Back to index

moin  1.9.0~rc2
recoverpass.py
Go to the documentation of this file.
00001 # -*- coding: iso-8859-1 -*-
00002 """
00003     MoinMoin - create account action
00004 
00005     @copyright: 2007 MoinMoin:JohannesBerg
00006     @license: GNU GPL, see COPYING for details.
00007 """
00008 
00009 from MoinMoin import user, wikiutil
00010 from MoinMoin.Page import Page
00011 from MoinMoin.widget import html
00012 from MoinMoin.auth import MoinAuth
00013 
00014 def _do_email(request, u):
00015     _ = request.getText
00016 
00017     if u and u.valid:
00018         is_ok, msg = u.mailAccountData()
00019         if not is_ok:
00020             return wikiutil.escape(msg)
00021 
00022     return _("If this account exists an email was sent.")
00023 
00024 
00025 def _do_recover(request):
00026     _ = request.getText
00027     form = request.form
00028     if not request.cfg.mail_enabled:
00029         return _("""This wiki is not enabled for mail processing.
00030 Contact the owner of the wiki, who can enable email.""")
00031 
00032     try:
00033         email = wikiutil.clean_input(form['email'].lower())
00034         if not email:
00035             # continue if email not given
00036             raise KeyError
00037 
00038         u = user.get_by_email_address(request, email)
00039 
00040         return _do_email(request, u)
00041     except KeyError:
00042         pass
00043 
00044     try:
00045         username = wikiutil.clean_input(form['name'])
00046         if not username:
00047             # continue if name not given
00048             raise KeyError
00049 
00050         u = user.User(request, user.getUserId(request, username))
00051 
00052         return _do_email(request, u)
00053     except KeyError:
00054         pass
00055 
00056     # neither succeeded, give error message
00057     return _("Please provide a valid email address or a username!")
00058 
00059 
00060 def _create_form(request):
00061     _ = request.getText
00062     url = request.page.url(request)
00063     ret = html.FORM(action=url)
00064     ret.append(html.INPUT(type='hidden', name='action', value='recoverpass'))
00065     lang_attr = request.theme.ui_lang_attr()
00066     ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
00067     tbl = html.TABLE(border="0")
00068     ret.append(tbl)
00069     ret.append(html.Raw('</div>'))
00070 
00071     row = html.TR()
00072     tbl.append(row)
00073     row.append(html.TD().append(html.STRONG().append(html.Text(_("Username")))))
00074     row.append(html.TD().append(html.INPUT(type="text", size="36",
00075                                            name="name")))
00076 
00077     row = html.TR()
00078     tbl.append(row)
00079     row.append(html.TD().append(html.STRONG().append(html.Text(_("Email")))))
00080     row.append(html.TD().append(html.INPUT(type="text", size="36",
00081                                            name="email")))
00082 
00083     row = html.TR()
00084     tbl.append(row)
00085     row.append(html.TD())
00086     td = html.TD()
00087     row.append(td)
00088     td.append(html.INPUT(type="submit", name="account_sendmail",
00089                          value=_('Mail me my account data')))
00090 
00091     return unicode(ret)
00092 
00093 
00094 def _create_token_form(request, name=None, token=None):
00095     _ = request.getText
00096     url = request.page.url(request)
00097     ret = html.FORM(action=url)
00098     ret.append(html.INPUT(type='hidden', name='action', value='recoverpass'))
00099     lang_attr = request.theme.ui_lang_attr()
00100     ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
00101     tbl = html.TABLE(border="0")
00102     ret.append(tbl)
00103     ret.append(html.Raw('</div>'))
00104 
00105     row = html.TR()
00106     tbl.append(row)
00107     row.append(html.TD().append(html.STRONG().append(html.Text(_("Username")))))
00108     value = name or ''
00109     row.append(html.TD().append(html.INPUT(type='text', size="36",
00110                                            name="name", value=value)))
00111 
00112     row = html.TR()
00113     tbl.append(row)
00114     row.append(html.TD().append(html.STRONG().append(html.Text(_("Recovery token")))))
00115     value = token or ''
00116     row.append(html.TD().append(html.INPUT(type='text', size="36",
00117                                            name="token", value=value)))
00118 
00119     row = html.TR()
00120     tbl.append(row)
00121     row.append(html.TD().append(html.STRONG().append(html.Text(_("New password")))))
00122     row.append(html.TD().append(html.INPUT(type="password", size="36",
00123                                            name="password")))
00124 
00125     row = html.TR()
00126     tbl.append(row)
00127     row.append(html.TD().append(html.STRONG().append(html.Text(_("New password (repeat)")))))
00128     row.append(html.TD().append(html.INPUT(type="password", size="36",
00129                                            name="password_repeat")))
00130 
00131     row = html.TR()
00132     tbl.append(row)
00133     row.append(html.TD())
00134     td = html.TD()
00135     row.append(td)
00136     td.append(html.INPUT(type="submit", name="recover", value=_('Reset my password')))
00137 
00138     return unicode(ret)
00139 
00140 
00141 def execute(pagename, request):
00142     found = False
00143     for auth in request.cfg.auth:
00144         if isinstance(auth, MoinAuth):
00145             found = True
00146             break
00147 
00148     if not found:
00149         # we will not have linked, so forbid access
00150         request.makeForbidden(403, 'No MoinAuth in auth list')
00151         return
00152 
00153     page = Page(request, pagename)
00154     _ = request.getText
00155     form = request.values # link in mail -> GET request
00156 
00157     if not request.cfg.mail_enabled:
00158         request.theme.add_msg(_("""This wiki is not enabled for mail processing.
00159 Contact the owner of the wiki, who can enable email."""), 'warning')
00160         page.send_page()
00161         return
00162 
00163     submitted = form.get('account_sendmail', '')
00164     token = form.get('token', '')
00165     newpass = form.get('password', '')
00166     name = form.get('name', '')
00167 
00168     if token and name and newpass:
00169         newpass2 = form.get('password_repeat', '')
00170         msg = _("Passwords don't match!")
00171         msg_type = 'error'
00172         if newpass == newpass2:
00173             pw_checker = request.cfg.password_checker
00174             pw_error = None
00175             if pw_checker:
00176                 pw_error = pw_checker(request, name, newpass)
00177                 if pw_error:
00178                     msg = _("Password not acceptable: %s") % pw_error
00179             if not pw_error:
00180                 u = user.User(request, user.getUserId(request, name))
00181                 if u and u.valid and u.apply_recovery_token(token, newpass):
00182                     msg = _("Your password has been changed, you can log in now.")
00183                     msg_type = 'info'
00184                 else:
00185                     msg = _('Your token is invalid!')
00186         if msg:
00187             request.theme.add_msg(msg, msg_type)
00188         if msg_type != 'error':
00189             page.send_page()
00190             return
00191 
00192     if token and name:
00193         request.theme.send_title(_("Password reset"), pagename=pagename)
00194 
00195         request.write(request.formatter.startContent("content"))
00196 
00197         request.write(_("""
00198 == Password reset ==
00199 Enter a new password below.""", wiki=True))
00200         request.write(_create_token_form(request, name=name, token=token))
00201 
00202         request.write(request.formatter.endContent())
00203 
00204         request.theme.send_footer(pagename)
00205         request.theme.send_closing_html()
00206     elif submitted: # user pressed create button
00207         if request.method != 'POST':
00208             return
00209         msg = _do_recover(request)
00210         request.theme.add_msg(msg, "dialog")
00211         page.send_page()
00212     else: # show create form
00213         request.theme.send_title(_("Lost password"), pagename=pagename)
00214 
00215         request.write(request.formatter.startContent("content"))
00216 
00217         request.write(_("""
00218 == Recovering a lost password ==
00219 If you have forgotten your password, provide your email address or
00220 username and click on '''Mail me my account data'''.
00221 You will receive an email containing a recovery token that can be
00222 used to change your password. The email will also contain further
00223 instructions.""", wiki=True))
00224 
00225         request.write(_create_form(request))
00226 
00227         request.write(request.formatter.rule())
00228 
00229         request.write(_("""
00230 === Password reset ===
00231 If you already have received the email with the recovery token, enter your
00232 username, the recovery token and a new password (twice) below.""", wiki=True))
00233 
00234         request.write(_create_token_form(request))
00235 
00236         request.write(request.formatter.endContent())
00237 
00238         request.theme.send_footer(pagename)
00239         request.theme.send_closing_html()