moving forgot_password views back to gmg/auth and cleanup

2013-05-24 18:09:57 -07:00
parent 9008e09941
commit f339b76a4e
15 changed files with 144 additions and 477 deletions
--- a/mediagoblin/auth/routing.py
+++ b/mediagoblin/auth/routing.py
@@ -25,4 +25,9 @@ auth_routes = [
    ('mediagoblin.auth.verify_email', '/verify_email/',
     'mediagoblin.auth.views:verify_email'),
    ('mediagoblin.auth.resend_verification', '/resend_verification/',
-     'mediagoblin.auth.views:resend_activation')]
+     'mediagoblin.auth.views:resend_activation'),
+    ('mediagoblin.auth.forgot_password', '/forgot_password/',
+     'mediagoblin.auth.views:forgot_password'),
+    ('mediagoblin.auth.verify_forgot_password',
+     '/forgot_password/verify/',
+     'mediagoblin.auth.views:verify_forgot_password')]
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -22,7 +22,6 @@ from mediagoblin.tools.mail import normalize_email, send_email
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 from mediagoblin.tools.template import render_template
 from mediagoblin.tools.pluginapi import hook_handle
-from mediagoblin.tools.response import redirect
 from mediagoblin import auth
 from mediagoblin.db.models import User

@@ -174,3 +173,33 @@ def send_verification_email(user, request):
        # example "GNU MediaGoblin @ Wandborg - [...]".
        'GNU MediaGoblin - Verify your email!',
        rendered_email)
+
+
+EMAIL_FP_VERIFICATION_TEMPLATE = (
+    u"http://{host}{uri}?"
+    u"userid={userid}&token={fp_verification_key}")
+
+
+def send_fp_verification_email(user, request):
+    """
+    Send the verification email to users to change their password.
+
+    Args:
+    - user: a user object
+    - request: the request
+    """
+    rendered_email = render_template(
+        request, 'mediagoblin/auth/fp_verification_email.txt',
+        {'username': user.username,
+         'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
+                host=request.host,
+                uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
+                userid=unicode(user.id),
+                fp_verification_key=user.fp_verification_key)})
+
+    # TODO: There is no error handling in place
+    send_email(
+        mg_globals.app_config['email_sender_address'],
+        [user.email],
+        'GNU MediaGoblin - Change forgotten password!',
+        rendered_email)
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -15,6 +15,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import uuid
+import datetime

 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import User
@@ -23,7 +24,8 @@ from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.tools import (send_verification_email,
-                                    register_user, email_debug_message)
+                                    register_user, email_debug_message,
+                                    send_fp_verification_email)
 from mediagoblin import auth


@@ -208,13 +210,17 @@ def forgot_password(request):
    Sends an email with an url to renew forgotten password.
    Use GET querystring parameter 'username' to pre-populate the input field
    """
+    if not 'pass_auth' in request.template_env.globals:
+        return redirect(request, 'index')
+
    fp_form = auth_forms.ForgotPassForm(request.form,
                                        username=request.args.get('username'))

    if not (request.method == 'POST' and fp_form.validate()):
        # Either GET request, or invalid form submitted. Display the template
        return render_to_response(request,
-            'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form})
+            'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form,
+                                                      'focus': 'username'})

    # If we are here: method == POST and form is valid. username casing
    # has been sanitized. Store if a user was found by email. We should
@@ -310,7 +316,8 @@ def verify_forgot_password(request):
            return render_to_response(
                request,
                'mediagoblin/auth/change_fp.html',
-                {'cp_form': cp_form})
+                {'cp_form': cp_form,
+                 'focus': 'password'})

    # in case there is a valid id but no user with that id in the db
    # or the token expired
@@ -334,6 +341,6 @@ def _process_for_token(request):
    formdata = {
        'vars': formdata_vars,
        'has_userid_and_token':
-        'userid' in formdata_vars and 'token' in formdata_vars}
+            'userid' in formdata_vars and 'token' in formdata_vars}

    return formdata