def pwd_reset_form(request): """Allows for changing the password via valid activation key """ rdict = request.matchdict username = rdict.get('username', None) activation_code = rdict.get('reset_key', None) #LOG.error("CHECKING") #LOG.error(username) # this can only be visited if user is visiting the reset with the right key # for the username in the url activation_dao = ActivationDao(None) if not activation_dao.check_valid(activation_code): # 404 if activation code has expired raise HTTPNotFound() user = activation_dao.get_user_by_code(username, activation_code) if user is None: # just 404 if we don't have an activation code for this user raise HTTPNotFound() #LOG.error(user.username) #LOG.error(user.email) return _build_response_with(request, user=user)
def pwd_reset(request): """Reset a user after being suspended :param username: required to know what user we're resetting :param activation: code needed to activate :param password: new password to use for the user """ params = request.params username = params.get('username', None) activation_code = params.get('code', None) password1 = params.get('password1', None) password2 = params.get('password2', None) if password1 != password2: request.response.status_int = 500 msg = ('The password you entered does not match') request.session.flash(msg, 'error') return _build_response(request) activation_dao = ActivationDao(None) res = activation_dao.set_new_pwd(username, activation_code, generate_password(password1)) if res: # success so respond nicely #AuthLog.reactivate(username, success=True, code=activation) msg = ('Password has been successfully reset.') request.session.flash(msg, 'success') login = request.route_url('login') return HTTPFound(location=login) else: #AuthLog.reactivate(username, success=False, code=activation) request.response.status_int = 500 msg = ('There was an issue attempting to activate this account.') request.session.flash(msg, 'error') return _build_response(request)