Commit c0ad6a8b authored by Julien Cristau's avatar Julien Cristau
Browse files

[hooks] don't pass password reset url through session data

It's not needed, we can just do the encryption in the notification view
directly.  Plus it doesn't work with recent cubicweb because the
notification view runs in a new session so doesn't share data with the
hook that caused it.

Closes #3730700
parent b8b2738ea7f7
......@@ -64,10 +64,16 @@ See you soon on %(base_url)s !
def context(self, **kwargs):
fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0)
link = self._cw.get_shared_data('resetlink', pop=True)
user = fpasswd.reverse_has_fpasswd[0]
data = {}
data['use_email'] = user.cw_adapt_to('IEmailable').get_email()
data['revocation_id'] = fpasswd.revocation_id
key = encrypt(data, self._cw.vreg.config['forgotpwd-cypher-seed'])
url = self._cw.build_url('forgottenpasswordrequest',
__secure__=True,
key=key,)
return {
'resetlink': link,
'resetlink': url,
'login': user.login,
# NOTE: it would probably be better to display the expiration date
# (with correct timezone)
......@@ -93,12 +99,6 @@ def forgotpwd_send_email(self, data):
{'a':revocation_id, 'b':revocation_date, 'e': data['use_email']})
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest',
__secure__=True,
key=key,)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
finally:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment