def _get_email_by_request_id(self, request_id):
site = find_site(self.context)
for email in site['reset_password']:
request = site['reset_password'][email]
if request.request_id == request_id:
return request.email
else:
return None
def handle_submit(self, validated):
email = self._get_email_by_request_id(validated['request_id'])
user = _get_user_by_email(self.context, email)
users = find_users(self.context)
users.change_password(user.__name__, validated['password'])
site = find_site(self.context)
del site['reset_password'][user.email]
return self._redirect()
def handle_submit(self, validated):
user = _get_user_by_email(self.context, validated['email'])
# No such user, we're not letting anyone know about it though to protect
# users from crooks trying to explore the users DB in hope of finding
# out who has an account here.
if not user:
return self._redirect()
request_id = uuid4().hex
request = PasswordRequestRequest(request_id, user.email)
site = find_site(self.context)
if user.email in site['reset_password']:
del site['reset_password'][user.email]
site['reset_password'][user.email] = request
reset_url = model_url(self.context, self.request,
"reset.html", query=dict(key=request_id))
# send email
mail = Message()
system_name = get_setting(self.context, 'system_name', 'OpenCore')
admin_email = get_setting(self.context, 'admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (user.title, user.email)
mail["Subject"] = "%s Password Reset Request" % system_name
body = render_template(
"templates/email_reset_password.pt",
login=user.__name__,
reset_url=reset_url,
system_name=system_name,
valid_hours=REQUEST_VALIDITY_HOURS,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [user.email]
mailer = getUtility(IMailDelivery)
mailer.send(admin_email, recipients, mail)
return self._redirect()
