home » zplus/freepost.git
Author zPlus <zplus@peers.community> 2019-05-03 18:17:03
Committer zPlus <zplus@peers.community> 2019-05-03 18:17:03
Commit 7ee2c69 (patch)
Tree 43f021f
Parent(s)

Fix #92 "reset password form not working"


commits diff: e1a78a0..7ee2c69
5 files changed, 34 insertions, 36 deletionsdownload


Diffstat
-rwxr-xr-x freepost/__init__.py 46
-rw-r--r-- freepost/database.py 6
-rw-r--r-- freepost/mail.py 11
-rw-r--r-- freepost/templates/email/password_reset.txt 2
-rw-r--r-- settings.yaml 5

Diff options
View
Side
Whitespace
Context lines
Inter-hunk lines
+22/-24 M   freepost/__init__.py
index 830ee17..29c8dfb
old size: 27K - new size: 27K
@@ -302,46 +302,45 @@ def password_reset_send_code ():
302 302 code via email.
303 303 """
304 304
305 - username = request.forms.getunicode ('username')
306 - email = request.forms.getunicode ('email')
305 + username = request.forms.getunicode('username')
306 + email = request.forms.getunicode('email')
307 307
308 308 if not username or not email:
309 - redirect (application.get_url ('change_password'))
309 + redirect(application.get_url('change_password'))
310 310
311 - user = database.get_user_by_username (username)
311 + user = database.get_user_by_username(username)
312 312
313 313 if not user:
314 - redirect (application.get_url ('change_password'))
314 + redirect(application.get_url('change_password'))
315 315
316 316 # Make sure the given email matches the one that we have in the database
317 317 if user['email'] != email:
318 - redirect (application.get_url ('change_password'))
318 + redirect(application.get_url('change_password'))
319 319
320 320 # Is there another valid token already (from a previous request)?
321 321 # If yes, do not send another one (to prevent multiple requests or spam)
322 - if database.is_password_reset_token_valid (user['id']):
323 - redirect (application.get_url ('change_password'))
322 + if database.is_password_reset_token_valid(user['id']):
323 + redirect(application.get_url('change_password'))
324 324
325 325 # Generate secret token to send via email
326 - secret_token = random.ascii_string (32)
326 + secret_token = random.ascii_string(32)
327 327
328 328 # Add token to database
329 - database.set_password_reset_token (user['id'], secret_token)
329 + database.set_password_reset_token(user['id'], secret_token)
330 330
331 331 # Send token via email
332 - client_ip = request.environ.get ('HTTP_X_FORWARDED_FOR') or \
333 - request.environ.get ('REMOTE_ADDR')
334 - email_from = 'freepost <noreply@freepost.peers.community>'
332 + client_ip = request.environ.get('HTTP_X_FORWARDED_FOR') or \
333 + request.environ.get('REMOTE_ADDR')
335 334 email_to = user['email']
336 335 email_subject = 'freepost password reset'
337 - email_body = template (
336 + email_body = template(
338 337 'email/password_reset.txt',
339 338 ip=client_ip,
340 339 secret_token=secret_token)
341 340
342 - mail.send (email_from, email_to, email_subject, email_body)
341 + mail.send(email_to, email_subject, email_body)
343 342
344 - redirect (application.get_url ('change_password'))
343 + redirect(application.get_url('change_password'))
345 344
346 345 @get ('/change_password', name='change_password')
347 346 @requires_logout
@@ -361,14 +360,14 @@ def validate_new_password ():
361 360 is OK change the user password.
362 361 """
363 362
364 - username = request.forms.getunicode ('username')
365 - email = request.forms.getunicode ('email')
366 - password = request.forms.getunicode ('password')
367 - secret_token = request.forms.getunicode ('token')
363 + username = request.forms.getunicode('username')
364 + email = request.forms.getunicode('email')
365 + password = request.forms.getunicode('password')
366 + secret_token = request.forms.getunicode('token')
368 367
369 368 # We must have all fields
370 369 if not username or not email or not password or not secret_token:
371 - redirect (application.get_url ('login'))
370 + redirect(application.get_url('login'))
372 371
373 372 # Password too short?
374 373 if len (password) < 8:
@@ -377,7 +376,7 @@ def validate_new_password ():
377 376 flash = 'Password must be at least 8 characters long')
378 377
379 378 # OK, everything should be fine now. Reset user password.
380 - database.reset_password (username, email, password, secret_token)
379 + database.reset_password(username, email, password, secret_token)
381 380
382 381 # Check if the password was successfully reset
383 382 user = database.check_user_credentials (username, password)
@@ -388,12 +387,11 @@ def validate_new_password ():
388 387
389 388 # Everything matched!
390 389 # Notify user of password change.
391 - email_from = 'freepost <noreply@freepost.peers.community>'
392 390 email_to = user['email']
393 391 email_subject = 'freepost password changed'
394 392 email_body = template ('email/password_changed.txt')
395 393
396 - mail.send (email_from, email_to, email_subject, email_body)
394 + mail.send (email_to, email_subject, email_body)
397 395
398 396 # Start new session and redirect user
399 397 session.start (user['id'])
+3/-3 M   freepost/database.py
index d7133ba..1a88352
old size: 21K - new size: 21K
@@ -705,7 +705,7 @@ def set_password_reset_token (user_id = None, token = None):
705 705 """
706 706 UPDATE user
707 707 SET passwordResetToken = SHA512(:token),
708 - passwordResetTokenExpire = NOW() + INTERVAL 1 HOUR
708 + passwordResetTokenExpire = DATETIME('now', '+1 HOUR')
709 709 WHERE id = :user
710 710 """,
711 711 {
@@ -739,7 +739,7 @@ def is_password_reset_token_valid (user_id = None):
739 739 WHERE id = :user
740 740 AND passwordResetToken IS NOT NULL
741 741 AND passwordResetTokenExpire IS NOT NULL
742 - AND passwordResetTokenExpire > DATE()
742 + AND passwordResetTokenExpire > DATETIME('now')
743 743 """,
744 744 {
745 745 'user': user_id
@@ -757,7 +757,7 @@ def reset_password (username = None, email = None, new_password = None, secret_t
757 757 db.execute (
758 758 """
759 759 UPDATE user
760 - SET password = SHA512(:password || `salt`),
760 + SET password = SHA512(:password || salt),
761 761 passwordResetToken = NULL,
762 762 passwordResetTokenExpire = NULL
763 763 WHERE username = :user
+5/-6 M   freepost/mail.py
index e40e46f..3754934
old size: 575B - new size: 544B
@@ -3,13 +3,12 @@ from email.mime.text import MIMEText
3 3 from freepost import settings
4 4 from subprocess import Popen, PIPE
5 5
6 - def send (from_address, to_address, subject, body):
7 - email_message = MIMEMultipart ()
8 - email_message['From'] = from_address
6 + def send(to_address, subject, body):
7 + email_message = MIMEText(body)
8 + email_message['From'] = settings['email']['from']
9 9 email_message['To'] = to_address
10 10 email_message['Subject'] = subject
11 - email_message.attach (MIMEText (body, 'plain'))
12 11
13 12 # Open pipe to sendmail
14 - Popen ([ settings['sendmail']['path'] , "-t" ], stdin=PIPE) \
15 - .communicate (email_message.as_bytes ())
13 + child_process = Popen([ settings['email']['sendmail_path'], "-t" ], stdin=PIPE)
14 + child_process.communicate(email_message.as_bytes())
+1/-1 M   freepost/templates/email/password_reset.txt
index 2aa4f15..5ab6a2c
old size: 313B - new size: 309B
@@ -1,6 +1,6 @@
1 1 Somebody from IP:{{ ip }} has requested to reset your freepost password.
2 2 The secret code to reset your password is {{ secret_token|safe }}
3 - This code can only be used one time, and will automatically expire in 1 hour.
3 + This code can only be used once, and will automatically expire in 1 hour.
4 4
5 5 If you did not request to change your password, please ignore this message
6 6 or contact support.
+3/-2 M   settings.yaml
index 7311c09..cb39d0f
old size: 822B - new size: 869B
@@ -16,8 +16,9 @@ sqlite:
16 16 database: ./database.sqlite
17 17
18 18 # Emails are sent using the local sendmail MTA.
19 - sendmail:
20 - path: /usr/sbin/sendmail
19 + email:
20 + sendmail_path: /usr/sbin/sendmail
21 + from: "freepost <noreply@freepo.st>"
21 22
22 23 session:
23 24 # Name to use for the session cookie