=security_answer, ) return HTTPFound(location=view_url( context, request, 'after_edit_url', request.view_name, ))
def edit_account_view(context, request): confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) identity = request.environ.get('repoze.who.identity') if identity is None: return HTTPUnauthorized() userid = identity['repoze.who.userid'] account_info = confirmed.get(userid) if account_info is None: return HTTPForbidden() appstruct = {'login_name': account_info.login, 'email': account_info.email, 'security': {'question': account_info.security_question or '', 'answer': account_info.security_answer or '', }, } schema = EditAccount().bind(current_login_name=account_info.login, confirmed=confirmed, old_password=account_info.password) form = Form(schema, buttons=('update',)) rendered_form = form.render(appstruct) if 'update' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: login = appstruct['login_name'] email = appstruct['email'] pwd_mgr = SSHAPasswordManager() password = pwd_mgr.encodePassword(appstruct['password']) security_question = appstruct['security']['question'] security_answer = appstruct['security']['answer'] confirmed.set(userid, email=email, login=login, password=password, security_question=security_question, security_answer=security_answer, ) return HTTPFound( location=view_url(context, request, 'after_edit_url', request.view_name, ))
def confirm_registration_view(context, request): form = Form(Confirm(), buttons=('confirm', )) pending = request.registry.queryAdapter(context, IRegistrations, name='pending') if pending is None: #pragma NO COVERAGE pending = PendingRegistrations(context) if 'confirm' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: email = appstruct['email'] token = appstruct['token'] info = pending.get(email) if info is None: return HTTPFound(location=view_url( context, request, 'register_url', 'register.html', message=REGISTER_FIRST, )) if token != info.token: return HTTPFound(location=view_url( context, request, 'confirmation_url', 'confirm_registration.html', email=email, message=CHECK_TOKEN, )) confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) pending.remove(email) uuid = getRandomToken(request) confirmed.set( uuid, email=email, login=email, password=None, security_question=None, security_answer=None, token=None, ) info = confirmed.get(uuid) after_confirmation_url = view_url( context, request, 'after_confirmation_url', 'edit_account.html', ) auto_login = request.registry.queryUtility(IAutoLogin) if auto_login is not None: headers = auto_login(uuid, request) return HTTPFound(location=after_confirmation_url, headers=headers) else: sendGeneratedPassword(request, uuid, confirmed) return HTTPFound(location=after_confirmation_url)
def reset_password_view(context, request): form = Form(ResetPassword(), buttons=('reset',)) rendered_form = form.render(null) confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) login_url = view_url(context, request, 'login_url', 'login.html') reset_url = resource_url(context, request, request.view_name) registry = request.registry message = request.GET.get('message') if 'reset' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure as e: rendered_form = e.render() else: login = appstruct['login_name'] token = appstruct['token'] record = confirmed.get_by_login(login) if record is None: # DO NOT report lookup errors return HTTPFound(location=login_url) if token == '': # send the e-mail new_token = getRandomToken(request) confirmed.set(record.uuid, email=record.email, login=login, password=record.password, security_question=record.security_question, security_answer=record.security_answer, token=new_token, ) from_addr = registry.settings['cartouche.from_addr'] body = RESET_EMAIL % {'token': new_token, 'reset_url': reset_url} delivery = registry.queryUtility(IMailDelivery, default=localhost_mta) message = Message() message['Subject'] = 'Password reset confirmation' message.set_payload(body) delivery.send(from_addr, [record.email], message) return HTTPFound(location=reset_url) else: if token != record.token: message = CHECK_TOKEN # fall through to 'GET' else: confirmed.set(record.uuid, email=record.email, login=record.login, password=None, # clear it to allow update security_question=record.security_question, security_answer=record.security_answer, token=None, # clear it ) after_reset_url = view_url(context, request, 'after_reset_url', 'edit_account.html', ) auto_login = request.registry.queryUtility(IAutoLogin) if auto_login is not None: headers = auto_login(record.uuid, request) return HTTPFound(location=after_reset_url, headers=headers) else: # TODO: generate random password and send e-mail. sendGeneratedPassword(request, record.uuid, confirmed) return HTTPFound(location=after_reset_url) main_template = get_renderer('templates/main.pt') return {'main_template': main_template.implementation(), 'message': message, 'rendered_form': rendered_form, 'recover_account_url': view_url(context, request, 'recover_account_url', 'recover_account.html'), }
def reset_password_view(context, request): form = Form(ResetPassword(), buttons=('reset',)) rendered_form = form.render(null) confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) login_url = view_url(context, request, 'login_url', 'login.html') reset_url = resource_url(context, request, request.view_name) registry = request.registry message = request.GET.get('message') if 'reset' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: login = appstruct['login_name'] token = appstruct['token'] record = confirmed.get_by_login(login) if record is None: # DO NOT report lookup errors return HTTPFound(location=login_url) if token == '': # send the e-mail new_token = getRandomToken(request) confirmed.set(record.uuid, email=record.email, login=login, password=record.password, security_question=record.security_question, security_answer=record.security_answer, token=new_token, ) from_addr = registry.settings['cartouche.from_addr'] body = RESET_EMAIL % {'token': new_token, 'reset_url': reset_url} delivery = registry.queryUtility(IMailDelivery, default=localhost_mta) message = Message() message['Subject'] = 'Password reset confirmation' message.set_payload(body) delivery.send(from_addr, [record.email], message) return HTTPFound(location=reset_url) else: if token != record.token: message = CHECK_TOKEN # fall through to 'GET' else: confirmed.set(record.uuid, email=record.email, login=record.login, password=None, # clear it to allow update security_question=record.security_question, security_answer=record.security_answer, token=None, # clear it ) after_reset_url = view_url(context, request, 'after_reset_url', 'edit_account.html', ) auto_login = request.registry.queryUtility(IAutoLogin) if auto_login is not None: headers = auto_login(record.uuid, request) return HTTPFound(location=after_reset_url, headers=headers) else: # TODO: generate random password and send e-mail. sendGeneratedPassword(request, record.uuid, confirmed) return HTTPFound(location=after_reset_url)