diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-11-01 10:08:12 -0500 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-11-01 10:08:12 -0500 |
| commit | 70b0712de2330d38fd60912d04ba361115fd3b01 (patch) | |
| tree | 85a327b60509c6add6020b56fb7f711ee9e68f1b /mediagoblin/auth | |
| parent | ea281d2480f584837e0294e1045e26d59e0b8295 (diff) | |
| download | mediagoblin-70b0712de2330d38fd60912d04ba361115fd3b01.tar.lz mediagoblin-70b0712de2330d38fd60912d04ba361115fd3b01.tar.xz mediagoblin-70b0712de2330d38fd60912d04ba361115fd3b01.zip | |
Removing duplicate views from views.py
Diffstat (limited to 'mediagoblin/auth')
| -rw-r--r-- | mediagoblin/auth/views.py | 158 |
1 files changed, 0 insertions, 158 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index dc03515b..3d132f84 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -204,161 +204,3 @@ def resend_activation(request): return redirect( request, 'mediagoblin.user_pages.user_home', user=request.user.username) - - -def forgot_password(request): - """ - Forgot password view - - Sends an email with an url to renew forgotten password. - Use GET querystring parameter 'username' to pre-populate the input field - """ - if not 'pass_auth' in request.template_env.globals: - return redirect(request, 'index') - - fp_form = auth_forms.ForgotPassForm(request.form, - username=request.args.get('username')) - - if not (request.method == 'POST' and fp_form.validate()): - # Either GET request, or invalid form submitted. Display the template - return render_to_response(request, - 'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form,}) - - # If we are here: method == POST and form is valid. username casing - # has been sanitized. Store if a user was found by email. We should - # not reveal if the operation was successful then as we don't want to - # leak if an email address exists in the system. - found_by_email = '@' in fp_form.username.data - - if found_by_email: - user = User.query.filter_by( - email = fp_form.username.data).first() - # Don't reveal success in case the lookup happened by email address. - success_message=_("If that email address (case sensitive!) is " - "registered an email has been sent with instructions " - "on how to change your password.") - - else: # found by username - user = User.query.filter_by( - username = fp_form.username.data).first() - - if user is None: - messages.add_message(request, - messages.WARNING, - _("Couldn't find someone with that username.")) - return redirect(request, 'mediagoblin.auth.forgot_password') - - success_message=_("An email has been sent with instructions " - "on how to change your password.") - - if user and not(user.has_privilege(u'active')): - # Don't send reminder because user is inactive or has no verified email - messages.add_message(request, - messages.WARNING, - _("Could not send password recovery email as your username is in" - "active or your account's email address has not been verified.")) - - return redirect(request, 'mediagoblin.user_pages.user_home', - user=user.username) - - # SUCCESS. Send reminder and return to login page - if user: - email_debug_message(request) - send_fp_verification_email(user, request) - - messages.add_message(request, messages.INFO, success_message) - return redirect(request, 'mediagoblin.auth.login') - - -def verify_forgot_password(request): - """ - Check the forgot-password verification and possibly let the user - change their password because of it. - """ - # get form data variables, and specifically check for presence of token - formdata = _process_for_token(request) - if not formdata['has_token']: - return render_404(request) - - formdata_vars = formdata['vars'] - - # Catch error if token is faked or expired - try: - token = get_timed_signer_url("mail_verification_token") \ - .loads(formdata_vars['token'], max_age=10*24*3600) - except BadSignature: - messages.add_message( - request, - messages.ERROR, - _('The verification key or user id is incorrect.')) - - return redirect( - request, - 'index') - - # check if it's a valid user id - user = User.query.filter_by(id=int(token)).first() - - # no user in db - if not user: - messages.add_message( - request, messages.ERROR, - _('The user id is incorrect.')) - return redirect( - request, 'index') - - # check if user active - if user.has_privilege(u'active'): - - cp_form = auth_forms.ChangePassForm(formdata_vars) - - if request.method == 'POST' and cp_form.validate(): - user.pw_hash = auth.gen_password_hash( - cp_form.password.data) - user.save() - - messages.add_message( - request, - messages.INFO, - _("You can now log in using your new password.")) - return redirect(request, 'mediagoblin.auth.login') - else: - return render_to_response( - request, - 'mediagoblin/auth/change_fp.html', - {'cp_form': cp_form,}) - - if not user.has_privilege(u'active'): - messages.add_message( - request, messages.ERROR, - _('You need to verify your email before you can reset your' - ' password.')) - - if not user.has_privilege(u'active'): - messages.add_message( - request, messages.ERROR, - _('You are no longer an active user. Please contact the system' - ' admin to reactivate your account.')) - - return redirect( - request, 'index') - - -def _process_for_token(request): - """ - Checks for tokens in formdata without prior knowledge of request method - - For now, returns whether the userid and token formdata variables exist, and - the formdata variables in a hash. Perhaps an object is warranted? - """ - # retrieve the formdata variables - if request.method == 'GET': - formdata_vars = request.GET - else: - formdata_vars = request.form - - formdata = { - 'vars': formdata_vars, - 'has_token': 'token' in formdata_vars} - - return formdata |