diff options
author | Marian Sigler <m@qjym.de> | 2012-09-26 03:47:57 +0200 |
---|---|---|
committer | Marian Sigler <m@qjym.de> | 2012-09-26 03:47:57 +0200 |
commit | bf5d684c05a26787de0de80b0894b9d2d031c6ad (patch) | |
tree | 384a98a46061d04cc5064059f89215886b208dbc /app.py | |
parent | 1d149b55d57632c41bb3d0d60805f3552cde3a22 (diff) | |
download | web-bf5d684c05a26787de0de80b0894b9d2d031c6ad.tar.gz web-bf5d684c05a26787de0de80b0894b9d2d031c6ad.tar.bz2 web-bf5d684c05a26787de0de80b0894b9d2d031c6ad.zip |
Implement password recovery functionality.
Diffstat (limited to 'app.py')
-rw-r--r-- | app.py | 52 |
1 files changed, 51 insertions, 1 deletions
@@ -104,6 +104,55 @@ def register_complete(token): } +@app.route('/lost_password', methods=['GET', 'POST']) +@templated('lost_password.html') +@logout_required +def lost_password(): + form = LostPasswordForm(request.form) + if request.method == 'POST' and form.validate(): + #TODO: make the link only usable once (e.g include a hash of the old pw) + # atm the only thing we do is make the link valid for only little time + confirm_token = make_confirmation('lost_password', (form.username.data,)) + confirm_link = url_for('lost_password_complete', token=confirm_token, _external=True) + + body = render_template('mail/lost_password.txt', username=form.username.data, + link=confirm_link) + + send_mail(form.user.mail, u'Passwort vergessen', body, + sender=app.config.get('MAIL_CONFIRM_SENDER')) + + flash(u'Wir haben dir eine E-Mail mit einem Link zum Passwort ändern ' + u'geschickt. Bitte folge den Anweisungen in der E-Mail.', 'success') + + return redirect(url_for('index')) + + return {'form': form} + + +@app.route('/lost_password/<token>', methods=['GET', 'POST']) +@templated('lost_password_complete.html') +@logout_required +def lost_password_complete(token): + username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60) + + form = RegisterCompleteForm(request.form) + if request.method == 'POST' and form.validate(): + user = g.ldap.get_by_uid(username) + user.change_password(form.password.data) + g.ldap.update(user, as_admin=True) + + session['username'] = username + session['password'] = encrypt_password(form.password.data) + flash(u'Passwort geändert.', 'success') + + return redirect(url_for('settings')) + + return { + 'form': form, + 'token': token, + 'username': username, + } + @app.route('/settings', methods=['GET', 'POST']) @templated('settings.html') @@ -186,7 +235,8 @@ def debug(): # we need the app to exist before initializing the forms -from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm +from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm,\ + LostPasswordForm if __name__ == '__main__': |