moved forgot pw views to basic_auth plugin

mediagoblin/auth/forms.py

@@ -16,7 +16,6 @@
 
 import wtforms
 
-from mediagoblin.tools.mail import normalize_email
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 from mediagoblin.auth.tools import normalize_user_or_email_field
 

mediagoblin/auth/lib.py

@@ -143,7 +143,7 @@ def send_fp_verification_email(user, request):
         {'username': user.username,
          'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
                 host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
+                uri=request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password'),
                 userid=unicode(user.id),
                 fp_verification_key=user.fp_verification_key)})
 

mediagoblin/auth/routing.py

@@ -25,9 +25,4 @@ auth_routes = [
     ('mediagoblin.auth.verify_email', '/verify_email/',
      'mediagoblin.auth.views:verify_email'),
     ('mediagoblin.auth.resend_verification', '/resend_verification/',
-     'mediagoblin.auth.views:resend_activation'),
-    ('mediagoblin.auth.forgot_password', '/forgot_password/',
-     'mediagoblin.auth.views:forgot_password'),
-    ('mediagoblin.auth.verify_forgot_password',
-     '/forgot_password/verify/',
-     'mediagoblin.auth.views:verify_forgot_password')]
+     'mediagoblin.auth.views:resend_activation')]

mediagoblin/auth/views.py

@@ -15,18 +15,15 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import uuid
-import datetime
 
 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import User
 from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.auth import lib as auth_lib
-from mediagoblin.auth import forms as auth_forms
-from mediagoblin.auth.lib import send_verification_email, \
-                                 send_fp_verification_email
+from mediagoblin.auth.lib import send_verification_email
 import mediagoblin.auth as auth
-from sqlalchemy import or_
+
 
 def email_debug_message(request):
     """
@@ -203,141 +200,3 @@ def resend_activation(request):
     return redirect(
         request, 'mediagoblin.user_pages.user_home',
         user=request.user.username)
-
-
-def forgot_password(request):
-    """
-    Forgot password view
-
-    Sends an email with an url to renew forgotten password.
-    Use GET querystring parameter 'username' to pre-populate the input field
-    """
-    fp_form = auth_forms.ForgotPassForm(request.form,
-                                        username=request.args.get('username'))
-
-    if not (request.method == 'POST' and fp_form.validate()):
-        # Either GET request, or invalid form submitted. Display the template
-        return render_to_response(request,
-            'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form})
-
-    # If we are here: method == POST and form is valid. username casing
-    # has been sanitized. Store if a user was found by email. We should
-    # not reveal if the operation was successful then as we don't want to
-    # leak if an email address exists in the system.
-    found_by_email = '@' in fp_form.username.data
-
-    if found_by_email:
-        user = User.query.filter_by(
-            email = fp_form.username.data).first()
-        # Don't reveal success in case the lookup happened by email address.
-        success_message=_("If that email address (case sensitive!) is "
-                          "registered an email has been sent with instructions "
-                          "on how to change your password.")
-
-    else: # found by username
-        user = User.query.filter_by(
-            username = fp_form.username.data).first()
-
-        if user is None:
-            messages.add_message(request,
-                                 messages.WARNING,
-                                 _("Couldn't find someone with that username."))
-            return redirect(request, 'mediagoblin.auth.forgot_password')
-
-        success_message=_("An email has been sent with instructions "
-                          "on how to change your password.")
-
-    if user and not(user.email_verified and user.status == 'active'):
-        # Don't send reminder because user is inactive or has no verified email
-        messages.add_message(request,
-            messages.WARNING,
-            _("Could not send password recovery email as your username is in"
-              "active or your account's email address has not been verified."))
-
-        return redirect(request, 'mediagoblin.user_pages.user_home',
-                        user=user.username)
-
-    # SUCCESS. Send reminder and return to login page
-    if user:
-        user.fp_verification_key = unicode(uuid.uuid4())
-        user.fp_token_expire = datetime.datetime.now() + \
-                               datetime.timedelta(days=10)
-        user.save()
-
-        email_debug_message(request)
-        send_fp_verification_email(user, request)
-
-    messages.add_message(request, messages.INFO, success_message)
-    return redirect(request, 'mediagoblin.auth.login')
-
-
-def verify_forgot_password(request):
-    """
-    Check the forgot-password verification and possibly let the user
-    change their password because of it.
-    """
-    # get form data variables, and specifically check for presence of token
-    formdata = _process_for_token(request)
-    if not formdata['has_userid_and_token']:
-        return render_404(request)
-
-    formdata_token = formdata['vars']['token']
-    formdata_userid = formdata['vars']['userid']
-    formdata_vars = formdata['vars']
-
-    # check if it's a valid user id
-    user = User.query.filter_by(id=formdata_userid).first()
-    if not user:
-        return render_404(request)
-
-    # check if we have a real user and correct token
-    if ((user and user.fp_verification_key and
-         user.fp_verification_key == unicode(formdata_token) and
-         datetime.datetime.now() < user.fp_token_expire
-         and user.email_verified and user.status == 'active')):
-
-        cp_form = auth_forms.ChangePassForm(formdata_vars)
-
-        if request.method == 'POST' and cp_form.validate():
-            user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                cp_form.password.data)
-            user.fp_verification_key = None
-            user.fp_token_expire = None
-            user.save()
-
-            messages.add_message(
-                request,
-                messages.INFO,
-                _("You can now log in using your new password."))
-            return redirect(request, 'mediagoblin.auth.login')
-        else:
-            return render_to_response(
-                request,
-                'mediagoblin/auth/change_fp.html',
-                {'cp_form': cp_form})
-
-    # in case there is a valid id but no user with that id in the db
-    # or the token expired
-    else:
-        return render_404(request)
-
-
-def _process_for_token(request):
-    """
-    Checks for tokens in formdata without prior knowledge of request method
-
-    For now, returns whether the userid and token formdata variables exist, and
-    the formdata variables in a hash. Perhaps an object is warranted?
-    """
-    # retrieve the formdata variables
-    if request.method == 'GET':
-        formdata_vars = request.GET
-    else:
-        formdata_vars = request.form
-
-    formdata = {
-        'vars': formdata_vars,
-        'has_userid_and_token':
-            'userid' in formdata_vars and 'token' in formdata_vars}
-
-    return formdata