← Back to branch summary

~ubuntu-branches/ubuntu/natty/moin/natty-updates

« back to all changes in this revision

Viewing changes to MoinMoin/action/recoverpass.py

  • Committer: Bazaar Package Importer
  • Author(s): Jonas Smedegaard
  • Date: 2008-06-22 21:17:13 UTC
  • mfrom: (0.9.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080622211713-fpo2zrq3s5dfecxg
Tags: 1.7.0-3
Simplify /etc/moin/wikilist format: "USER URL" (drop unneeded middle
CONFIG_DIR that was wrongly advertised as DATA_DIR).  Make
moin-mass-migrate handle both formats and warn about deprecation of
the old one.

Show diffs side-by-side

added added

removed removed

Lines of Context:
MoinMoin/action/recoverpass.py
 
1
# -*- coding: iso-8859-1 -*-
 
2
"""
 
3
    MoinMoin - create account action
 
4
 
 
5
    @copyright: 2007 MoinMoin:JohannesBerg
 
6
    @license: GNU GPL, see COPYING for details.
 
7
"""
 
8
 
 
9
from MoinMoin import user, wikiutil
 
10
from MoinMoin.Page import Page
 
11
from MoinMoin.widget import html
 
12
from MoinMoin.auth import MoinAuth
 
13
 
 
14
def _do_email(request, u):
 
15
    _ = request.getText
 
16
 
 
17
    if u and u.valid:
 
18
        is_ok, msg = u.mailAccountData()
 
19
        if not is_ok:
 
20
            return wikiutil.escape(msg)
 
21
 
 
22
    return _("If this account exists an email was sent.")
 
23
 
 
24
 
 
25
def _do_recover(request):
 
26
    _ = request.getText
 
27
    form = request.form
 
28
    if not request.cfg.mail_enabled:
 
29
        return _("""This wiki is not enabled for mail processing.
 
30
Contact the owner of the wiki, who can enable email.""")
 
31
 
 
32
    try:
 
33
        email = wikiutil.clean_input(form['email'][0].lower())
 
34
        if not email:
 
35
            # continue if email not given
 
36
            raise KeyError
 
37
 
 
38
        u = user.get_by_email_address(request, email)
 
39
 
 
40
        return _do_email(request, u)
 
41
    except KeyError:
 
42
        pass
 
43
 
 
44
    try:
 
45
        username = wikiutil.clean_input(form['name'][0])
 
46
        if not username:
 
47
            # continue if name not given
 
48
            raise KeyError
 
49
 
 
50
        u = user.User(request, user.getUserId(request, username))
 
51
 
 
52
        return _do_email(request, u)
 
53
    except KeyError:
 
54
        pass
 
55
 
 
56
    # neither succeeded, give error message
 
57
    return _("Please provide a valid email address or a username!")
 
58
 
 
59
 
 
60
def _create_form(request):
 
61
    _ = request.getText
 
62
    url = request.page.url(request)
 
63
    ret = html.FORM(action=url)
 
64
    ret.append(html.INPUT(type='hidden', name='action', value='recoverpass'))
 
65
    lang_attr = request.theme.ui_lang_attr()
 
66
    ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
 
67
    tbl = html.TABLE(border="0")
 
68
    ret.append(tbl)
 
69
    ret.append(html.Raw('</div>'))
 
70
 
 
71
    row = html.TR()
 
72
    tbl.append(row)
 
73
    row.append(html.TD().append(html.STRONG().append(html.Text(_("Username")))))
 
74
    row.append(html.TD().append(html.INPUT(type="text", size="36",
 
75
                                           name="name")))
 
76
 
 
77
    row = html.TR()
 
78
    tbl.append(row)
 
79
    row.append(html.TD().append(html.STRONG().append(html.Text(_("Email")))))
 
80
    row.append(html.TD().append(html.INPUT(type="text", size="36",
 
81
                                           name="email")))
 
82
 
 
83
    row = html.TR()
 
84
    tbl.append(row)
 
85
    row.append(html.TD())
 
86
    td = html.TD()
 
87
    row.append(td)
 
88
    td.append(html.INPUT(type="submit", name="account_sendmail",
 
89
                         value=_('Mail me my account data')))
 
90
 
 
91
    return unicode(ret)
 
92
 
 
93
 
 
94
def _create_token_form(request, name=None, token=None):
 
95
    _ = request.getText
 
96
    url = request.page.url(request)
 
97
    ret = html.FORM(action=url)
 
98
    ret.append(html.INPUT(type='hidden', name='action', value='recoverpass'))
 
99
    lang_attr = request.theme.ui_lang_attr()
 
100
    ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
 
101
    tbl = html.TABLE(border="0")
 
102
    ret.append(tbl)
 
103
    ret.append(html.Raw('</div>'))
 
104
 
 
105
    row = html.TR()
 
106
    tbl.append(row)
 
107
    row.append(html.TD().append(html.STRONG().append(html.Text(_("Username")))))
 
108
    value = name or ''
 
109
    row.append(html.TD().append(html.INPUT(type='text', size="36",
 
110
                                           name="name", value=value)))
 
111
 
 
112
    row = html.TR()
 
113
    tbl.append(row)
 
114
    row.append(html.TD().append(html.STRONG().append(html.Text(_("Recovery token")))))
 
115
    value = token or ''
 
116
    row.append(html.TD().append(html.INPUT(type='text', size="36",
 
117
                                           name="token", value=value)))
 
118
 
 
119
    row = html.TR()
 
120
    tbl.append(row)
 
121
    row.append(html.TD().append(html.STRONG().append(html.Text(_("New password")))))
 
122
    row.append(html.TD().append(html.INPUT(type="password", size="36",
 
123
                                           name="password")))
 
124
 
 
125
    row = html.TR()
 
126
    tbl.append(row)
 
127
    row.append(html.TD().append(html.STRONG().append(html.Text(_("New password (repeat)")))))
 
128
    row.append(html.TD().append(html.INPUT(type="password", size="36",
 
129
                                           name="password_repeat")))
 
130
 
 
131
    row = html.TR()
 
132
    tbl.append(row)
 
133
    row.append(html.TD())
 
134
    td = html.TD()
 
135
    row.append(td)
 
136
    td.append(html.INPUT(type="submit", name="recover", value=_('Reset my password')))
 
137
 
 
138
    return unicode(ret)
 
139
 
 
140
 
 
141
def execute(pagename, request):
 
142
    found = False
 
143
    for auth in request.cfg.auth:
 
144
        if isinstance(auth, MoinAuth):
 
145
            found = True
 
146
            break
 
147
 
 
148
    if not found:
 
149
        # we will not have linked, so forbid access
 
150
        request.makeForbidden403()
 
151
        return
 
152
 
 
153
    page = Page(request, pagename)
 
154
    _ = request.getText
 
155
    form = request.form
 
156
 
 
157
    if not request.cfg.mail_enabled:
 
158
        request.theme.add_msg(_("""This wiki is not enabled for mail processing.
 
159
Contact the owner of the wiki, who can enable email."""), 'warning')
 
160
        page.send_page()
 
161
        return
 
162
 
 
163
    submitted = form.get('account_sendmail', [''])[0]
 
164
    token = form.get('token', [''])[0]
 
165
    newpass = form.get('password', [''])[0]
 
166
    name = form.get('name', [''])[0]
 
167
 
 
168
    if token and name and newpass:
 
169
        newpass2 = form.get('password_repeat', [''])[0]
 
170
        msg = _("Passwords don't match!")
 
171
        msg_type = 'error'
 
172
        if newpass == newpass2:
 
173
            pw_checker = request.cfg.password_checker
 
174
            pw_error = None
 
175
            if pw_checker:
 
176
                pw_error = pw_checker(name, newpass)
 
177
                if pw_error:
 
178
                    msg = _("Password not acceptable: %s") % pw_error
 
179
            if not pw_error:
 
180
                u = user.User(request, user.getUserId(request, name))
 
181
                if u and u.valid and u.apply_recovery_token(token, newpass):
 
182
                    msg = _("Your password has been changed, you can log in now.")
 
183
                    msg_type = 'info'
 
184
                else:
 
185
                    msg = _('Your token is invalid!')
 
186
        if msg:
 
187
            request.theme.add_msg(msg, msg_type)
 
188
        if msg_type != 'error':
 
189
            page.send_page()
 
190
            return
 
191
 
 
192
    if token and name:
 
193
        request.emit_http_headers()
 
194
        request.theme.send_title(_("Password reset"), pagename=pagename)
 
195
 
 
196
        request.write(request.formatter.startContent("content"))
 
197
 
 
198
        request.write(_("""
 
199
== Password reset ==
 
200
Enter a new password below.""", wiki=True))
 
201
        request.write(_create_token_form(request, name=name, token=token))
 
202
 
 
203
        request.write(request.formatter.endContent())
 
204
 
 
205
        request.theme.send_footer(pagename)
 
206
        request.theme.send_closing_html()
 
207
    elif submitted: # user pressed create button
 
208
        if request.request_method != 'POST':
 
209
            return
 
210
        msg = _do_recover(request)
 
211
        request.theme.add_msg(msg, "dialog")
 
212
        page.send_page()
 
213
    else: # show create form
 
214
        request.emit_http_headers()
 
215
        request.theme.send_title(_("Lost password"), pagename=pagename)
 
216
 
 
217
        request.write(request.formatter.startContent("content"))
 
218
 
 
219
        request.write(_("""
 
220
== Recovering a lost password ==
 
221
If you have forgotten your password, provide your email address or
 
222
username and click on '''Mail me my account data'''.
 
223
You will receive an email containing a recovery token that can be
 
224
used to change your password. The email will also contain further
 
225
instructions.""", wiki=True))
 
226
 
 
227
        request.write(_create_form(request))
 
228
 
 
229
        request.write(request.formatter.rule())
 
230
 
 
231
        request.write(_("""
 
232
=== Password reset ===
 
233
If you already have received the email with the recovery token, enter your
 
234
username, the recovery token and a new password (twice) below.""", wiki=True))
 
235
 
 
236
        request.write(_create_token_form(request))
 
237
 
 
238
        request.write(request.formatter.endContent())
 
239
 
 
240
        request.theme.send_footer(pagename)
 
241
        request.theme.send_closing_html()