From: Michael Tremer Date: Sun, 29 May 2022 12:39:30 +0000 (+0000) Subject: Drop all user registration stuff X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9aa8a565ba8b060cafcf3d9c173c8d0a99b31ffa;p=pbs.git Drop all user registration stuff This is now being handled by IPFire People. Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index b0f92253..2277eb4d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -185,11 +185,6 @@ dist_templates_DATA = \ src/templates/package-detail-list.html \ src/templates/package-properties.html \ src/templates/queue.html \ - src/templates/register-activation-fail.html \ - src/templates/register-activation-success.html \ - src/templates/register-fail.html \ - src/templates/register.html \ - src/templates/register-success.html \ src/templates/repository-detail.html \ src/templates/repository-edit.html \ src/templates/search-form.html \ @@ -198,20 +193,13 @@ dist_templates_DATA = \ src/templates/updates-index.html \ src/templates/uploads-list.html \ src/templates/user-delete.html \ - src/templates/user-forgot-password.html \ src/templates/user-impersonation.html \ src/templates/user-list.html \ src/templates/user-profile-builds.html \ src/templates/user-profile-edit-fail.html \ src/templates/user-profile-edit.html \ src/templates/user-profile.html \ - src/templates/user-profile-need-activation.html \ - src/templates/user-profile-passwd.html \ - src/templates/user-profile-passwd-ok.html \ - src/templates/user-requested-password-recovery.html \ - src/templates/user-reset-password.html \ - src/templates/user-reset-password-success.html \ - src/templates/user-reset-password-fail.html + src/templates/user-profile-need-activation.html templatesdir = $(datadir)/templates @@ -252,9 +240,7 @@ dist_templates_messages_jobs_DATA = \ templates_messages_jobsdir = $(templates_messagesdir)/jobs dist_templates_messages_users_DATA = \ - src/templates/messages/users/account-activation.markdown \ - src/templates/messages/users/email-activation.markdown \ - src/templates/messages/users/password-reset.markdown + src/templates/messages/users/email-activation.markdown templates_messages_usersdir = $(templates_messagesdir)/users diff --git a/src/buildservice/builders.py b/src/buildservice/builders.py index 2f30231c..7a34d8b1 100644 --- a/src/buildservice/builders.py +++ b/src/buildservice/builders.py @@ -1,7 +1,5 @@ #!/usr/bin/python - - import datetime import hashlib import logging @@ -14,8 +12,6 @@ from . import logs from .decorators import * -from .users import generate_password_hash, check_password_hash, generate_random_string - ACTIVE_STATES = [ "dispatching", "running", @@ -400,3 +396,51 @@ class Builder(base.DataObject): # Looks like we are ready return True + + +# A list of possible random characters. +random_chars = string.ascii_letters + string.digits + +def generate_random_string(length=16): + """ + Return a string with random chararcters A-Za-z0-9 with given length. + """ + return "".join([random.choice(random_chars) for i in range(length)]) + +def generate_password_hash(password, salt=None, algo="sha512"): + """ + This function creates a salted digest of the given password. + """ + # Generate the salt (length = 16) of none was given. + if salt is None: + salt = generate_random_string(length=16) + + # Compute the hash. + # + + if not algo in hashlib.algorithms: + raise Exception("Unsupported password hash algorithm: %s" % algo) + + # Calculate the digest. + h = hashlib.new(algo) + h.update(salt) + h.update(password) + + # Output string is of kind "$$". + return "$".join((algo, salt, h.hexdigest())) + +def check_password_hash(password, password_hash): + """ + Check a plain-text password with the given digest. + """ + # Handle plaintext passwords (plain$). + if password_hash.startswith("plain$"): + return password_hash[6:] == password + + try: + algo, salt, digest = password_hash.split("$", 2) + except ValueError: + logging.warning("Unknown password hash: %s" % password_hash) + return False + + # Re-generate the password hash and compare the result. + return password_hash == generate_password_hash(password, salt=salt, algo=algo) diff --git a/src/buildservice/users.py b/src/buildservice/users.py index ad6ab906..0d19df8c 100644 --- a/src/buildservice/users.py +++ b/src/buildservice/users.py @@ -5,11 +5,9 @@ import email.utils import hashlib import logging import pytz -import random import re import string -import urllib.request, urllib.parse, urllib.error -from . import ldap +import urllib.parse import tornado.locale @@ -21,55 +19,6 @@ from . import ldap from .decorators import * -# A list of possible random characters. -random_chars = string.ascii_letters + string.digits - -def generate_random_string(length=16): - """ - Return a string with random chararcters A-Za-z0-9 with given length. - """ - return "".join([random.choice(random_chars) for i in range(length)]) - - -def generate_password_hash(password, salt=None, algo="sha512"): - """ - This function creates a salted digest of the given password. - """ - # Generate the salt (length = 16) of none was given. - if salt is None: - salt = generate_random_string(length=16) - - # Compute the hash. - # + - if not algo in hashlib.algorithms: - raise Exception("Unsupported password hash algorithm: %s" % algo) - - # Calculate the digest. - h = hashlib.new(algo) - h.update(salt) - h.update(password) - - # Output string is of kind "$$". - return "$".join((algo, salt, h.hexdigest())) - -def check_password_hash(password, password_hash): - """ - Check a plain-text password with the given digest. - """ - # Handle plaintext passwords (plain$). - if password_hash.startswith("plain$"): - return password_hash[6:] == password - - try: - algo, salt, digest = password_hash.split("$", 2) - except ValueError: - logging.warning("Unknown password hash: %s" % password_hash) - return False - - # Re-generate the password hash and compare the result. - return password_hash == generate_password_hash(password, salt=salt, algo=algo) - - class Users(base.Object): def init(self): self.ldap = ldap.LDAP(self.backend) @@ -413,10 +362,6 @@ class User(base.DataObject): user_email.user = self self.emails.append(user_email) - # Send activation email if activation is needed - if not activated: - user_email.send_activation_mail() - return user_email def send_template(self, *args, **kwargs): @@ -453,31 +398,6 @@ class User(base.DataObject): timezone = property(get_timezone, set_timezone) - def get_password_recovery_code(self): - return self.data.password_recovery_code - - def set_password_recovery_code(self, code): - self._set_attribute("password_recovery_code", code) - - self._set_attribute("password_recovery_code_expires_at", - datetime.datetime.utcnow() + datetime.timedelta(days=1)) - - password_recovery_code = property(get_password_recovery_code, set_password_recovery_code) - - def forgot_password(self): - log.debug("User %s reqested password recovery" % self.name) - - # We cannot reset te password for ldap users - if self.ldap_dn: - # Maybe we should send an email with an explanation - return - - # Add a recovery code to the database and a timestamp when this code expires - self.password_recovery_code = generate_random_string(64) - - # Send an email with the activation code - self.send_template("messages/users/password-reset", user=self) - @property def activated(self): return self.data.activated @@ -486,10 +406,6 @@ class User(base.DataObject): def deleted(self): return self.data.deleted - @property - def registered_at(self): - return self.data.registered_at - def gravatar_icon(self, size=128): h = hashlib.new("md5") if self.email: @@ -564,25 +480,7 @@ class UserEmail(base.DataObject): def activation_code(self): return self.data.activation_code - def send_activation_mail(self): - if not self.primary: - return self.send_email_activation_email() - - logging.debug("Sending activation mail to %s" % self.email) - - self.user.send_template("messages/users/account-activation") - def send_email_activation_mail(self): logging.debug("Sending email address activation mail to %s" % self.email) self.user.send_template("messages/users/email-activation", email=self) - - -# Some testing code. -if __name__ == "__main__": - for password in ("1234567890", "abcdefghij"): - digest = generate_password_hash(password) - - print("%s %s" % (password, digest)) - print(" Matches? %s" % check_password_hash(password, digest)) - diff --git a/src/templates/base.html b/src/templates/base.html index 02b20cab..500cf35a 100644 --- a/src/templates/base.html +++ b/src/templates/base.html @@ -82,9 +82,6 @@ {% else %} diff --git a/src/templates/login.html b/src/templates/login.html index be6f0032..ce8d9ca3 100644 --- a/src/templates/login.html +++ b/src/templates/login.html @@ -38,17 +38,4 @@
-
-
-

{{ _("You also might want to...") }}

- -
-
{% end %} diff --git a/src/templates/messages/users/account-activation.markdown b/src/templates/messages/users/account-activation.markdown deleted file mode 100644 index 379c1a3e..00000000 --- a/src/templates/messages/users/account-activation.markdown +++ /dev/null @@ -1,10 +0,0 @@ -Subject: {{ _("Account Activation") }} - -{{ _("You, or somebody using your email address, has registered an account on the Pakfire Build Service.") }} - -{{ _("To activate your account, please click on the link below:") }} - - {{ baseurl }}/user/{{ user.name }}/activate?code={{ user.email.activation_code }} - -Sincerely, --The Pakfire Build Service \ No newline at end of file diff --git a/src/templates/messages/users/password-reset.markdown b/src/templates/messages/users/password-reset.markdown deleted file mode 100644 index b4f9fdfb..00000000 --- a/src/templates/messages/users/password-reset.markdown +++ /dev/null @@ -1,10 +0,0 @@ -Subject: {{ _("Password Reset") }} - -{{ _("You, or somebody else has requested a password reset for the Pakfire Build Service.") }} - -{{ _("To reset your password, please click on the link below:") }} - - {{ baseurl }}/password-reset?code={{ user.password_recovery_code }} - -Sincerely, --The Pakfire Build Service diff --git a/src/templates/register-activation-fail.html b/src/templates/register-activation-fail.html deleted file mode 100644 index d1af8acb..00000000 --- a/src/templates/register-activation-fail.html +++ /dev/null @@ -1,28 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Account activation failed") }}{% end block %} - -{% block body %} -
-
- -
-
-
-
-
-

{{ _("Activation failed") }}

-

- {{ _("We are sorry.") }} - {{ _("The activation of your account has failed.") }} - {{ _("Possibly the registration code is wrong or your registration timed out.") }} -

-
-
-
-{% end %} diff --git a/src/templates/register-activation-success.html b/src/templates/register-activation-success.html deleted file mode 100644 index 8db4bcef..00000000 --- a/src/templates/register-activation-success.html +++ /dev/null @@ -1,27 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Account activation successful") }}{% end block %} - -{% block body %} -
-
- -
-
-
-
-
-

{{ _("Activation successful") }}

-

- {{ _("Your account has been activated, %s.") % user.realname }} - {{ _("Have fun!") }} -

-
-
-
-{% end %} diff --git a/src/templates/register-fail.html b/src/templates/register-fail.html deleted file mode 100644 index e0a331c7..00000000 --- a/src/templates/register-fail.html +++ /dev/null @@ -1,23 +0,0 @@ -{% extends "base.html" %} - -{% block body %} -
-
-
-

{{ _("Registration failed") }}

-

- {{ _("We are sorry.") }} - {{ _("We could not create your requested account, because we encountered the following errors:") }} -

-
    - {% for msg in messages %} -
  • {{ msg }}
    • - {% end %} -
-

- {{ _("Use the back button on your web browser to go back to the previous page and correct your submission.") }} -

-
-
-
-{% end %} diff --git a/src/templates/register-success.html b/src/templates/register-success.html deleted file mode 100644 index 232470e2..00000000 --- a/src/templates/register-success.html +++ /dev/null @@ -1,15 +0,0 @@ -{% extends "base.html" %} - -{% block body %} -
-
-
-

{{ _("Registration successful") }}

-

- {{ _("Your new account has been created, %s.") % user.realname }} - {{ _("To complete the activation, follow the instructions that were sent to you in an activation email.") }} -

-
-
-
-{% end %} diff --git a/src/templates/register.html b/src/templates/register.html deleted file mode 100644 index ca35050e..00000000 --- a/src/templates/register.html +++ /dev/null @@ -1,85 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Register a new account") }}{% end block %} - -{% block body %} -
-
- -
-
- -
-
-

- {{ _("Register a new account") }} - {{ _("Join the community!") }} -

-
-
- -
-
- -
- {% raw xsrf_form_html() %} -
- {{ _("Registration form") }} - -
- - - - {{ _("Must be a unique name you login with.") }} - -
- -
- - - - {{ _("Type in your email address, which is used to verify the account.") }} - -
- -
- - - - {{ _("Type you firstname and your lastname here.") }} - -
-
-
- {{ _("Account security") }} - -
- - - - {{ _("The password is used to secure the login and must be at least 8 characters.") }} - -
- -
- - - - {{ _("Pick a password that is as strong as possible.") }} - {{ _("Don't login at unsecure places where people could spy on your password.") }} - -
-
- - -
-
-
-{% end block %} diff --git a/src/templates/user-forgot-password.html b/src/templates/user-forgot-password.html deleted file mode 100644 index c0046e03..00000000 --- a/src/templates/user-forgot-password.html +++ /dev/null @@ -1,56 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Forgot password") }}{% end block %} - -{% block body %} - -
-
- -
-
- -
-
-

- {{ _("Forgot password") }} -

-
-
- -
-
-

- {{ _("You have forgotten you password, eh? Shame on you.") }} - {{ _("However, we allow to re-activate your account.") }} -

-

- {{ _("You need to enter your username or your email address below") }} - {{ _("After that, you will receive an email with intructions how to go on.") }} -

-
-
-
- -
-
- -
- {% raw xsrf_form_html() %} - -
-
- - -
-
- -
-
-
-{% end block %} diff --git a/src/templates/user-profile-edit.html b/src/templates/user-profile-edit.html index 05482349..e2e9a353 100644 --- a/src/templates/user-profile-edit.html +++ b/src/templates/user-profile-edit.html @@ -73,28 +73,6 @@ -
- {{ _("Account security settings") }} - -
- - - - {{ _("The password is used to secure the login and must be at least 8 characters.") }} - -
- -
- - - - {{ _("Leave the password fields empty to keep the current password.") }} - -
-
-
{{ _("Locale & timezone settings") }} diff --git a/src/templates/user-profile-passwd-ok.html b/src/templates/user-profile-passwd-ok.html deleted file mode 100644 index 11f9a43d..00000000 --- a/src/templates/user-profile-passwd-ok.html +++ /dev/null @@ -1,54 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Password changed") }}{% end block %} - -{% block body %} - -
-
- -
-
- -
-
- -
-
- -
-
- {{ _("Ok") }} -
-
- -{% end %} diff --git a/src/templates/user-profile-passwd.html b/src/templates/user-profile-passwd.html deleted file mode 100644 index bffb77c6..00000000 --- a/src/templates/user-profile-passwd.html +++ /dev/null @@ -1,110 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Change password") }}{% end block %} - -{% block body %} - -
-
- -
-
- -
-
-

- {{ _("Change password") }} -

-
-
- - {% if error_msg %} -
-
- -
-
- {% end %} - -
-
- {% if user == current_user %} -

- {{ _("You are going to change your password.") }} -

-

- {{ _("To do so, you need to enter your current password and the new password twice.") }} -

- {% else %} -

- {{ _("In this dialog, you may change the password of %s.") % user.realname }} -

- {% end %} -
-
-
- -
-
-
- {% raw xsrf_form_html() %} - -
- {% if user == current_user %} -
- - - - {{ _("Please provide your old password.") }} - -
- {% end %} - -
- - - - {{ _("Choose a new password. Make sure that it is as strong as possible.") }} - -
- -
- - - - {{ _("Confirm the new password.") }} - -
- - - {{ _("Cancel") }} - -
-
-
-
-{% end %} diff --git a/src/templates/user-profile.html b/src/templates/user-profile.html index 9862c487..fe08d17b 100644 --- a/src/templates/user-profile.html +++ b/src/templates/user-profile.html @@ -40,10 +40,6 @@ {{ _("Edit profile") }} - - - {{ _("Change password") }} -
diff --git a/src/templates/user-requested-password-recovery.html b/src/templates/user-requested-password-recovery.html deleted file mode 100644 index 581940d8..00000000 --- a/src/templates/user-requested-password-recovery.html +++ /dev/null @@ -1,21 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Requested password recovery") }}{% end block %} - -{% block body %} -
-
-

- {{ _("Password recovery requested") }} -

-
-
- -
-
-

- {{ _("An email with instructions how to recover your password was send to your primary email address.") }} -

-
-
-{% end %} diff --git a/src/templates/user-reset-password-fail.html b/src/templates/user-reset-password-fail.html deleted file mode 100644 index 5aad278a..00000000 --- a/src/templates/user-reset-password-fail.html +++ /dev/null @@ -1,18 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Password reset failed") }}{% end block %} - -{% block body %} -
-
- -
-
-{% end %} diff --git a/src/templates/user-reset-password-success.html b/src/templates/user-reset-password-success.html deleted file mode 100644 index 3d21d769..00000000 --- a/src/templates/user-reset-password-success.html +++ /dev/null @@ -1,19 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Password reset succeeded") }}{% end block %} - -{% block body %} -
-
- -
-
- -{% end %} diff --git a/src/templates/user-reset-password.html b/src/templates/user-reset-password.html deleted file mode 100644 index 7cf7c658..00000000 --- a/src/templates/user-reset-password.html +++ /dev/null @@ -1,39 +0,0 @@ -{% extends "base.html" %} - -{% block title %}{{ _("Register a new account") }}{% end block %} - -{% block body %} -
-
-

- {{ _("Reset password") }} -

-
-
- -
- {% raw xsrf_form_html() %} - - -
-
- - - - {{ _("Choose a new password. Make sure that it is as strong as possible.") }} - -
- -
- - - - {{ _("Confirm the new password.") }} - -
- - - -{% end block %} diff --git a/src/web/__init__.py b/src/web/__init__.py index d1c14a19..4a92f90a 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -103,20 +103,15 @@ class Application(tornado.web.Application): # Entry site that lead the user to index (r"/", IndexHandler), - # Handle all the users logins/logouts/registers and stuff. + # Authentication (r"/login", auth.LoginHandler), (r"/logout", auth.LogoutHandler), - (r"/register", auth.RegisterHandler), - (r"/password-recovery", auth.PasswordRecoveryHandler), - (r"/password-reset", auth.PasswordResetHandler), # User profiles (r"/users", users.UsersHandler), (r"/user/(\w+)/impersonate", users.UserImpersonateHandler), - (r"/user/(\w+)/passwd", users.UserPasswdHandler), (r"/user/(\w+)/delete", users.UserDeleteHandler), (r"/user/(\w+)/edit", users.UserEditHandler), - (r"/user/(\w+)/activate", auth.ActivationHandler), (r"/user/(\w+)", users.UserHandler), (r"/profile", users.UserHandler), (r"/profile/builds", users.UsersBuildsHandler), diff --git a/src/web/auth.py b/src/web/auth.py index 811b3e99..cc3e9251 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -41,152 +41,6 @@ class LoginHandler(base.BaseHandler): self.redirect(next) -class RegisterHandler(base.BaseHandler): - def get(self): - # If the user is already logged in, we just send him back - # to the start page. - if self.current_user: - self.redirect("/") - return - - self.render("register.html") - - def post(self): - _ = self.locale.translate - msgs = [] - - # Read all information from the request. - name = self.get_argument("name", None) - email = self.get_argument("email", None) - realname = self.get_argument("realname", None) - pass1 = self.get_argument("pass1", None) - pass2 = self.get_argument("pass2", None) - - if not name: - msgs.append(_("No username provided.")) - elif self.backend.users.get_by_name(name): - msgs.append(_("The given username is already taken.")) - - if not email: - msgs.append(_("No email address provided.")) - elif not "@" in email: - msgs.append(_("Email address is invalid.")) - elif self.backend.users.get_by_email(email): - msgs.append(_("The given email address is already used for another account.")) - - # Check if the passphrase is okay. - if not pass1: - msgs.append(_("No password provided.")) - elif not pass1 == pass2: - msgs.append(_("Passwords do not match.")) - else: - accepted, score = self.backend.users.check_password_strength(pass1) - if not accepted: - msgs.append(_("Your password is too weak.")) - - if msgs: - self.render("register-fail.html", messages=msgs) - return - - # All provided data seems okay. - # Register the new user to the database. - with self.db.transaction(): - user = self.backend.users.create(name, realname=realname) - - # Set passphrase - user.passphrase = pass1 - - # Add email address - user.add_email(email) - - # Save locale - user.locale = self.locale.code - - self.render("register-success.html", user=user) - - -class ActivationHandler(base.BaseHandler): - def get(self, _user): - user = self.backend.users.get_by_name(_user) - if not user: - raise tornado.web.HTTPError(404) - - code = self.get_argument("code") - - # Check if the activation code matches and then activate the account. - with self.db.transaction(): - if user.activate_email(code): - # If an admin activated another account, he impersonates it. - if self.current_user and self.current_user.is_admin(): - self.session.start_impersonation(user) - - else: - # Automatically login the user. - self.session = self.backend.sessions.create(user, - self.current_address, user_agent=self.user_agent) - - # Set a session cookie - self.set_cookie("session_id", self.session.session_id, - expires=self.session.valid_until) - - self.render("register-activation-success.html", user=user) - return - - # Otherwise, show an error message. - self.render("register-activation-fail.html") - - -class PasswordRecoveryHandler(base.BaseHandler): - def get(self): - return self.render("user-forgot-password.html") - - def post(self): - username = self.get_argument("name", None) - - with self.db.transaction(): - user = self.backend.users.get_by_email(username) \ - or self.backend.users.get_by_name(username) - - if user: - user.forgot_password() - - self.render("user-requested-password-recovery.html") - - -class PasswordResetHandler(base.BaseHandler): - def get(self): - code = self.get_argument("code") - - user = self.backend.users.get_by_password_recovery_code(code) - if not user: - raise tornado.web.HTTPError(400) - - self.render("user-reset-password.html", user=user) - - def post(self): - _ = self.locale.translate - - code = self.get_argument("code") - pass1 = self.get_argument("password1") - pass2 = self.get_argument("password2") - - user = self.backend.users.get_by_password_recovery_code(code) - if not user: - raise tornado.web.HTTPError(400) - - if not pass1 == pass2: - return self.render("user-reset-password-fail.html", - message=_("Second password does not match")) - - # XXX Check password strength - - with self.db.transaction(): - user.passphrase = pass1 - user.password_recovery_code = None - - self.render("user-reset-password-success.html") - - class LogoutHandler(base.BaseHandler): @tornado.web.authenticated def get(self): diff --git a/src/web/users.py b/src/web/users.py index 74ac3e21..feece909 100644 --- a/src/web/users.py +++ b/src/web/users.py @@ -78,55 +78,6 @@ class UserDeleteHandler(UserActionHandler): self.render("user-delete.html", user=user) -class UserPasswdHandler(UserActionHandler): - @tornado.web.authenticated - def get(self, name, error_msg=None): - user = self.get_user(name) - - self.render("user-profile-passwd.html", user=user, - error_msg=error_msg) - - @tornado.web.authenticated - def post(self, name): - _ = self.locale.translate - - # Fetch the user. - user = self.get_user(name) - - # If the user who wants to change the password is not an admin, - # he needs to provide the old password. - if not self.current_user.is_admin() or self.current_user == user: - pass0 = self.get_argument("pass0", None) - if not pass0: - return self.get(name, error_msg=_("You need to enter you current password.")) - - if not self.current_user.check_password(pass0): - return self.get(name, error_msg=_("The provided account password is wrong.")) - - pass1 = self.get_argument("pass1", "") - pass2 = self.get_argument("pass2", "") - - error_msg = None - - # The password must at least have 8 characters. - if not pass1 == pass2: - error_msg = _("The given passwords do not match.") - elif len(pass1) == 0: - error_msg = _("The password was blank.") - else: - accepted, score = backend.users.check_password_strength(pass1) - if not accepted: - error_msg = _("The given password is too weak.") - - if error_msg: - return self.get(name, error_msg=error_msg) - - # Update the password. - user.set_passphrase(pass1) - - self.render("user-profile-passwd-ok.html", user=user) - - class UserEditHandler(base.BaseHandler): @tornado.web.authenticated def get(self, name): @@ -143,8 +94,6 @@ class UserEditHandler(base.BaseHandler): with self.db.transaction(): email = self.get_argument("primary_email_address") realname = self.get_argument("realname", user.realname) - pass1 = self.get_argument("pass1", None) - pass2 = self.get_argument("pass2", None) locale = self.get_argument("locale", "") # Collect error messages @@ -155,12 +104,6 @@ class UserEditHandler(base.BaseHandler): elif not "@" in email: msgs.append(_("Email address is invalid.")) - # Check if the passphrase is okay. - if pass1 and not len(pass1) >= 8: - msgs.append(_("Password has less than 8 characters.")) - elif not pass1 == pass2: - msgs.append(_("Passwords do not match.")) - if msgs: self.render("user-profile-edit-fail.html", messages=msgs) return @@ -176,10 +119,6 @@ class UserEditHandler(base.BaseHandler): tz = self.get_argument("timezone", None) user.timezone = tz - if not user.activated: - self.render("user-profile-need-activation.html", user=user) - return - self.redirect("/user/%s" % user.name)