Commit c2f0117a authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

move repository monkey patching out of 'views'

parent e23ff1f4ef5e
""" this module contains server side hooks for cleaning forgotpwd table
"""
from datetime import datetime
import random
import string
from datetime import datetime, timedelta
from logilab.common.decorators import monkeypatch
from yams import ValidationError
from cubicweb.selectors import is_instance
from cubicweb.crypto import encrypt
from cubicweb.server import hook
from cubicweb.server.repository import Repository
from cubicweb.sobjects.notification import NotificationView
_ = unicode
......@@ -62,3 +69,60 @@ See you soon on %(base_url)s !
'limit': self._cw.vreg.config['revocation-limit'],
'base_url': self._cw.base_url(),
}
@monkeypatch(Repository)
def forgotpwd_send_email(self, data):
session = self.internal_session()
revocation_limit = self.config['revocation-limit']
revocation_id = u''.join([random.choice(string.letters+string.digits)
for x in xrange(10)])
revocation_date = datetime.now() + timedelta(minutes=revocation_limit)
try:
existing_requests = session.execute('Any F WHERE U primary_email E, E address %(e)s, U has_fpasswd F',
{'e': data['use_email']})
if existing_requests:
raise ValidationError(None, {None: session._('You have already asked for a new password.')})
rset = session.execute('INSERT Fpasswd X: X revocation_id %(a)s, X revocation_date %(b)s, '
'U has_fpasswd X WHERE U primary_email E, E address %(e)s',
{'a':revocation_id, 'b':revocation_date, 'e': data['use_email']})
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
finally:
session.close()
@monkeypatch(Repository)
def forgotpwd_change_passwd(self, data):
session = self.internal_session()
try:
rset = session.execute('Any F, U WHERE U is CWUser, U primary_email E, '
'E address %(email)s, EXISTS(U has_fpasswd F, '
'F revocation_id %(revid)s)',
{'email': data['use_email'],
'revid': data['revocation_id']})
if rset:
forgotpwd = rset.get_entity(0,0)
revocation_date = forgotpwd.revocation_date
user = rset.get_entity(0,1)
if revocation_date > datetime.now():
session.execute('SET U upassword %(newpasswd)s WHERE U is CWUser, U eid %(usereid)s',
{'newpasswd':data['upassword'].encode('UTF-8'), 'usereid':user.eid})
session.execute('DELETE Fpasswd F WHERE F eid %(feid)s',
{'feid':forgotpwd.eid})
session.commit()
msg = session._(u'Your password has been changed.')
else:
msg = session._(u'That link has either expired or is not valid.')
else:
msg = session._(u'You already changed your password. This link has expired.')
return msg
finally:
session.close()
......@@ -6,21 +6,15 @@
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
import random
import string
from datetime import datetime, timedelta
from yams import ValidationError
from logilab.mtconverter import xml_escape
from logilab.common.decorators import monkeypatch
from cubicweb.view import StartupView
from cubicweb.crypto import encrypt, decrypt
from cubicweb.crypto import decrypt
from cubicweb.web import (Redirect, controller, form, captcha,
formwidgets as wdg, formfields as ff)
from cubicweb.web.views import forms, urlrewrite, basetemplates
from cubicweb.server.repository import Repository
_ = unicode
......@@ -175,66 +169,6 @@ class PasswordResetView(StartupView):
self.wview('index', self.rset)
# Monkey Patching
# ---------------
@monkeypatch(Repository)
def forgotpwd_send_email(self, data):
session = self.internal_session()
revocation_limit = self.config['revocation-limit']
revocation_id = u''.join([random.choice(string.letters+string.digits)
for x in xrange(10)])
revocation_date = datetime.now() + timedelta(minutes=revocation_limit)
try:
existing_requests = session.execute('Any F WHERE U primary_email E, E address %(e)s, U has_fpasswd F',
{'e': data['use_email']})
if existing_requests:
raise ValidationError(None, {None: session._('You have already asked for a new password.')})
rset = session.execute('INSERT Fpasswd X: X revocation_id %(a)s, X revocation_date %(b)s, '
'U has_fpasswd X WHERE U primary_email E, E address %(e)s',
{'a':revocation_id, 'b':revocation_date, 'e': data['use_email']})
if not rset:
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
finally:
session.close()
@monkeypatch(Repository)
def forgotpwd_change_passwd(self, data):
session = self.internal_session()
try:
rset = session.execute('Any F, U WHERE U is CWUser, U primary_email E, '
'E address %(email)s, EXISTS(U has_fpasswd F, '
'F revocation_id %(revid)s)',
{'email': data['use_email'],
'revid': data['revocation_id']})
if rset:
forgotpwd = rset.get_entity(0,0)
revocation_date = forgotpwd.revocation_date
user = rset.get_entity(0,1)
if revocation_date > datetime.now():
session.execute('SET U upassword %(newpasswd)s WHERE U is CWUser, U eid %(usereid)s',
{'newpasswd':data['upassword'].encode('UTF-8'), 'usereid':user.eid})
session.execute('DELETE Fpasswd F WHERE F eid %(feid)s',
{'feid':forgotpwd.eid})
session.commit()
msg = session._(u'Your password has been changed.')
else:
msg = session._(u'That link has either expired or is not valid.')
else:
msg = session._(u'You already changed your password. This link has expired.')
return msg
finally:
session.close()
# URL rewriting
# -------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment