Mercurial > p > roundup > code
diff roundup/cgi/actions.py @ 5093:9954a358da18
- allow user to recover account password using an entry in the
Alternate E-mail addresses list. See:
http://psf.upfronthosting.co.za/roundup/meta/issue564
for description. Merge request at:
https://sourceforge.net/p/roundup/code/merge-requests/1/
Patch supplied by kinggreedy. Applied/tested by John Rouillard
It makes this work:
Click "Lost your login?" link
Enter an alternate address in the email address block.
Submit.
Get an email sent to alternate address with a one time reset
url.
Go to that url.
Before patch, email with new password was sent to the
address "E-mail address" for the user and not to the
alternate address.
After the patch, the email with new password is sent
to the "validated" (against the alternate address list)
alternate address supplied by the user.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 20 Jun 2016 22:04:32 -0400 |
| parents | e424987d294a fc03c1381690 |
| children | 156cbc1d182c |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Sun Jun 19 02:10:56 2016 -0400 +++ b/roundup/cgi/actions.py Mon Jun 20 22:04:32 2016 -0400 @@ -704,6 +704,9 @@ "to show up erroneously, please check your email)")) return + # pull the additional email address if exist + uaddress = otks.get(otk, 'uaddress', default=None) + # re-open the database as "admin" if self.user != 'admin': self.client.opendb('admin') @@ -726,8 +729,11 @@ return # user info - address = self.db.user.get(uid, 'address') name = self.db.user.get(uid, 'username') + if uaddress is None: + address = self.db.user.get(uid, 'address') + else: + address = uaddress # send the email tracker_name = self.db.config.TRACKER_NAME @@ -770,7 +776,7 @@ otk = ''.join([random.choice(chars) for x in range(32)]) while otks.exists(otk): otk = ''.join([random.choice(chars) for x in range(32)]) - otks.set(otk, uid=uid) + otks.set(otk, uid=uid, uaddress=address) self.db.commit() # send the email