diff options
| -rw-r--r-- | mediagoblin/auth/forms.py | 4 | ||||
| -rw-r--r-- | mediagoblin/auth/tools.py | 13 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 1 |
3 files changed, 11 insertions, 7 deletions
diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py index 866caa13..865502e9 100644 --- a/mediagoblin/auth/forms.py +++ b/mediagoblin/auth/forms.py @@ -29,7 +29,9 @@ class ForgotPassForm(wtforms.Form): class ChangePassForm(wtforms.Form): password = wtforms.PasswordField( - 'Password') + 'Password', + [wtforms.validators.Required(), + wtforms.validators.Length(min=5, max=1024)]) token = wtforms.HiddenField( '', [wtforms.validators.Required()]) diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 877da14f..f3f92414 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -102,8 +102,8 @@ def send_verification_email(user, request, email=None, EMAIL_FP_VERIFICATION_TEMPLATE = ( - u"http://{host}{uri}?" - u"userid={userid}&token={fp_verification_key}") + u"{uri}?" + u"token={fp_verification_key}") def send_fp_verification_email(user, request): @@ -114,14 +114,15 @@ def send_fp_verification_email(user, request): - user: a user object - request: the request """ + fp_verification_key = get_timed_signer_url('mail_verification_token') \ + .dumps(user.id) rendered_email = render_template( request, 'mediagoblin/auth/fp_verification_email.txt', {'username': user.username, 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format( - host=request.host, - uri=request.urlgen('mediagoblin.auth.verify_forgot_password'), - userid=unicode(user.id), - fp_verification_key=user.fp_verification_key)}) + uri=request.urlgen('mediagoblin.auth.verify_forgot_password', + qualified=True), + fp_verification_key=fp_verification_key)}) # TODO: There is no error handling in place send_email( diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 429eb584..25a02446 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -24,6 +24,7 @@ from mediagoblin import messages from mediagoblin import mg_globals from mediagoblin import auth +from mediagoblin.auth import tools as auth_tools from mediagoblin.edit import forms from mediagoblin.edit.lib import may_edit_media from mediagoblin.decorators import (require_active_login, active_user_from_url, |