Commit 3b892600 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

captcha/crypto services are available w/ cw 3.6.1, avoid dependancy on the...

captcha/crypto services are available w/ cw 3.6.1, avoid dependancy on the registration cube. Also, use a custom cypher key for forgot password
parent 7241cec1d946
......@@ -85,8 +85,11 @@ for dname in ('entities', 'views', 'sobjects', 'hooks', 'schema', 'data', 'i18n'
# Note: here, you'll need to add subdirectories if you want
# them to be included in the debian package
__depends_cubes__ = {'registration': '>= 0.2.1'}
__depends__ = {'cubicweb': '>= 3.5.0'}
__depends_cubes__ = {}
__depends__ = {'cubicweb': '>= 3.6.1',
'python-crypto': None,
'PIL': None,
}
__use__ = tuple(__depends_cubes__)
__recommend__ = ()
......@@ -8,7 +8,7 @@ Standards-Version: 3.8.0
Package: cubicweb-forgotpwd
Architecture: all
Depends: cubicweb-common (>= 3.5.11), cubicweb-registration (>= 0.2.1)
Depends: cubicweb-common (>= 3.6.1), python-crypto, python-imaging
Description: password recovery cube
CubicWeb is a semantic web application framework.
.
......
......@@ -8,4 +8,10 @@ options = (
'help': 'Forgot password link life time validity',
'group': 'forgotpwd', 'inputlevel': 2,
}),
('forgotpwd-cypher-seed',
{'type' : 'string',
'default': u"this is my dummy forgotpwd cypher seed",
'help': 'seed used to cypher validation key sent in forgot password email link',
'group': 'forgotpwd', 'inputlevel': 2,
}),
)
......@@ -15,13 +15,11 @@ from yams import ValidationError
from logilab.mtconverter import xml_escape
from cubicweb.view import StartupView
from cubicweb.web import (Redirect, controller, form, formwidgets as wdg,
formfields as ff)
from cubicweb.crypto import encrypt, decrypt
from cubicweb.web import (Redirect, controller, form, captcha,
formwidgets as wdg, formfields as ff)
from cubicweb.web.views import forms, urlrewrite, basetemplates
# XXX move to cw to avoid dependancy
from cubes.registration.views import CaptchaWidget, encrypt, decrypt
_ = unicode
# Login form
......@@ -48,7 +46,7 @@ class ForgottenPasswordForm(forms.FieldsForm):
return self._cw.build_url(u'forgottenpassword_sendmail')
use_email = ff.StringField(widget=wdg.TextInput(), required=True, label=_(u'your email address'))
captcha = ff.StringField(widget=CaptchaWidget(), required=True,
captcha = ff.StringField(widget=captcha.CaptchaWidget(), required=True,
label=_('captcha'),
help=_('please copy the letters from the image'))
......@@ -123,7 +121,8 @@ class ForgottenPasswordRequestView(form.FormViewMixIn, StartupView):
def check_key(self):
try:
return decrypt(self._cw.form['key'], self._cw.vreg.config['cypher-seed'])
return decrypt(self._cw.form['key'],
self._cw.vreg.config['forgotpwd-cypher-seed'])
except:
msg = self._cw._(u'Invalid link. Please try again.')
raise Redirect(self._cw.build_url(u'forgottenpassword', __message=msg))
......@@ -196,7 +195,7 @@ def forgotpwd_send_email(self, data):
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['cypher-seed'])
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
session.set_shared_data('resetlink', url)
# mail is sent on commit
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment