Commit 7ad0af5f authored by Julien Cristau's avatar Julien Cristau
Browse files

Use https URLs when available (closes #5193733)

Sending passwords or tokens over plain text considered bad form.
parent b6482605a0ae
......@@ -52,7 +52,7 @@ See you soon on %(base_url)s !
''')
def subject(self):
return self._cw._(u'[%s] Request to change your password' % self._cw.base_url())
return self._cw._(u'[%s] Request to change your password' % self._cw.base_url(secure=True))
def recipients(self):
fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0)
......@@ -75,6 +75,6 @@ See you soon on %(base_url)s !
# NOTE: it would probably be better to display the expiration date
# (with correct timezone)
'limit': self._cw.vreg.config['revocation-limit'],
'base_url': self._cw.base_url(),
'base_url': self._cw.base_url(secure=True),
}
......@@ -26,7 +26,7 @@ class ForgotPasswordLinkWidget(wdg.FieldWidget):
req = form._cw
ret = u'<span class="forgotpwdLink"><a href="%s">%s</a></span>' % (
xml_escape(req.build_url('forgottenpassword',
base_url=req.vreg.config['base-url'])),
__secure__=True)),
req._('Forgot your password?'))
return ret
......@@ -43,7 +43,7 @@ class ForgottenPasswordForm(forms.FieldsForm):
form_buttons = [wdg.SubmitButton()]
@property
def action(self):
return self._cw.build_url(u'forgottenpassword_sendmail')
return self._cw.build_url(u'forgottenpassword_sendmail', __secure__=True)
use_email = ff.StringField(widget=wdg.TextInput(), required=True, label=_(u'your email address'))
captcha = ff.StringField(widget=captcha.CaptchaWidget(), required=True,
......@@ -75,7 +75,7 @@ class ForgottenPasswordSendMailController(controller.Controller):
msg = unicode(exc)
else:
msg = self._cw._(u'An email has been sent, follow instructions in there to change your password.')
raise Redirect(self._cw.build_url('pwdsent', __message=msg))
raise Redirect(self._cw.build_url('pwdsent', __message=msg, __secure__=True))
def checked_data(self):
'''only basic data check here (required attributes and password
......@@ -116,7 +116,7 @@ class ForgottenPasswordRequestForm(forms.FieldsForm):
form_buttons = [wdg.SubmitButton()]
@property
def action(self):
return self._cw.build_url(u'forgottenpassword-requestconfirm')
return self._cw.build_url(u'forgottenpassword-requestconfirm', __secure__=True)
upassword = ff.StringField(widget=wdg.PasswordInput(), required=True)
......@@ -130,7 +130,7 @@ class ForgottenPasswordRequestView(form.FormViewMixIn, StartupView):
self._cw.vreg.config['forgotpwd-cypher-seed'])
except:
msg = self._cw._(u'Invalid link. Please try again.')
raise Redirect(self._cw.build_url(u'forgottenpassword', __message=msg))
raise Redirect(self._cw.build_url(u'forgottenpassword', __message=msg, __secure__=True))
def call(self):
key = self.check_key()
......@@ -151,7 +151,7 @@ class ForgottenPasswordRequestConfirm(controller.Controller):
'forgotpwd_change_passwd', use_email=data['use_email'],
revocation_id=data['revocation_id'], upassword=data['upassword'])
cnx.commit()
raise Redirect(self._cw.build_url('pwdreset', __message=msg))
raise Redirect(self._cw.build_url('pwdreset', __message=msg, __secure__=True))
def checked_data(self):
cw = self._cw
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment