def reset_password(self):
user = None
token = request.query.get("token")
if token:
query = self.auth._query_from_token(token)
user = self.auth.db(query).select().first()
if not user:
raise HTTP(404)
form = Form(
[
Field(
"new_password",
type="password",
requires=self.auth.db.auth_user.password.requires,
label=self.auth.param.messages["labels"].get("new_password"),
),
Field(
"new_password_again",
type="password",
requires=IS_EQUAL_TO(request.forms.get("new_password")),
label=self.auth.param.messages["labels"].get("password_again"),
),
],
formstyle=self.formstyle,
submit_value=self.auth.param.messages["buttons"]["submit"],
)
self._process_change_password_form(form, user, False)
if form.accepted:
self._set_flash("password-changed")
self._postprocessing("reset_password", form, user)
return form
def change_password(self):
user = self.auth.db.auth_user(self.auth.user_id)
form = Form(
[
Field(
"old_password",
type="password",
requires=IS_NOT_EMPTY(),
label=self.auth.param.messages["labels"].get("old_password"),
),
Field(
"new_password",
type="password",
requires=self.auth.db.auth_user.password.requires,
label=self.auth.param.messages["labels"].get("new_password"),
),
Field(
"new_password_again",
type="password",
requires=IS_EQUAL_TO(request.forms.get("new_password")),
label=self.auth.param.messages["labels"].get("password_again"),
),
],
formstyle=self.formstyle,
submit_value=self.auth.param.messages["buttons"]["submit"],
)
self._process_change_password_form(form, user, True)
if form.accepted:
self._set_flash("password-changed")
self._postprocessing("change_password", form, user)
return form
def register(self):
self.auth.db.auth_user.password.writable = True
fields = [field for field in self.auth.db.auth_user if field.writable]
for k, field in enumerate(fields):
if field.type == "password":
fields.insert(
k + 1,
Field(
"password_again",
"password",
requires=IS_EQUAL_TO(request.forms.get("password")),
label=self.auth.param.messages["labels"].get("password_again"),
),
)
break
button_name = self.auth.param.messages["buttons"]["sign-up"]
# if the form is submitted, before any validation
# delete any unverified account with the same email
if request.method == "POST":
email = request.forms.get("email")
if email:
self.auth.get_or_delete_existing_unverified_account(email)
form = Form(fields, submit_value=button_name, formstyle=self.formstyle)
user = None
if form.accepted:
# notice that here the form is alrealdy validated
res = self.auth.register(form.vars, validate=False)
form.errors.update(**res.get("errors", {}))
form.accepted = not form.errors
if form.accepted:
self._set_flash("user-registered")
self._postprocessing("register", form, user)
if self.auth.param.login_after_registration:
redirect("login")
form.param.sidecar.append(
A(
self.auth.param.messages["buttons"]["sign-in"],
_href="../auth/login",
_class=self.auth.param.button_classes["sign-in"],
_role="button",
)
)
if self.auth.allows("request_reset_password"):
form.param.sidecar.append(
A(
self.auth.param.messages["buttons"]["lost-password"],
_href="../auth/request_reset_password",
_class=self.auth.param.button_classes["lost-password"],
_role="button",
)
)
return form