def _get_email_by_request_id(self, request_id): site = find_site(self.context) for email in site['reset_password']: request = site['reset_password'][email] if request.request_id == request_id: return request.email else: return None
def handle_submit(self, validated): email = self._get_email_by_request_id(validated['request_id']) user = _get_user_by_email(self.context, email) users = find_users(self.context) users.change_password(user.__name__, validated['password']) site = find_site(self.context) del site['reset_password'][user.email] return self._redirect()
def handle_submit(self, validated): user = _get_user_by_email(self.context, validated['email']) # No such user, we're not letting anyone know about it though to protect # users from crooks trying to explore the users DB in hope of finding # out who has an account here. if not user: return self._redirect() request_id = uuid4().hex request = PasswordRequestRequest(request_id, user.email) site = find_site(self.context) if user.email in site['reset_password']: del site['reset_password'][user.email] site['reset_password'][user.email] = request reset_url = model_url(self.context, self.request, "reset.html", query=dict(key=request_id)) # send email mail = Message() system_name = get_setting(self.context, 'system_name', 'OpenCore') admin_email = get_setting(self.context, 'admin_email') mail["From"] = "%s Administrator <%s>" % (system_name, admin_email) mail["To"] = "%s <%s>" % (user.title, user.email) mail["Subject"] = "%s Password Reset Request" % system_name body = render_template( "templates/email_reset_password.pt", login=user.__name__, reset_url=reset_url, system_name=system_name, valid_hours=REQUEST_VALIDITY_HOURS, ) if isinstance(body, unicode): body = body.encode("UTF-8") mail.set_payload(body, "UTF-8") mail.set_type("text/html") recipients = [user.email] mailer = getUtility(IMailDelivery) mailer.send(admin_email, recipients, mail) return self._redirect()