Commit 84e59af2 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

code improvement

parent 0a6324f2
...@@ -70,20 +70,13 @@ class PasswordTool(BaseTool): ...@@ -70,20 +70,13 @@ class PasswordTool(BaseTool):
# XXX no call to BaseTool.__init__ ? # XXX no call to BaseTool.__init__ ?
# BaseTool.__init__(self, id) # BaseTool.__init__(self, id)
security.declareProtected('Manage users', 'getResetPasswordKey')
security.declareProtected('Manage users', 'getResetPasswordUrl') def getResetPasswordKey(self, user_login):
def getResetPasswordUrl(self, user_login, site_url):
# generate expiration date # generate expiration date
expiration_date = DateTime() + self._expiration_day expiration_date = DateTime() + self._expiration_day
# generate a random string # generate a random string
random_url = self._generateUUID() key = self._generateUUID()
parameter = urlencode(dict(reset_key=random_url,
user_login=user_login))
url = "%s/portal_password/%s?%s" % (
site_url,
'PasswordTool_viewResetPassword',
parameter)
# XXX before r26093, _password_request_dict was initialized by an OOBTree and # XXX before r26093, _password_request_dict was initialized by an OOBTree and
# replaced by a dict on each request, so if it's data structure is not up # replaced by a dict on each request, so if it's data structure is not up
# to date, we update it if needed # to date, we update it if needed
...@@ -93,7 +86,21 @@ class PasswordTool(BaseTool): ...@@ -93,7 +86,21 @@ class PasswordTool(BaseTool):
self._password_request_dict = PersistentMapping() self._password_request_dict = PersistentMapping()
# register request # register request
self._password_request_dict[random_url] = (user_login, expiration_date) self._password_request_dict[key] = (user_login, expiration_date)
return key
security.declareProtected('Manage users', 'getResetPasswordUrl')
def getResetPasswordUrl(self, user_login=None, key=None, site_url):
if user_login is not None:
# XXX Backward compatibility
key = self.getResetPasswordKey(user_login)
parameter = urlencode(dict(reset_key=reset_key,
user_login=user_login))
url = "%s/portal_password/%s?%s" % (
site_url,
'PasswordTool_viewResetPassword',
parameter)
return url return url
def mailPasswordResetRequest(self, user_login=None, REQUEST=None, def mailPasswordResetRequest(self, user_login=None, REQUEST=None,
...@@ -147,31 +154,13 @@ class PasswordTool(BaseTool): ...@@ -147,31 +154,13 @@ class PasswordTool(BaseTool):
return REQUEST.RESPONSE.redirect( ret_url ) return REQUEST.RESPONSE.redirect( ret_url )
return msg return msg
# generate a random string key = self.getResetPasswordKey(user_login)
random_url = self._generateUUID() url = self.getResetPasswordUrl(key, site_url)
parameter = urlencode(dict(reset_key=random_url))
url = "%s/portal_password/%s?%s" % (
site_url,
'PasswordTool_viewResetPassword',
parameter)
# generate expiration date
expiration_date = DateTime() + self._expiration_day
# XXX before r26093, _password_request_dict was initialized by an OOBTree and
# replaced by a dict on each request, so if it's data structure is not up
# to date, we update it if needed
if not isinstance(self._password_request_dict, PersistentMapping):
LOG('ERP5.PasswordTool', INFO, 'Updating password_request_dict to'
' PersistentMapping')
self._password_request_dict = PersistentMapping()
# register request
self._password_request_dict[random_url] = (user_login, expiration_date)
# send mail # send mail
message_dict = {'instance_name':self.getPortalObject().getTitle(), message_dict = {'instance_name':self.getPortalObject().getTitle(),
'reset_password_link':url, 'reset_password_link':url,
'expiration_date':expiration_date} 'expiration_date':self._password_request_dict[key][1]}
if notification_message is None: if notification_message is None:
subject = translateString("[${instance_name}] Reset of your password", subject = translateString("[${instance_name}] Reset of your password",
...@@ -227,6 +216,7 @@ class PasswordTool(BaseTool): ...@@ -227,6 +216,7 @@ class PasswordTool(BaseTool):
def resetPassword(self, reset_key=None, REQUEST=None): def resetPassword(self, reset_key=None, REQUEST=None):
""" """
""" """
# XXX-Aurel : is it used ?
if REQUEST is None: if REQUEST is None:
REQUEST = get_request() REQUEST = get_request()
user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None)) user_login, expiration_date = self._password_request_dict.get(reset_key, (None, None))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment