def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user:
mailer = Mailer(request)
recipient = user.profile[0].email
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {'url': request.route_url('reset_password',
token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
msg = _("Password reset token has been sent to the users "
"email address. Please check your email.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete}
def reset_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
success = False
token = request.matchdict.get('token')
user, password = password_reset(token, request.db)
if password:
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Password has been reseted')
values = {'password': password,
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="password_reminder",
values=values)
mailer.send(mail)
msg = _("Password was resetted and sent to the users email address."
" Please check your email.")
success = True
else:
msg = _("Password was not resetted. Maybe the request"
" token was not valid?")
return {'msg': msg, 'success': success}
def reset_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
success = False
token = request.matchdict.get('token')
user, password = password_reset(token, request.db)
if password:
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Password has been reseted')
values = {
'password': password,
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _
}
mail = Mail([recipient],
subject,
template="password_reminder",
values=values)
mailer.send(mail)
msg = _("Password was resetted and sent to the users email address."
" Please check your email.")
success = True
else:
msg = _("Password was not resetted. Maybe the request"
" token was not valid?")
return {'msg': msg, 'success': success}
def forgot_password(request):
settings = request.registry.settings
if not is_pwreminder_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('forgot_password')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
complete = False
msg = None
if request.POST:
if form.validate(request.params):
username = form.data.get('login')
user = request_password_reset(username, request.db)
if user and user.profile[0].email:
recipient = user.profile[0].email
mailer = Mailer(request)
token = user.reset_tokens[-1]
subject = _('Password reset request')
values = {
'url': request.route_url('reset_password', token=token),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'username': username,
'_': _
}
mail = Mail([recipient],
subject,
template="password_reset_request",
values=values)
mailer.send(mail)
log.info(u"Passwort reset token sent to "
u"user {} with email {}".format(username, recipient))
else:
log.info(u"Failed sending Passwort reset token for {}. "
u"User not found or missing email".format(username))
# Return a message to the user which does not allow to get
# information about the existence of a user.
msg = _("If the user has been found together with configured "
"e-mail, a confirmation mail for resetting the password "
"has been sent. Please check your e-mail box.")
request.session.flash(msg, 'success')
complete = True
return {'form': form.render(), 'complete': complete, 'msg': msg}
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator('login',
_('There is already a user with this '
'name'),
is_login_unique)
pw_len_validator = Validator('pass',
_('Password must be at least 12 characters '
'long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('pass',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml')))
form_config = config.get_form('register_user')
form = Form(form_config,
csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
login_unique_validator = Validator(
'login', _('There is already a user with this '
'name'), is_login_unique)
pw_len_validator = Validator(
'pass', _('Password must be at least 12 characters '
'long.'), password_minlength_validator)
pw_nonchar_validator = Validator(
'pass', _('Password must contain at least 2 '
'non-letters.'), password_nonletter_validator)
form.add_validator(login_unique_validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
registration_complete = False
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
default_grps = settings.get("auth.register_user_default_groups",
str(USER_GROUP_ID))
for gid in [int(id) for id in default_grps.split(",")]:
group = gfac.load(gid)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
default_roles = settings.get("auth.register_user_default_roles",
str(USER_ROLE_ID))
for rid in [int(id) for id in default_roles.split(",")]:
role = rfac.load(rid)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {
'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'login': user.login,
'_': _
}
mail = Mail([recipient],
subject,
template="register_user",
values=values)
mailer.send(mail)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
registration_complete = True
return {'form': form.render(), 'complete': registration_complete}
def register_user(request):
settings = request.registry.settings
if not is_registration_enabled(settings):
raise exc.exception_response(503)
handle_history(request)
_ = request.translate
config = Config(load(get_path_to_form_config('auth.xml', 'ringo')))
form_config = config.get_form('register_user')
form = Form(form_config, csrf_token=request.session.get_csrf_token(),
translate=_)
# Do extra validation which is not handled by formbar.
# Is the login unique?
validator = Validator('login',
'There is already a user with this name',
is_login_unique)
form.add_validator(validator)
if request.POST:
if form.validate(request.params):
# 1. Create user. Do not activate him. Default role is user.
ufac = User.get_item_factory()
user = ufac.create(None, form.data)
# Set login from formdata
user.login = form.data['login']
# Encrypt password and save
user.password = encrypt_password(form.data['pass'])
# Deactivate the user. To activate the user needs to confirm
# with the activation link
user.activated = False
atoken = str(uuid.uuid4())
user.activation_token = atoken
# Set profile data
user.profile[0].email = form.data['_email']
# 2. Set user group
gfac = Usergroup.get_item_factory()
group = gfac.load(USER_GROUP_ID)
user.groups.append(group)
# 3. Set user role
rfac = Role.get_item_factory()
role = rfac.load(USER_ROLE_ID)
user.roles.append(role)
# Set default user group.
request.db.add(user)
# 4. Send confirmation email. The user will be activated
# after the user clicks on the confirmation link
mailer = Mailer(request)
recipient = user.profile[0].email
subject = _('Confirm user registration')
values = {'url': request.route_url('confirm_user', token=atoken),
'app_name': get_app_title(),
'email': settings['mail.default_sender'],
'_': _}
mail = Mail([recipient], subject, template="register_user", values=values)
mailer.send(mail)
target_url = request.route_path('login')
headers = forget(request)
msg = _("User has been created and a confirmation mail was sent"
" to the users email adress. Please check your email.")
request.session.flash(msg, 'success')
return HTTPFound(location=target_url, headers=headers)
return {'form': form.render()}