Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

comparison roundup/cgi/client.py @ 1477:ed725179953d

Added password reset facility for forgotten passwords. Uses similar mechanism to PyPI.

author	Richard Jones <richard@users.sourceforge.net>
date	Thu, 27 Feb 2003 05:43:02 +0000
parents	77942e0a12fe
children	2704d8438823

comparison

equal deleted inserted replaced

-:5a01e90b7dc9
+:ed725179953d
-# $Id: client.py,v 1.100 2003-02-26 04:57:49 richard Exp $
+# $Id: client.py,v 1.101 2003-02-27 05:43:01 richard Exp $
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
 """
 import os, os.path, cgi, StringIO, urlparse, re, traceback, mimetypes, urllib
 import binascii, Cookie, time, random, MimeWriter, smtplib, socket, quopri
-import stat, rfc822
+import stat, rfc822, string
 from roundup import roundupdb, date, hyperdb, password
 from roundup.i18n import _
 from roundup.cgi.templating import Templates, HTMLRequest, NoTemplate
 from roundup.cgi import cgitb
 from roundup.cgi.PageTemplates import PageTemplate
 from roundup.rfc2822 import encode_header
+from roundup.mailgw import uidFromAddress
 class HTTPException(Exception):
 pass
 class  Unauthorised(HTTPException):
 pass
 except:
 # everything else
 self.write(cgitb.html())
 def clean_sessions(self):
-'''age sessions, remove when they haven't been used for a week.
+''' Age sessions, remove when they haven't been used for a week.
-Do it only once an hour'''
+Do it only once an hour.
+Note: also cleans One Time Keys, and other "session" based
+stuff.
+'''
 sessions = self.db.sessions
 last_clean = sessions.get('last_clean', 'last_use') or 0
 week = 60*60*24*7
 hour = 60*60
 now = time.time()
 if now - last_clean > hour:
-# remove age sessions
+# remove aged sessions
 for sessid in sessions.list():
 interval = now - sessions.get(sessid, 'last_use')
 if interval > week:
 sessions.destroy(sessid)
+# remove aged otks
+otks = self.db.otks
+for sessid in otks.list():
+interval = now - okts.get(sessid, '__time')
+if interval > week:
+otk.destroy(sessid)
 sessions.set('last_clean', last_use=time.time())
 def determine_user(self):
 ''' Determine who the user is
 '''
 ('edit',     'editItemAction'),
 ('editcsv',  'editCSVAction'),
 ('new',      'newItemAction'),
 ('register', 'registerAction'),
 ('confrego', 'confRegoAction'),
+('passrst',  'passResetAction'),
 ('login',    'loginAction'),
 ('logout',   'logout_action'),
 ('search',   'searchAction'),
 ('retire',   'retireAction'),
 ('show',     'showAction'),
 )
 def handle_action(self):
 ''' Determine whether there should be an Action called.
 The action is defined by the form variable :action which
-identifies the method on this object to call. The four basic
+identifies the method on this object to call. The actions
-actions are defined in the "actions" sequence on this class:
+are defined in the "actions" sequence on this class.
-"edit"      -> self.editItemAction
-"editcsv"   -> self.editCSVAction
-"new"       -> self.newItemAction
-"register"  -> self.registerAction
-"confrego"  -> self.confRegoAction
-"login"     -> self.loginAction
-"logout"    -> self.logout_action
-"search"    -> self.searchAction
-"retire"    -> self.retireAction
 '''
 if self.form.has_key(':action'):
 action = self.form[':action'].value.lower()
 elif self.form.has_key('@action'):
 action = self.form['@action'].value.lower()
 now, self.cookie_path)
 # Let the user know what's going on
 self.ok_message.append(_('You are logged out'))
-chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+chars = string.letters+string.digits
 def registerAction(self):
 '''Attempt to create a new user based on the contents of the form
 and then set the cookie.
 return 1 on successful login
 props[propname] = str(value)
 elif isinstance(proptype, hyperdb.Interval):
 props[propname] = str(value)
 elif isinstance(proptype, hyperdb.Password):
 props[propname] = str(value)
+props['__time'] = time.time()
 self.db.otks.set(otk, **props)
+# send the email
+tracker_name = self.db.config.TRACKER_NAME
+subject = 'Complete your registration to %s'%tracker_name
+body = '''
+To complete your registration of the user "%(name)s" with %(tracker)s,
+please visit the following URL:
+%(url)s?@action=confrego&otk=%(otk)s
+'''%{'name': props['username'], 'tracker': tracker_name, 'url': self.base,
+'otk': otk}
+if not self.sendEmail(props['address'], subject, body):
+return
+# commit changes to the database
+self.db.commit()
+# redirect to the "you're almost there" page
+raise Redirect, '%suser?@template=rego_progress'%self.base
+def sendEmail(self, to, subject, content):
 # send email to the user's email address
 message = StringIO.StringIO()
 writer = MimeWriter.MimeWriter(message)
 tracker_name = self.db.config.TRACKER_NAME
-s = 'Complete your registration to %s'%tracker_name
+writer.addheader('Subject', encode_header(subject))
-writer.addheader('Subject', encode_header(s))
+writer.addheader('To', to)
-writer.addheader('To', props['address'])
 writer.addheader('From', roundupdb.straddr((tracker_name,
 self.db.config.ADMIN_EMAIL)))
 writer.addheader('Date', time.strftime("%a, %d %b %Y %H:%M:%S +0000",
 time.gmtime()))
 # add a uniquely Roundup header to help filtering
 writer.addheader('X-Roundup-Loop', 'hello')
 writer.addheader('Content-Transfer-Encoding', 'quoted-printable')
 body = writer.startbody('text/plain; charset=utf-8')
 # message body, encoded quoted-printable
-content = StringIO.StringIO('''
+content = StringIO.StringIO(content)
-To complete your registration of the user "%(name)s" with %(tracker)s,
-please visit the following URL:
-http://localhost:8001/test/?@action=confrego&otk=%(otk)s
-'''%{'name': props['username'], 'tracker': tracker_name, 'url': self.base,
-'otk': otk})
 quopri.encode(content, body, 0)
 # now try to send the message
 try:
 # send the message as admin so bounces are sent there
 # instead of to roundup
 smtp = smtplib.SMTP(self.db.config.MAILHOST)
-smtp.sendmail(self.db.config.ADMIN_EMAIL, [props['address']],
+smtp.sendmail(self.db.config.ADMIN_EMAIL, [to], message.getvalue())
-message.getvalue())
 except socket.error, value:
-self.error_message.append("Error: couldn't send "
+self.error_message.append("Error: couldn't send email: "
-"confirmation email: mailhost %s"%value)
+"mailhost %s"%value)
-return
+return 0
 except smtplib.SMTPException, value:
-self.error_message.append("Error: couldn't send "
+self.error_message.append("Error: couldn't send email: %s"%value)
-"confirmation email: %s"%value)
+return 0
-return
+return 1
-# commit changes to the database
-self.db.commit()
-# redirect to the "you're almost there" page
-raise Redirect, '%s?:template=rego_step1_done'%self.base
 def registerPermission(self, props):
 ''' Determine whether the user has permission to register
 Base behaviour is to check the user has "Web Registration".
 cl = self.db.user
 # XXX we need to make the "default" page be able to display errors!
 #        try:
 if 1:
 props['roles'] = self.instance.config.NEW_WEB_USER_ROLES
+del props['__time']
 self.userid = cl.create(**props)
 # clear the props from the otk database
 self.db.otks.destroy(otk)
 self.db.commit()
 #        except (ValueError, KeyError), message:
 message = _('You are now registered, welcome!')
 # redirect to the item's edit page
 raise Redirect, '%suser%s?@ok_message=%s'%(
 self.base, self.userid,  urllib.quote(message))
+def passResetAction(self):
+''' Handle password reset requests.
+Presence of either "name" or "address" generate email.
+Presense of "otk" performs the reset.
+'''
+if self.form.has_key('otk'):
+# pull the rego information out of the otk database
+otk = self.form['otk'].value
+uid = self.db.otks.get(otk, 'uid')
+# re-open the database as "admin"
+if self.user != 'admin':
+self.opendb('admin')
+# change the password
+newpw = ''.join([random.choice(self.chars) for x in range(8)])
+cl = self.db.user
+# XXX we need to make the "default" page be able to display errors!
+#        try:
+if 1:
+# set the password
+cl.set(uid, password=password.Password(newpw))
+# clear the props from the otk database
+self.db.otks.destroy(otk)
+self.db.commit()
+#        except (ValueError, KeyError), message:
+#            self.error_message.append(str(message))
+#            return
+# user info
+address = self.db.user.get(uid, 'address')
+name = self.db.user.get(uid, 'username')
+# send the email
+tracker_name = self.db.config.TRACKER_NAME
+subject = 'Password reset for %s'%tracker_name
+body = '''
+The password has been reset for username "%(name)s".
+Your password is now: %(password)s
+'''%{'name': name, 'password': newpw}
+if not self.sendEmail(address, subject, body):
+return
+self.ok_message.append('Password reset and email sent to %s'%address)
+return
+# no OTK, so now figure the user
+if self.form.has_key('username'):
+name = self.form['username'].value
+try:
+uid = self.db.user.lookup(name)
+except KeyError:
+self.error_message.append('Unknown username')
+return
+address = self.db.user.get(uid, 'address')
+elif self.form.has_key('address'):
+address = self.form['address'].value
+uid = uidFromAddress(self.db, ('', address), create=0)
+if not uid:
+self.error_message.append('Unknown email address')
+return
+name = self.db.user.get(uid, 'username')
+else:
+self.error_message.append('You need to specify a username '
+'or address')
+return
+# generate the one-time-key and store the props for later
+otk = ''.join([random.choice(self.chars) for x in range(32)])
+self.db.otks.set(otk, uid=uid, __time=time.time())
+# send the email
+tracker_name = self.db.config.TRACKER_NAME
+subject = 'Confirm reset of password for %s'%tracker_name
+body = '''
+Someone, perhaps you, has requested that the password be changed for your
+username, "%(name)s". If you wish to proceed with the change, please follow
+the link below:
+%(url)suser?@template=forgotten&@action=passrst&otk=%(otk)s
+You should then receive another email with the new password.
+'''%{'name': name, 'tracker': tracker_name, 'url': self.base, 'otk': otk}
+if not self.sendEmail(address, subject, body):
+return
+self.ok_message.append('Email sent to %s'%address)
 def editItemAction(self):
 ''' Perform an edit of an item in the database.
 See parsePropsFromForm and _editnodes for special variables

Mercurial > p > roundup > code

comparison roundup/cgi/client.py @ 1477:ed725179953d