def change_password_view(context, request):
min_pw_length = get_setting(context, 'min_pw_length')
form = ChangePasswordForm(min_pw_length=min_pw_length)
if 'form.cancel' in request.POST:
return HTTPFound(location=model_url(context, request))
if 'form.submitted' in request.POST:
try:
converted = form.validate(request.POST)
users = find_users(context)
userid = context.__name__
user = users.get_by_id(userid)
# check the old password
# XXX: repoze.who.plugins.zodb.interfaces.IUsers
# really should have a check_password(id, password)
# method. We shouldn't have to use get_sha_password
# directly.
enc = get_sha_password(converted['old_password'])
if enc != user['password']:
raise CustomInvalid({'old_password': '******'})
users.change_password(userid, converted['password'])
# send email
system_name = get_setting(context, 'system_name', 'KARL')
mail = karl.mail.Message()
admin_email = get_setting(context, 'admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (context.title, context.email)
mail["Subject"] = "%s Password Change Notification" % system_name
system_name = get_setting(context, 'system_name', 'KARL')
body = render_template(
"templates/email_change_password.pt",
login=user['login'],
password=converted['password'],
system_name=system_name,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [context.email]
mailer = getUtility(IMailDelivery)
mailer.send(admin_email, recipients, mail)
path = model_url(context, request)
msg = '?status_message=Password%20changed'
return HTTPFound(location=path+msg)
except Invalid, e:
fielderrors = e.error_dict
fill_values = form.convert(request.POST)
def join_community_view(context, request):
""" User sends an email to community moderator(s) asking to join
the community. Email contains a link to "add_existing" view, in members,
that a moderator can use to add member to the community.
"""
assert ICommunity.providedBy(context)
# Get logged in user
profiles = find_profiles(context)
user = authenticated_userid(request)
profile = profiles[user]
# Handle form submission
if "form.submitted" in request.POST:
message = request.POST.get("message", "")
moderators = [profiles[id] for id in context.moderator_names]
mail = karl.mail.Message()
mail["From"] = "%s <%s>" % (profile.title, profile.email)
mail["To"] = ",".join(
["%s <%s>" % (p.title, p.email) for p in moderators]
)
mail["Subject"] = "Request to join %s community" % context.title
body_template = get_template("templates/email_join_community.pt")
profile_url = model_url(profile, request)
accept_url=model_url(context, request, "members", "add_existing.html",
query={"user_id": user})
body = body_template(
message=message,
community_title=context.title,
person_name=profile.title,
profile_url=profile_url,
accept_url=accept_url
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [p.email for p in moderators]
mailer = getUtility(IMailDelivery)
mailer.send(profile.email, recipients, mail)
status_message = "Your request has been sent to the moderators."
location = model_url(context, request,
query={"status_message": status_message})
return HTTPFound(location=location)
# Show form
page_title = "Join " + context.title
api = TemplateAPI(context, request, page_title)
return render_template_to_response(
"templates/join_community.pt",
api=api,
profile=profile,
community=context,
post_url=model_url(context, request, "join.html"),
formfields=api.formfields,
)
def reset_request_view(context, request):
form = ResetRequestForm()
system_name = get_setting(context, 'system_name', 'KARL')
if 'form.cancel' in request.POST:
return HTTPFound(location=model_url(context, request))
if 'form.submitted' in request.POST:
try:
converted = form.validate(request.POST)
address = converted['email']
if address:
address = address.lower()
search = getAdapter(context, ICatalogSearch)
count, docids, resolver = search(
interfaces=[IProfile], email=[address])
users = find_users(context)
for docid in docids:
profile = resolver(docid)
if profile is None:
continue
userid = profile.__name__
user = users.get_by_id(userid)
if user is None:
continue
# found the profile and user
break
else:
raise CustomInvalid({"email":
"%s has no account with the email address: %s" %
(system_name, address)})
groups = user['groups']
if groups and 'group.KarlStaff' in groups:
# because staff accounts are managed centrally, staff
# must use the forgot_password_url if it is set.
forgot_password_url = get_setting(
context, 'forgot_password_url')
if forgot_password_url:
came_from = model_url(context, request, "login.html")
url = '%s?email=%s&came_from=%s' % (
forgot_password_url, urllib.quote_plus(address),
urllib.quote_plus(came_from))
return HTTPFound(location=url)
profile.password_reset_key = sha1(
str(random.random())).hexdigest()
profile.password_reset_time = datetime.datetime.now()
reset_url = model_url(
context, request, "reset_confirm.html") + (
"?key=%s" % profile.password_reset_key)
# send email
mail = karl.mail.Message()
admin_email = get_setting(context, 'admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (profile.title, profile.email)
mail["Subject"] = "%s Password Reset Request" % system_name
body = render_template(
"templates/email_reset_password.pt",
login=user['login'],
reset_url=reset_url,
system_name=system_name,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [profile.email]
mailer = getUtility(IMailDelivery)
mailer.send(admin_email, recipients, mail)
url = model_url(context, request, 'reset_sent.html') + (
'?email=%s' % urllib.quote_plus(address))
return HTTPFound(location=url)
except Invalid, e:
fielderrors = e.error_dict
fill_values = form.convert(request.POST)
