moved forgot pass to basic_auth plugin

author: Rodney Ewing <ewing.rj@gmail.com> 2013-07-08 17:00:37 -0700
committer: Rodney Ewing <ewing.rj@gmail.com> 2013-08-16 10:28:47 -0700
commit: aeae6cc29099c4bea84bbfd006615104ba719b1e (patch)
tree: 56a89bf2efa7d47596d95a9644e710d056c4262e /mediagoblin/auth/views.py
parent: fb900ef27b65b3d220ce16972593869441b4c82c (diff)
download: mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.tar.lz
mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.tar.xz
mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.zip
1 files changed, 0 insertions, 161 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index dd71d5c1..285bddf6 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -24,11 +24,8 @@ from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.tools.pluginapi import hook_handle
-from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.tools import (send_verification_email, register_user,
-                                    send_fp_verification_email,
                                     check_login_simple)
-from mediagoblin import auth
 
 
 @allow_registration
@@ -204,161 +201,3 @@ def resend_activation(request):
     return redirect(
         request, 'mediagoblin.user_pages.user_home',
         user=request.user.username)
-
-
-def forgot_password(request):
-    """
-    Forgot password view
-
-    Sends an email with an url to renew forgotten password.
-    Use GET querystring parameter 'username' to pre-populate the input field
-    """
-    if not 'pass_auth' in request.template_env.globals:
-        return redirect(request, 'index')
-
-    fp_form = auth_forms.ForgotPassForm(request.form,
-                                        username=request.args.get('username'))
-
-    if not (request.method == 'POST' and fp_form.validate()):
-        # Either GET request, or invalid form submitted. Display the template
-        return render_to_response(request,
-            'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form,})
-
-    # If we are here: method == POST and form is valid. username casing
-    # has been sanitized. Store if a user was found by email. We should
-    # not reveal if the operation was successful then as we don't want to
-    # leak if an email address exists in the system.
-    found_by_email = '@' in fp_form.username.data
-
-    if found_by_email:
-        user = User.query.filter_by(
-            email = fp_form.username.data).first()
-        # Don't reveal success in case the lookup happened by email address.
-        success_message=_("If that email address (case sensitive!) is "
-                          "registered an email has been sent with instructions "
-                          "on how to change your password.")
-
-    else: # found by username
-        user = User.query.filter_by(
-            username = fp_form.username.data).first()
-
-        if user is None:
-            messages.add_message(request,
-                                 messages.WARNING,
-                                 _("Couldn't find someone with that username."))
-            return redirect(request, 'mediagoblin.auth.forgot_password')
-
-        success_message=_("An email has been sent with instructions "
-                          "on how to change your password.")
-
-    if user and not(user.email_verified and user.status == 'active'):
-        # Don't send reminder because user is inactive or has no verified email
-        messages.add_message(request,
-            messages.WARNING,
-            _("Could not send password recovery email as your username is in"
-              "active or your account's email address has not been verified."))
-
-        return redirect(request, 'mediagoblin.user_pages.user_home',
-                        user=user.username)
-
-    # SUCCESS. Send reminder and return to login page
-    if user:
-        email_debug_message(request)
-        send_fp_verification_email(user, request)
-
-    messages.add_message(request, messages.INFO, success_message)
-    return redirect(request, 'mediagoblin.auth.login')
-
-
-def verify_forgot_password(request):
-    """
-    Check the forgot-password verification and possibly let the user
-    change their password because of it.
-    """
-    # get form data variables, and specifically check for presence of token
-    formdata = _process_for_token(request)
-    if not formdata['has_token']:
-        return render_404(request)
-
-    formdata_vars = formdata['vars']
-
-    # Catch error if token is faked or expired
-    try:
-        token = get_timed_signer_url("mail_verification_token") \
-                .loads(formdata_vars['token'], max_age=10*24*3600)
-    except BadSignature:
-        messages.add_message(
-            request,
-            messages.ERROR,
-            _('The verification key or user id is incorrect.'))
-
-        return redirect(
-            request,
-            'index')
-
-    # check if it's a valid user id
-    user = User.query.filter_by(id=int(token)).first()
-
-    # no user in db
-    if not user:
-        messages.add_message(
-            request, messages.ERROR,
-            _('The user id is incorrect.'))
-        return redirect(
-            request, 'index')
-
-    # check if user active and has email verified
-    if user.email_verified and user.status == 'active':
-
-        cp_form = auth_forms.ChangePassForm(formdata_vars)
-
-        if request.method == 'POST' and cp_form.validate():
-            user.pw_hash = auth.gen_password_hash(
-                cp_form.password.data)
-            user.save()
-
-            messages.add_message(
-                request,
-                messages.INFO,
-                _("You can now log in using your new password."))
-            return redirect(request, 'mediagoblin.auth.login')
-        else:
-            return render_to_response(
-                request,
-                'mediagoblin/auth/change_fp.html',
-                {'cp_form': cp_form,})
-
-    if not user.email_verified:
-        messages.add_message(
-            request, messages.ERROR,
-            _('You need to verify your email before you can reset your'
-              ' password.'))
-
-    if not user.status == 'active':
-        messages.add_message(
-            request, messages.ERROR,
-            _('You are no longer an active user. Please contact the system'
-              ' admin to reactivate your accoutn.'))
-
-    return redirect(
-        request, 'index')
-
-
-def _process_for_token(request):
-    """
-    Checks for tokens in formdata without prior knowledge of request method
-
-    For now, returns whether the userid and token formdata variables exist, and
-    the formdata variables in a hash. Perhaps an object is warranted?
-    """
-    # retrieve the formdata variables
-    if request.method == 'GET':
-        formdata_vars = request.GET
-    else:
-        formdata_vars = request.form
-
-    formdata = {
-        'vars': formdata_vars,
-        'has_token': 'token' in formdata_vars}
-
-    return formdata
author	Rodney Ewing <ewing.rj@gmail.com>	2013-07-08 17:00:37 -0700
committer	Rodney Ewing <ewing.rj@gmail.com>	2013-08-16 10:28:47 -0700
commit	aeae6cc29099c4bea84bbfd006615104ba719b1e (patch)
tree	56a89bf2efa7d47596d95a9644e710d056c4262e /mediagoblin/auth/views.py
parent	fb900ef27b65b3d220ce16972593869441b4c82c (diff)
download	mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.tar.lz mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.tar.xz mediagoblin-aeae6cc29099c4bea84bbfd006615104ba719b1e.zip