def mailPassword(self, forgotten_userid, REQUEST):
""" Wrapper around mailPassword """
membership = getToolByName(self, 'portal_membership')
if not membership.checkPermission('Mail forgotten password', self):
raise Unauthorized("Mailing forgotten passwords has been disabled")
utils = getToolByName(self, 'plone_utils')
# XXX Here is the change compared to the default method. Try
# to find this user via the login name. In fact, we REFUSE to
# find a user by id, as in that case the password reset may
# work, but we could fail to login. Especially this is the
# case when the user has registered with [email protected],
# changed this to [email protected] and now tries to reset the
# password for [email protected].
member = email_utils.getMemberByLoginName(self, forgotten_userid,
allow_userid=False)
if member is None:
raise ValueError('The username you entered could not be found')
# We use the id member as new forgotten_userid, as in our
# patched version of resetPassword we ask for the real member
# id too, instead of the login name.
forgotten_userid = member.getId()
# assert that we can actually get an email address, otherwise
# the template will be made with a blank To:, this is bad
email = member.getProperty('email')
if not email:
raise ValueError('That user does not have an email address.')
else:
# add the single email address
if not utils.validateSingleEmailAddress(email):
raise ValueError('The email address did not validate')
check, msg = _checkEmail(email)
if not check:
raise ValueError(msg)
# Rather than have the template try to use the mailhost, we will
# render the message ourselves and send it from here (where we
# don't need to worry about 'UseMailHost' permissions).
reset_tool = getToolByName(self, 'portal_password_reset')
reset = reset_tool.requestReset(forgotten_userid)
email_charset = getattr(self, 'email_charset', 'UTF-8')
mail_text = self.mail_password_template(
self, REQUEST, member=member, reset=reset,
password=member.getPassword(), charset=email_charset)
if isinstance(mail_text, unicode):
mail_text = mail_text.encode(email_charset)
host = self.MailHost
try:
host.send(mail_text)
return self.mail_password_response(self, REQUEST)
except SMTPRecipientsRefused:
# Don't disclose email address on failure
raise SMTPRecipientsRefused('Recipient address rejected by server')
def resetPassword(self, userid, randomstring, password):
"""Reset the password of this user.
But the userid will most likely be a login name.
"""
member = email_utils.getMemberByLoginName(self, userid)
if member is not None:
userid = member.getId()
# If no member was found, then the following will likely fail.
self._resetPassword(userid, randomstring, password)
def isMemberIdAllowed(self, id):
# If the member id is already not allowed by default, then we
# will not allow it either.
standard = self._isMemberIdAllowed(id)
if not standard:
return standard
# When this id is already in use as login name, we do not
# accept it as user id either. Also, in various spots where
# isMemberIdAllowed is called, the id is really meant as login
# name.
membership = getToolByName(self, 'portal_membership')
if not membership.isAnonymousUser():
member = membership.getAuthenticatedMember()
# If our current user name is the same as the requested
# id, then this is fine.
if member.getUserName() == id:
return 1
# See if there already is a member with this login name.
found = email_utils.getMemberByLoginName(self, id, allow_userid=False,
raise_exceptions=False)
if found is None:
return 1
return 0
def getValidUser(self, userid):
"""Returns the member with 'userid' if available and None otherwise."""
return email_utils.getMemberByLoginName(
self, userid, raise_exceptions=False)
