adding all files again

1 files changed, 787 insertions, 0 deletions

diff --git a/django_authopenid/views.py b/django_authopenid/views.py
new file mode 100644
index 00000000..a9072c12
--- /dev/null
+++ b/django_authopenid/views.py
@@ -0,0 +1,787 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2007, 2008, Benoît Chesneau
+# Copyright (c) 2007 Simon Willison, original work on django-openid
+# 
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 
+#      * Redistributions of source code must retain the above copyright
+#      * notice, this list of conditions and the following disclaimer.
+#      * Redistributions in binary form must reproduce the above copyright
+#      * notice, this list of conditions and the following disclaimer in the
+#      * documentation and/or other materials provided with the
+#      * distribution.  Neither the name of the <ORGANIZATION> nor the names
+#      * of its contributors may be used to endorse or promote products
+#      * derived from this software without specific prior written
+#      * permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from django.http import HttpResponseRedirect, get_host
+from django.shortcuts import render_to_response as render
+from django.template import RequestContext, loader, Context
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.contrib.auth import login, logout
+from django.contrib.auth.decorators import login_required
+from django.core.urlresolvers import reverse
+from django.utils.encoding import smart_unicode
+from django.utils.html import escape
+from django.utils.translation import ugettext as _
+from django.contrib.sites.models import Site
+from django.utils.http import urlquote_plus
+from django.core.mail import send_mail
+
+from openid.consumer.consumer import Consumer, \
+    SUCCESS, CANCEL, FAILURE, SETUP_NEEDED
+from openid.consumer.discover import DiscoveryFailure
+from openid.extensions import sreg
+# needed for some linux distributions like debian
+try:
+    from openid.yadis import xri
+except ImportError:
+    from yadis import xri
+
+import re
+import urllib
+
+
+from django_authopenid.util import OpenID, DjangoOpenIDStore, from_openid_response, clean_next
+from django_authopenid.models import UserAssociation, UserPasswordQueue
+from django_authopenid.forms import OpenidSigninForm, OpenidAuthForm, OpenidRegisterForm, \
+        OpenidVerifyForm, RegistrationForm, ChangepwForm, ChangeemailForm, \
+        ChangeopenidForm, DeleteForm, EmailPasswordForm
+
+def get_url_host(request):
+    if request.is_secure():
+        protocol = 'https'
+    else:
+        protocol = 'http'
+    host = escape(get_host(request))
+    return '%s://%s' % (protocol, host)
+
+def get_full_url(request):
+    return get_url_host(request) + request.get_full_path()
+
+
+
+def ask_openid(request, openid_url, redirect_to, on_failure=None,
+        sreg_request=None):
+    """ basic function to ask openid and return response """
+    request.encoding = 'UTF-8'
+    on_failure = on_failure or signin_failure
+    
+    trust_root = getattr(
+        settings, 'OPENID_TRUST_ROOT', get_url_host(request) + '/'
+    )
+    if xri.identifierScheme(openid_url) == 'XRI' and getattr(
+            settings, 'OPENID_DISALLOW_INAMES', False
+    ):
+        msg = _("i-names are not supported")
+        return on_failure(request, msg)
+    consumer = Consumer(request.session, DjangoOpenIDStore())
+    try:
+        auth_request = consumer.begin(openid_url)
+    except DiscoveryFailure:
+        msg = _(u"非法OpenID地址： %s" % openid_url)
+        return on_failure(request, msg)
+
+    if sreg_request:
+        auth_request.addExtension(sreg_request)
+    redirect_url = auth_request.redirectURL(trust_root, redirect_to)
+    return HttpResponseRedirect(redirect_url)
+
+def complete(request, on_success=None, on_failure=None, return_to=None):
+    """ complete openid signin """
+    on_success = on_success or default_on_success
+    on_failure = on_failure or default_on_failure
+    
+    consumer = Consumer(request.session, DjangoOpenIDStore())
+    # make sure params are encoded in utf8
+    params = dict((k,smart_unicode(v)) for k, v in request.GET.items())
+    openid_response = consumer.complete(params, return_to)
+            
+    
+    if openid_response.status == SUCCESS:
+        return on_success(request, openid_response.identity_url,
+                openid_response)
+    elif openid_response.status == CANCEL:
+        return on_failure(request, 'The request was canceled')
+    elif openid_response.status == FAILURE:
+        return on_failure(request, openid_response.message)
+    elif openid_response.status == SETUP_NEEDED:
+        return on_failure(request, 'Setup needed')
+    else:
+        assert False, "Bad openid status: %s" % openid_response.status
+
+def default_on_success(request, identity_url, openid_response):
+    """ default action on openid signin success """
+    request.session['openid'] = from_openid_response(openid_response)
+    return HttpResponseRedirect(clean_next(request.GET.get('next')))
+
+def default_on_failure(request, message):
+    """ default failure action on signin """
+    return render('openid_failure.html', {
+        'message': message
+    })
+
+
+def not_authenticated(func):
+    """ decorator that redirect user to next page if
+    he is already logged."""
+    def decorated(request, *args, **kwargs):
+        if request.user.is_authenticated():
+            next = request.GET.get("next", "/")
+            return HttpResponseRedirect(next)
+        return func(request, *args, **kwargs)
+    return decorated
+
+@not_authenticated
+def signin(request):
+    """
+    signin page. It manage the legacy authentification (user/password) 
+    and authentification with openid.
+
+    url: /signin/
+    
+    template : authopenid/signin.htm
+    """
+    request.encoding = 'UTF-8'
+    on_failure = signin_failure
+    next = clean_next(request.GET.get('next'))
+
+    form_signin = OpenidSigninForm(initial={'next':next})
+    form_auth = OpenidAuthForm(initial={'next':next})
+    
+    if request.POST:   
+        
+        if 'bsignin' in request.POST.keys():
+
+            form_signin = OpenidSigninForm(request.POST)
+            if form_signin.is_valid():
+                next = clean_next(form_signin.cleaned_data.get('next'))
+                sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
+                redirect_to = "%s%s?%s" % (
+                        get_url_host(request),
+                        reverse('user_complete_signin'), 
+                        urllib.urlencode({'next':next})
+                )
+
+                return ask_openid(request, 
+                        form_signin.cleaned_data['openid_url'], 
+                        redirect_to, 
+                        on_failure=signin_failure, 
+                        sreg_request=sreg_req)
+
+        elif 'blogin' in request.POST.keys():
+            # perform normal django authentification
+            form_auth = OpenidAuthForm(request.POST)
+            if form_auth.is_valid():
+                user_ = form_auth.get_user()
+                login(request, user_)
+                next = clean_next(form_auth.cleaned_data.get('next'))
+                return HttpResponseRedirect(next)
+
+
+    return render('authopenid/signin.html', {
+        'form1': form_auth,
+        'form2': form_signin,
+        'msg':  request.GET.get('msg',''),
+        'sendpw_url': reverse('user_sendpw'),
+    }, context_instance=RequestContext(request))
+
+def complete_signin(request):
+    """ in case of complete signin with openid """
+    return complete(request, signin_success, signin_failure,
+            get_url_host(request) + reverse('user_complete_signin'))
+
+
+def signin_success(request, identity_url, openid_response):
+    """
+    openid signin success.
+
+    If the openid is already registered, the user is redirected to 
+    url set par next or in settings with OPENID_REDIRECT_NEXT variable.
+    If none of these urls are set user is redirectd to /.
+
+    if openid isn't registered user is redirected to register page.
+    """
+
+    openid_ = from_openid_response(openid_response)
+    request.session['openid'] = openid_
+    try:
+        rel = UserAssociation.objects.get(openid_url__exact = str(openid_))
+    except:
+        # try to register this new user
+        return register(request)
+    user_ = rel.user
+    if user_.is_active:
+        user_.backend = "django.contrib.auth.backends.ModelBackend"
+        login(request, user_)
+        
+    next = clean_next(request.GET.get('next'))
+    return HttpResponseRedirect(next)
+
+def is_association_exist(openid_url):
+    """ test if an openid is already in database """
+    is_exist = True
+    try:
+        uassoc = UserAssociation.objects.get(openid_url__exact = openid_url)
+    except:
+        is_exist = False
+    return is_exist
+
+@not_authenticated
+def register(request):
+    """
+    register an openid.
+
+    If user is already a member he can associate its openid with 
+    its account.
+
+    A new account could also be created and automaticaly associated
+    to the openid.
+
+    url : /complete/
+
+    template : authopenid/complete.html
+    """
+
+    is_redirect = False
+    next = clean_next(request.GET.get('next'))
+    openid_ = request.session.get('openid', None)
+    if not openid_:
+        return HttpResponseRedirect(reverse('user_signin') + next)
+
+    nickname = openid_.sreg.get('nickname', '')
+    email = openid_.sreg.get('email', '')
+    
+    form1 = OpenidRegisterForm(initial={
+        'next': next,
+        'username': nickname,
+        'email': email,
+    }) 
+    form2 = OpenidVerifyForm(initial={
+        'next': next,
+        'username': nickname,
+    })
+    
+    if request.POST:
+        just_completed = False
+        if 'bnewaccount' in request.POST.keys():
+            form1 = OpenidRegisterForm(request.POST)
+            if form1.is_valid():
+                next = clean_next(form1.cleaned_data.get('next'))
+                is_redirect = True
+                tmp_pwd = User.objects.make_random_password()
+                user_ = User.objects.create_user(form1.cleaned_data['username'],
+                         form1.cleaned_data['email'], tmp_pwd)
+                
+                # make association with openid
+                uassoc = UserAssociation(openid_url=str(openid_),
+                        user_id=user_.id)
+                uassoc.save()
+                    
+                # login 
+                user_.backend = "django.contrib.auth.backends.ModelBackend"
+                login(request, user_)
+        elif 'bverify' in request.POST.keys():
+            form2 = OpenidVerifyForm(request.POST)
+            if form2.is_valid():
+                is_redirect = True
+                next = clean_next(form2.cleaned_data.get('next'))
+                user_ = form2.get_user()
+
+                uassoc = UserAssociation(openid_url=str(openid_),
+                        user_id=user_.id)
+                uassoc.save()
+                login(request, user_)
+        
+        # redirect, can redirect only if forms are valid.
+        if is_redirect:
+            return HttpResponseRedirect(next) 
+    
+    return render('authopenid/complete.html', {
+        'form1': form1,
+        'form2': form2,
+        'nickname': nickname,
+        'email': email
+    }, context_instance=RequestContext(request))
+
+def signin_failure(request, message):
+    """
+    falure with openid signin. Go back to signin page.
+
+    template : "authopenid/signin.html"
+    """
+    next = clean_next(request.GET.get('next'))
+    form_signin = OpenidSigninForm(initial={'next': next})
+    form_auth = OpenidAuthForm(initial={'next': next})
+
+    return render('authopenid/signin.html', {
+        'msg': message,
+        'form1': form_auth,
+        'form2': form_signin,
+    }, context_instance=RequestContext(request))
+
+@not_authenticated
+def signup(request):
+    """
+    signup page. Create a legacy account
+
+    url : /signup/"
+
+    templates: authopenid/signup.html, authopenid/confirm_email.txt
+    """
+    action_signin = reverse('user_signin')
+    next = clean_next(request.GET.get('next'))
+    form = RegistrationForm(initial={'next':next})
+    form_signin = OpenidSigninForm(initial={'next':next})
+    
+    if request.POST:
+        form = RegistrationForm(request.POST)
+        if form.is_valid():
+            next = clean_next(form.cleaned_data.get('next'))
+            user_ = User.objects.create_user( form.cleaned_data['username'],
+                    form.cleaned_data['email'], form.cleaned_data['password1'])
+           
+            user_.backend = "django.contrib.auth.backends.ModelBackend"
+            login(request, user_)
+            
+            # send email
+            current_domain = Site.objects.get_current().domain
+            subject = _("Welcome")
+            message_template = loader.get_template(
+                    'authopenid/confirm_email.txt'
+            )
+            message_context = Context({ 
+                'site_url': 'http://%s/' % current_domain,
+                'username': form.cleaned_data['username'],
+                'password': form.cleaned_data['password1'] 
+            })
+            message = message_template.render(message_context)
+            send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, 
+                    [user_.email])
+            
+            return HttpResponseRedirect(next)
+    
+    return render('authopenid/signup.html', {
+        'form': form,
+        'form2': form_signin,
+        }, context_instance=RequestContext(request))
+
+@login_required
+def signout(request):
+    """
+    signout from the website. Remove openid from session and kill it.
+
+    url : /signout/"
+    """
+    try:
+        del request.session['openid']
+    except KeyError:
+        pass
+    next = clean_next(request.GET.get('next'))
+    logout(request)
+    
+    return HttpResponseRedirect(next)
+    
+def xrdf(request):
+    url_host = get_url_host(request)
+    return_to = [
+        "%s%s" % (url_host, reverse('user_complete_signin'))
+    ]
+    return render('authopenid/yadis.xrdf', { 
+        'return_to': return_to 
+        }, context_instance=RequestContext(request))
+
+@login_required
+def account_settings(request):
+    """
+    index pages to changes some basic account settings :
+     - change password
+     - change email
+     - associate a new openid
+     - delete account
+
+    url : /
+
+    template : authopenid/settings.html
+    """
+    msg = request.GET.get('msg', '')
+    is_openid = True
+
+    try:
+        uassoc = UserAssociation.objects.get(
+                user__username__exact=request.user.username
+        )
+    except:
+        is_openid = False
+
+
+    return render('authopenid/settings.html', {
+        'msg': msg,
+        'is_openid': is_openid
+        }, context_instance=RequestContext(request))
+
+@login_required
+def changepw(request):
+    """
+    change password view.
+
+    url : /changepw/
+    template: authopenid/changepw.html
+    """
+    
+    user_ = request.user
+    
+    if request.POST:
+        form = ChangepwForm(request.POST, user=user_)
+        if form.is_valid():
+            user_.set_password(form.cleaned_data['password1'])
+            user_.save()
+            msg = _("Password changed.") 
+            redirect = "%s?msg=%s" % (
+                    reverse('user_account_settings'),
+                    urlquote_plus(msg))
+            return HttpResponseRedirect(redirect)
+    else:
+        form = ChangepwForm(user=user_)
+
+    return render('authopenid/changepw.html', {'form': form },
+                                context_instance=RequestContext(request))
+
+@login_required
+def changeemail(request):
+    """ 
+    changeemail view. It require password or openid to allow change.
+
+    url: /changeemail/
+
+    template : authopenid/changeemail.html
+    """
+    msg = request.GET.get('msg', '')
+    extension_args = {}
+    user_ = request.user
+    
+    redirect_to = get_url_host(request) + reverse('user_changeemail')
+
+    if request.POST:
+        form = ChangeemailForm(request.POST, user=user_)
+        if form.is_valid():
+            if not form.test_openid:
+                user_.email = form.cleaned_data['email']
+                user_.save()
+                msg = _("Email changed.") 
+                redirect = "%s?msg=%s" % (reverse('user_account_settings'),
+                        urlquote_plus(msg))
+                return HttpResponseRedirect(redirect)
+            else:
+                request.session['new_email'] = form.cleaned_data['email']
+                return ask_openid(request, form.cleaned_data['password'], 
+                        redirect_to, on_failure=emailopenid_failure)    
+    elif not request.POST and 'openid.mode' in request.GET:
+        return complete(request, emailopenid_success, 
+                emailopenid_failure, redirect_to) 
+    else:
+        form = ChangeemailForm(initial={'email': user_.email},
+                user=user_)
+    
+    return render('authopenid/changeemail.html', {
+        'form': form,
+        'msg': msg 
+        }, context_instance=RequestContext(request))
+
+
+def emailopenid_success(request, identity_url, openid_response):
+    openid_ = from_openid_response(openid_response)
+
+    user_ = request.user
+    try:
+        uassoc = UserAssociation.objects.get(
+                openid_url__exact=identity_url
+        )
+    except:
+        return emailopenid_failure(request, 
+                _("No OpenID %s found associated in our database" % identity_url))
+
+    if uassoc.user.username != request.user.username:
+        return emailopenid_failure(request, 
+                _("The OpenID %s isn't associated to current user logged in" % 
+                    identity_url))
+    
+    new_email = request.session.get('new_email', '')
+    if new_email:
+        user_.email = new_email
+        user_.save()
+        del request.session['new_email']
+    msg = _("Email Changed.")
+
+    redirect = "%s?msg=%s" % (reverse('user_account_settings'),
+            urlquote_plus(msg))
+    return HttpResponseRedirect(redirect)
+    
+
+def emailopenid_failure(request, message):
+    redirect_to = "%s?msg=%s" % (
+            reverse('user_changeemail'), urlquote_plus(message))
+    return HttpResponseRedirect(redirect_to)
+ 
+@login_required
+def changeopenid(request):
+    """
+    change openid view. Allow user to change openid 
+    associated to its username.
+
+    url : /changeopenid/
+
+    template: authopenid/changeopenid.html
+    """
+
+    extension_args = {}
+    openid_url = ''
+    has_openid = True
+    msg = request.GET.get('msg', '')
+        
+    user_ = request.user
+
+    try:
+        uopenid = UserAssociation.objects.get(user=user_)
+        openid_url = uopenid.openid_url
+    except:
+        has_openid = False
+    
+    redirect_to = get_url_host(request) + reverse('user_changeopenid')
+    if request.POST and has_openid:
+        form = ChangeopenidForm(request.POST, user=user_)
+        if form.is_valid():
+            return ask_openid(request, form.cleaned_data['openid_url'],
+                    redirect_to, on_failure=changeopenid_failure)
+    elif not request.POST and has_openid:
+        if 'openid.mode' in request.GET:
+            return complete(request, changeopenid_success,
+                    changeopenid_failure, redirect_to)    
+
+    form = ChangeopenidForm(initial={'openid_url': openid_url }, user=user_)
+    return render('authopenid/changeopenid.html', {
+        'form': form,
+        'has_openid': has_openid, 
+        'msg': msg 
+        }, context_instance=RequestContext(request))
+
+def changeopenid_success(request, identity_url, openid_response):
+    openid_ = from_openid_response(openid_response)
+    is_exist = True
+    try:
+        uassoc = UserAssociation.objects.get(openid_url__exact=identity_url)
+    except:
+        is_exist = False
+        
+    if not is_exist:
+        try:
+            uassoc = UserAssociation.objects.get(
+                    user__username__exact=request.user.username
+            )
+            uassoc.openid_url = identity_url
+            uassoc.save()
+        except:
+            uassoc = UserAssociation(user=request.user, 
+                    openid_url=identity_url)
+            uassoc.save()
+    elif uassoc.user.username != request.user.username:
+        return changeopenid_failure(request, 
+                _('This OpenID is already associated with another account.'))
+
+    request.session['openids'] = []
+    request.session['openids'].append(openid_)
+
+    msg = _("OpenID %s is now associated with your account." % identity_url) 
+    redirect = "%s?msg=%s" % (
+            reverse('user_account_settings'), 
+            urlquote_plus(msg))
+    return HttpResponseRedirect(redirect)
+    
+
+def changeopenid_failure(request, message):
+    redirect_to = "%s?msg=%s" % (
+            reverse('user_changeopenid'), 
+            urlquote_plus(message))
+    return HttpResponseRedirect(redirect_to)
+  
+@login_required
+def delete(request):
+    """
+    delete view. Allow user to delete its account. Password/openid are required to 
+    confirm it. He should also check the confirm checkbox.
+
+    url : /delete
+
+    template : authopenid/delete.html
+    """
+
+    extension_args = {}
+    
+    user_ = request.user
+
+    redirect_to = get_url_host(request) + reverse('user_delete') 
+    if request.POST:
+        form = DeleteForm(request.POST, user=user_)
+        if form.is_valid():
+            if not form.test_openid:
+                user_.delete() 
+                return signout(request)
+            else:
+                return ask_openid(request, form.cleaned_data['password'],
+                        redirect_to, on_failure=deleteopenid_failure)
+    elif not request.POST and 'openid.mode' in request.GET:
+        return complete(request, deleteopenid_success, deleteopenid_failure,
+                redirect_to) 
+    
+    form = DeleteForm(user=user_)
+
+    msg = request.GET.get('msg','')
+    return render('authopenid/delete.html', {
+        'form': form, 
+        'msg': msg, 
+        }, context_instance=RequestContext(request))
+
+def deleteopenid_success(request, identity_url, openid_response):
+    openid_ = from_openid_response(openid_response)
+
+    user_ = request.user
+    try:
+        uassoc = UserAssociation.objects.get(
+                openid_url__exact=identity_url
+        )
+    except:
+        return deleteopenid_failure(request,
+                _("No OpenID %s found associated in our database" % identity_url))
+
+    if uassoc.user.username == user_.username:
+        user_.delete()
+        return signout(request)
+    else:
+        return deleteopenid_failure(request,
+                _("The OpenID %s isn't associated to current user logged in" % 
+                    identity_url))
+    
+    msg = _("Account deleted.") 
+    redirect = "/?msg=%s" % (urlquote_plus(msg))
+    return HttpResponseRedirect(redirect)
+    
+
+def deleteopenid_failure(request, message):
+    redirect_to = "%s?msg=%s" % (reverse('user_delete'), urlquote_plus(message))
+    return HttpResponseRedirect(redirect_to)
+
+
+def sendpw(request):
+    """
+    send a new password to the user. It return a mail with 
+    a new pasword and a confirm link in. To activate the 
+    new password, the user should click on confirm link.
+
+    url : /sendpw/
+
+    templates :  authopenid/sendpw_email.txt, authopenid/sendpw.html
+    """
+
+    msg = request.GET.get('msg','')
+    if request.POST:
+        form = EmailPasswordForm(request.POST)
+        if form.is_valid():
+            new_pw = User.objects.make_random_password()
+            confirm_key = UserPasswordQueue.objects.get_new_confirm_key()
+            try:
+                uqueue = UserPasswordQueue.objects.get(
+                        user=form.user_cache
+                )
+            except:
+                uqueue = UserPasswordQueue(
+                        user=form.user_cache
+                )
+            uqueue.new_password = new_pw
+            uqueue.confirm_key = confirm_key
+            uqueue.save()
+            # send email 
+            current_domain = Site.objects.get_current().domain
+            subject = _("Request for new password")
+            message_template = loader.get_template(
+                    'authopenid/sendpw_email.txt')
+            message_context = Context({ 
+                'site_url': 'http://%s' % current_domain,
+                'confirm_key': confirm_key,
+                'username': form.user_cache.username,
+                'password': new_pw,
+                'url_confirm': reverse('user_confirmchangepw'),
+            })
+            message = message_template.render(message_context)
+            send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, 
+                    [form.user_cache.email])
+            msg = _("A new password has been sent to your email address.")
+    else:
+        form = EmailPasswordForm()
+        
+    return render('authopenid/sendpw.html', {
+        'form': form,
+        'msg': msg 
+        }, context_instance=RequestContext(request))
+
+
+def confirmchangepw(request):
+    """
+    view to set new password when the user click on confirm link
+    in its mail. Basically it check if the confirm key exist, then
+    replace old password with new password and remove confirm
+    ley from the queue. Then it redirect the user to signin
+    page.
+
+    url : /sendpw/confirm/?key
+
+    """
+    confirm_key = request.GET.get('key', '')
+    if not confirm_key:
+        return HttpResponseRedirect('/')
+
+    try:
+        uqueue = UserPasswordQueue.objects.get(
+                confirm_key__exact=confirm_key
+        )
+    except:
+        msg = _("Could not change password. Confirmation key '%s'\
+                is not registered." % confirm_key) 
+        redirect = "%s?msg=%s" % (
+                reverse('user_sendpw'), urlquote_plus(msg))
+        return HttpResponseRedirect(redirect)
+
+    try:
+        user_ = User.objects.get(id=uqueue.user.id)
+    except:
+        msg = _("Can not change password. User don't exist anymore \
+                in our database.") 
+        redirect = "%s?msg=%s" % (reverse('user_sendpw'), 
+                urlquote_plus(msg))
+        return HttpResponseRedirect(redirect)
+
+    user_.set_password(uqueue.new_password)
+    user_.save()
+    uqueue.delete()
+    msg = _("Password changed for %s. You may now sign in." % 
+            user_.username) 
+    redirect = "%s?msg=%s" % (reverse('user_signin'), 
+                                        urlquote_plus(msg))
+
+    return HttpResponseRedirect(redirect)