Commit b8e7913d authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

default is stable

--HG--
branch : stable
......@@ -9,3 +9,5 @@ ee818e5326db7397d485a64f76644765c4652df8 cubicweb-forgotpwd-debian-version-0.2.1
d2e13405b9d7144ee7ac920da7f4c30d99086bac cubicweb-forgotpwd-debian-version-0.3.0-1
19608e706575ef9a94fb9cc39acadb16c3fde945 cubicweb-forgotpwd-version-0.3.1
9125bf2e856482c9095891409c8ee0292fe3b83c cubicweb-forgotpwd-debian-version-0.3.1-1
3aca7037d5aa1678e8fd6ec8fb859884f4f8e89f cubicweb-forgotpwd-version-0.4.0
2436ae8273776e9897ba8abd8f475d814bc0636d cubicweb-forgotpwd-debian-version-0.4.0-1
......@@ -4,7 +4,7 @@
modname = 'forgotpwd'
distname = 'cubicweb-forgotpwd'
numversion = (0, 3, 1)
numversion = (0, 4, 0)
version = '.'.join(str(num) for num in numversion)
license = 'LGPL'
......@@ -14,7 +14,7 @@ description = 'password recovery component for the CubicWeb framework'
web = 'http://www.cubicweb.org/project/%s' % distname
__depends__ = {'cubicweb': '>= 3.9.0',
'python-crypto': None,
'pycrypto': None,
'PIL': None,
}
......
cubicweb-forgotpwd (0.4.0-1) unstable; urgency=low
* new upstream release
-- Sylvain Thénault <sylvain.thenault@logilab.fr> Fri, 20 May 2011 12:29:13 +0200
cubicweb-forgotpwd (0.3.1-1) unstable; urgency=low
* new upstream release
......
""" this module contains server side hooks for cleaning forgotpwd table
"""this module contains server side hooks for cleaning forgotpwd table
"""
from datetime import datetime
import random
import string
from datetime import datetime, timedelta
from logilab.common.decorators import monkeypatch
from yams import ValidationError
from cubicweb.selectors import is_instance
from cubicweb.crypto import encrypt
from cubicweb.server import hook
from cubicweb.server.repository import Repository
from cubicweb.sobjects.notification import NotificationView
_ = unicode
......@@ -34,7 +41,8 @@ class PasswordResetNotification(NotificationView):
__regid__ = 'notif_after_add_entity'
__select__ = is_instance('Fpasswd')
content = _('''There was recently a request to change the password on your account.
content = _('''There was recently a request to change the password of your account
on %(base_url)s (login: %(login)s).
If you requested this password change, please set a new password by following
the link below:
......@@ -47,7 +55,7 @@ See you soon on %(base_url)s !
''')
def subject(self):
return self._cw._(u'Request to change your password')
return self._cw._(u'[%s] Request to change your password' % self._cw.base_url())
def recipients(self):
fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0)
......@@ -55,10 +63,71 @@ See you soon on %(base_url)s !
return [(user.cw_adapt_to('IEmailable').get_email(), user.property_value('ui.language'))]
def context(self, **kwargs):
fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0)
link = self._cw.get_shared_data('resetlink', pop=True)
user = fpasswd.reverse_has_fpasswd[0]
return {
'resetlink': self._cw.get_shared_data('resetlink', pop=True),
'login': user.login,
# NOTE: it would probably be better to display the expiration date
# (with correct timezone)
'limit': self._cw.vreg.config['revocation-limit'],
'base_url': self._cw.base_url(),
}
@monkeypatch(Repository)
def forgotpwd_send_email(self, data):
session = self.internal_session()
revocation_limit = self.config['revocation-limit']
revocation_id = u''.join([random.choice(string.letters+string.digits)
for x in xrange(10)])
revocation_date = datetime.now() + timedelta(minutes=revocation_limit)
try:
existing_requests = session.execute('Any F WHERE U primary_email E, E address %(e)s, U has_fpasswd F',
{'e': data['use_email']})
if existing_requests:
raise ValidationError(None, {None: session._('You have already asked for a new password.')})
rset = session.execute('INSERT Fpasswd X: X revocation_id %(a)s, X revocation_date %(b)s, '
'U has_fpasswd X WHERE U primary_email E, E address %(e)s',
{'a':revocation_id, 'b':revocation_date, 'e': data['use_email']})
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
finally:
session.close()
@monkeypatch(Repository)
def forgotpwd_change_passwd(self, data):
session = self.internal_session()
try:
rset = session.execute('Any F, U WHERE U is CWUser, U primary_email E, '
'E address %(email)s, EXISTS(U has_fpasswd F, '
'F revocation_id %(revid)s)',
{'email': data['use_email'],
'revid': data['revocation_id']})
if rset:
forgotpwd = rset.get_entity(0,0)
revocation_date = forgotpwd.revocation_date
user = rset.get_entity(0,1)
if revocation_date > datetime.now():
session.execute('SET U upassword %(newpasswd)s WHERE U is CWUser, U eid %(usereid)s',
{'newpasswd':data['upassword'].encode('UTF-8'), 'usereid':user.eid})
session.execute('DELETE Fpasswd F WHERE F eid %(feid)s',
{'feid':forgotpwd.eid})
session.commit()
msg = session._(u'Your password has been changed.')
else:
msg = session._(u'That link has either expired or is not valid.')
else:
msg = session._(u'You already changed your password. This link has expired.')
return msg
finally:
session.close()
......@@ -4,6 +4,7 @@ msgstr ""
"PO-Revision-Date: 2010-02-04 19:13+0100\n"
"Last-Translator: Logilab Team <contact@logilab.fr>\n"
"Language-Team: en <contact@logilab.fr>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
......@@ -35,15 +36,13 @@ msgstr ""
msgid "New Fpasswd"
msgstr ""
msgid "Request to change your password"
msgstr ""
msgid "That link has either expired or is not valid."
msgstr ""
#, python-format
msgid ""
"There was recently a request to change the password on your account.\n"
"There was recently a request to change the password of your account\n"
"on %(base_url)s (login: %(login)s).\n"
"If you requested this password change, please set a new password by "
"following\n"
"the link below:\n"
......@@ -69,7 +68,11 @@ msgstr ""
msgid "You have already asked for a new password."
msgstr ""
msgid "Your password has been changed !"
msgid "Your password has been changed."
msgstr ""
#, python-format
msgid "[%s] Request to change your password"
msgstr ""
msgid "captcha"
......@@ -84,10 +87,10 @@ msgctxt "CWUser"
msgid "has_fpasswd"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
......
......@@ -4,6 +4,7 @@ msgstr ""
"PO-Revision-Date: 2010-02-04 19:13+0100\n"
"Last-Translator: Logilab Team <contact@logilab.fr>\n"
"Language-Team: es <contact@logilab.fr>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
......@@ -35,15 +36,13 @@ msgstr ""
msgid "New Fpasswd"
msgstr ""
msgid "Request to change your password"
msgstr ""
msgid "That link has either expired or is not valid."
msgstr ""
#, python-format
msgid ""
"There was recently a request to change the password on your account.\n"
"There was recently a request to change the password of your account\n"
"on %(base_url)s (login: %(login)s).\n"
"If you requested this password change, please set a new password by "
"following\n"
"the link below:\n"
......@@ -69,7 +68,11 @@ msgstr ""
msgid "You have already asked for a new password."
msgstr ""
msgid "Your password has been changed !"
msgid "Your password has been changed."
msgstr ""
#, python-format
msgid "[%s] Request to change your password"
msgstr ""
msgid "captcha"
......@@ -84,10 +87,10 @@ msgctxt "CWUser"
msgid "has_fpasswd"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
......
......@@ -4,6 +4,7 @@ msgstr ""
"PO-Revision-Date: 2010-02-04 19:13+0100\n"
"Last-Translator: Logilab Team <contact@logilab.fr>\n"
"Language-Team: fr <contact@logilab.fr>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
......@@ -37,15 +38,13 @@ msgstr "Ce lien est incorrect."
msgid "New Fpasswd"
msgstr ""
msgid "Request to change your password"
msgstr "Demande de changement de mot de passe"
msgid "That link has either expired or is not valid."
msgstr "Ce lien n'est pas valide ou a expiré"
#, python-format
msgid ""
"There was recently a request to change the password on your account.\n"
"There was recently a request to change the password of your account\n"
"on %(base_url)s (login: %(login)s).\n"
"If you requested this password change, please set a new password by "
"following\n"
"the link below:\n"
......@@ -58,13 +57,15 @@ msgid ""
"\n"
"See you soon on %(base_url)s !\n"
msgstr ""
"Une demande de changement de mot de passe vient d'être faite.\n"
"Une demande de changement de mot de passe vient d'être faite sur votre compte de \n"
"%(base_url)s (identifiant : %(login)s).\n"
"Si vous avez effectivement fait cette demande, vous pouvez réinitialiser\n"
"votre mot de passe en cliquant sur le lien suivant:\n"
"\n"
"%(resetlink)s\n"
"\n"
"Si vous ne voulez pas réinitialiser votre mot de passe, vous pouvez ignorer\n"
"Si vous ne voulez pas réinitialiser votre mot de passe, vous pouvez "
"ignorer\n"
"ce message.\n"
"Ce lien expirera dans %(limit)s minutes.\n"
"\n"
......@@ -83,9 +84,13 @@ msgid "You have already asked for a new password."
msgstr ""
"Vous avez déjà une demande de réinitialisation de mot de passe en cours."
msgid "Your password has been changed !"
msgid "Your password has been changed."
msgstr "Votre mot de passe a été changé."
#, python-format
msgid "[%s] Request to change your password"
msgstr "[%s] Demande de changement de mot de passe"
msgid "captcha"
msgstr "image test"
......@@ -98,10 +103,10 @@ msgctxt "CWUser"
msgid "has_fpasswd"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
msgctxt "Fpasswd"
msgid "has_fpasswd_object"
msgstr ""
......
......@@ -6,16 +6,12 @@
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
import random
import string
from datetime import datetime, timedelta
from yams import ValidationError
from logilab.mtconverter import xml_escape
from cubicweb.view import StartupView
from cubicweb.crypto import encrypt, decrypt
from cubicweb.crypto import decrypt
from cubicweb.web import (Redirect, controller, form, captcha,
formwidgets as wdg, formfields as ff)
from cubicweb.web.views import forms, urlrewrite, basetemplates
......@@ -58,7 +54,7 @@ class ForgottenPasswordFormView(form.FormViewMixIn, StartupView):
def call(self):
form = self._cw.vreg['forms'].select('forgottenpassword', self._cw)
self.w(u'<p>%s</p>' % self._cw._(u'Forgot your password ?'))
self.w(form.render())
form.render(w=self.w)
class ForgottenPasswordSendMailController(controller.Controller):
__regid__ = 'forgottenpassword_sendmail'
......@@ -88,7 +84,7 @@ class ForgottenPasswordSendMailController(controller.Controller):
if field.required:
errors[field.name] = self._cw._('required attribute')
data[field.name] = value
captcha = self._cw.get_session_data('captcha', None, pop=True)
captcha = self._cw.session.data.pop('captcha', None)
if captcha is None:
errors[None] = self._cw._('unable to check captcha, please try again')
elif data['captcha'].lower() != captcha.lower():
......@@ -136,7 +132,7 @@ class ForgottenPasswordRequestView(form.FormViewMixIn, StartupView):
form.add_hidden('use_email', key['use_email'])
form.add_hidden('revocation_id', key['revocation_id'])
self.w(u'<p>%s</p>' % self._cw._(u'Update your password:'))
self.w(form.render())
form.render(w=self.w)
class ForgottenPasswordRequestConfirm(controller.Controller):
......@@ -173,66 +169,6 @@ class PasswordResetView(StartupView):
self.wview('index', self.rset)
# Monkey Patching
# ---------------
from cubicweb.server.repository import Repository
from logilab.common.decorators import monkeypatch
from cubicweb.mail import format_mail
@monkeypatch(Repository)
def forgotpwd_send_email(self, data):
session = self.internal_session()
revocation_limit = self.config['revocation-limit']
revocation_id = u''.join([random.choice(string.letters+string.digits)
for x in xrange(10)])
revocation_date = datetime.now() + timedelta(minutes=revocation_limit)
try:
existing_requests = session.execute('Any F WHERE U primary_email E, E address %(e)s, U has_fpasswd F',
{'e': data['use_email']})
if existing_requests:
raise ValidationError(None, {None: session._('You have already asked for a new password.')})
rset = session.execute('INSERT Fpasswd X: X revocation_id %(a)s, X revocation_date %(b)s, '
'U has_fpasswd X WHERE U primary_email E, E address %(e)s',
{'a':revocation_id, 'b':revocation_date, 'e': data['use_email']})
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
finally:
session.close()
@monkeypatch(Repository)
def forgotpwd_change_passwd(self, data):
session = self.internal_session()
try:
rset = session.execute('Any F, U WHERE U is CWUser, U primary_email E, E address %(email)s, EXISTS(U has_fpasswd F, F revocation_id %(revid)s)',
{'email': data['use_email'], 'revid':data['revocation_id']})
if rset:
forgotpwd = rset.get_entity(0,0)
revocation_date = forgotpwd.revocation_date
user = rset.get_entity(0,1)
if revocation_date > datetime.now():
session.execute('SET U upassword %(newpasswd)s WHERE U is CWUser, U eid %(usereid)s',
{'newpasswd':data['upassword'].encode('UTF-8'), 'usereid':user.eid})
session.execute('DELETE Fpasswd F WHERE F eid %(feid)s',
{'feid':forgotpwd.eid})
session.commit()
msg = session._(u'Your password has been changed !')
else:
msg = session._(u'That link has either expired or is not valid.')
else:
msg = session._(u'You already changed your password. This link has expired.')
return msg
finally:
session.close()
# URL rewriting
# -------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment