src/templates/user-profile.html \
src/templates/user-profile-need-activation.html \
src/templates/user-profile-passwd.html \
- src/templates/user-profile-passwd-ok.html
+ src/templates/user-profile-passwd-ok.html \
+ src/templates/user-requested-password-recovery.html \
+ src/templates/user-reset-password.html \
+ src/templates//user-reset-password-success.html \
+ src/templates//user-reset-password-fail.html
templatesdir = $(datadir)/templates
#!/usr/bin/python
+import datetime
import email.utils
import hashlib
import logging
LEFT JOIN users_emails ON users.id = users_emails.user_id \
WHERE users_emails.email = %s", email)
+ def get_by_password_recovery_code(self, code):
+ return self._get_user("SELECT * FROM users \
+ WHERE password_recovery_code = %s AND password_recovery_code_expires_at > NOW()", code)
+
def find_maintainers(self, maintainers):
email_addresses = []
"""
Update the passphrase the users uses to log on.
"""
+ # We cannot set the password for ldap users
+ if self.ldap_dn:
+ raise AttributeError("Cannot set passphrase for LDAP user")
+
self.db.execute("UPDATE users SET passphrase = %s WHERE id = %s",
generate_password_hash(passphrase), self.id)
timezone = property(get_timezone, set_timezone)
+ def get_password_recovery_code(self):
+ return self.data.password_recovery_code
+
+ def set_password_recovery_code(self, code):
+ self._set_attribute("password_recovery_code", code)
+
+ self._set_attribute("password_recovery_code_expires_at",
+ datetime.datetime.utcnow() + datetime.timedelta(days=1))
+
+ password_recovery_code = property(get_password_recovery_code, set_password_recovery_code)
+
+ def forgot_password(self):
+ log.debug("User %s reqested password recovery" % self.name)
+
+ # We cannot reset te password for ldap users
+ if self.ldap_dn:
+ # Maybe we should send an email with an explanation
+ return
+
+ # Add a recovery code to the database and a timestamp when this code expires
+ self.password_recovery_code = generate_random_string(64)
+
+ # XXX
+ # We should send an email with the activation code
+
+
@property
def activated(self):
return self.data.activated
<h1>{{ _("Forgot password") }}</h1>
</div>
- <!-- XXX --->
- <div class="alert alert-warning">
- {{ _("Work in progress!") }}
- </div>
-
<div class="row">
<div class="span6">
<p>
{{ _("However, we allow to re-activate your account.") }}
</p>
<p>
- {{ _("You need to enter your username below.") }}
+ {{ _("You need to enter your username or your email address below") }}
{{ _("After that, you will receive an email with intructions how to go on.") }}
</p>
<hr>
<fieldset>
<div class="control-group">
- <label class="control-label" for="name">{{ _("Your username") }}</label>
+ <label class="control-label" for="name">{{ _("Your username or email address") }}</label>
<div class="controls">
<input type="text" class="input-xlarge" id="name" name="name" />
</div>
--- /dev/null
+{% extends "base-form2.html" %}
+
+{% block title %}{{ _("Requested password recovery") }}{% end block %}
+
+{% block body %}
+ <div class="page-header">
+ <h1>{{ _("Password recovery requested") }}</h1>
+ </div>
+
+ <div class="row">
+ <div class="span6">
+ <p>
+ {{ _("An email with instructions how to recover your password was send to your primary email address.") }}
+ </p>
+ <hr>
+ </div>
+ </div>
+{% end %}
--- /dev/null
+{% extends "base-form2.html" %}
+
+{% block title %}{{ _("Password reset failed") }}{% end block %}
+
+{% block body %}
+ <div class="page-header">
+ <h1>{{ _("Password reset failed") }}</h1>
+ </div>
+
+ <div class="row">
+ <div class="span6">
+ <p>
+ {{ message }}
+ </p>
+ <hr>
+ </div>
+ </div>
+{% end %}
--- /dev/null
+{% extends "base-form2.html" %}
+
+{% block title %}{{ _("Password reset succeeded") }}{% end block %}
+
+{% block body %}
+ <div class="page-header">
+ <h1>{{ _("Password reset succeeded") }}</h1>
+ </div>
+
+ <div class="row">
+ <div class="span6">
+ <p>
+ {{ _("Successfully reset your password") }}
+ </p>
+ <hr>
+ </div>
+ </div>
+{% end %}
--- /dev/null
+{% extends "base.html" %}
+
+{% block title %}{{ _("Register a new account") }}{% end block %}
+
+{% block body %}
+ <div class="page-header">
+ <h2>
+ {{ _("Reset password") }}
+ </h2>
+ </div>
+
+ <form class="form-horizontal" method="POST" action="">
+ {% raw xsrf_form_html() %}
+ <input type="hidden" name="code" value="{{ user.password_recovery_code }}">
+
+ <fieldset>
+ <div class="control-group">
+ <label class="control-label" for="password1">{{ _("Password") }}</label>
+ <div class="controls">
+ <input type="password" class="input-xlarge" id="password1" name="password1">
+ </div>
+ </div>
+
+ <div class="control-group">
+ <label class="control-label" for="password2">{{ _("Confirm password") }}</label>
+ <div class="controls">
+ <input type="password" class="input-xlarge" id="password2" name="password2">
+ </div>
+ </div>
+ </fieldset>
+
+ <div class="form-actions">
+ <button type="submit" class="btn btn-primary">{{ _("Reset password") }}</button>
+ </div>
+ </form>
+{% end block %}
(r"/logout", auth.LogoutHandler),
(r"/register", auth.RegisterHandler),
(r"/password-recovery", auth.PasswordRecoveryHandler),
+ (r"/password-reset", auth.PasswordResetHandler),
# User profiles
(r"/users", users.UsersHandler),
def post(self):
username = self.get_argument("name", None)
- if not username:
- return self.get()
+ with self.db.transaction():
+ user = self.backend.users.get_by_email(username) \
+ or self.backend.users.get_by_name(username)
+
+ if user:
+ user.forgot_password()
+
+ self.render("user-requested-password-recovery.html")
+
+
+class PasswordResetHandler(base.BaseHandler):
+ def get(self):
+ code = self.get_argument("code")
+
+ user = self.backend.users.get_by_password_recovery_code(code)
+ if not user:
+ raise tornado.web.HTTPError(400)
+
+ self.render("user-reset-password.html", user=user)
+
+ def post(self):
+ _ = self.locale.translate
+
+ code = self.get_argument("code")
+ pass1 = self.get_argument("password1")
+ pass2 = self.get_argument("password2")
+
+ user = self.backend.users.get_by_password_recovery_code(code)
+ if not user:
+ raise tornado.web.HTTPError(400)
+
+ if not pass1 == pass2:
+ return self.render("user-reset-password-fail.html",
+ message=_("Second password does not match"))
+
+ # XXX Check password strength
+
+ with self.db.transaction():
+ user.passphrase = pass1
+ user.password_recovery_code = None
- # XXX TODO
+ self.render("user-reset-password-success.html")
class LogoutHandler(base.BaseHandler):
projects / pbs.git / commitdiff
