diff --git a/Makefile.am b/Makefile.am index bc5cd94..ccbf96c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -214,7 +214,11 @@ dist_templates_DATA = \ src/templates/user-profile.html \ src/templates/user-profile-need-activation.html \ src/templates/user-profile-passwd.html \ - src/templates/user-profile-passwd-ok.html + src/templates/user-profile-passwd-ok.html \ + src/templates/user-requested-password-recovery.html \ + src/templates/user-reset-password.html \ + src/templates//user-reset-password-success.html \ + src/templates//user-reset-password-fail.html templatesdir = $(datadir)/templates diff --git a/src/buildservice/users.py b/src/buildservice/users.py index 7c98d4b..a4ce2b0 100644 --- a/src/buildservice/users.py +++ b/src/buildservice/users.py @@ -1,5 +1,6 @@ #!/usr/bin/python +import datetime import email.utils import hashlib import logging @@ -185,6 +186,10 @@ class Users(base.Object): LEFT JOIN users_emails ON users.id = users_emails.user_id \ WHERE users_emails.email = %s", email) + def get_by_password_recovery_code(self, code): + return self._get_user("SELECT * FROM users \ + WHERE password_recovery_code = %s AND password_recovery_code_expires_at > NOW()", code) + def find_maintainers(self, maintainers): email_addresses = [] @@ -297,6 +302,10 @@ class User(base.DataObject): """ Update the passphrase the users uses to log on. """ + # We cannot set the password for ldap users + if self.ldap_dn: + raise AttributeError("Cannot set passphrase for LDAP user") + self.db.execute("UPDATE users SET passphrase = %s WHERE id = %s", generate_password_hash(passphrase), self.id) @@ -437,6 +446,32 @@ class User(base.DataObject): timezone = property(get_timezone, set_timezone) + def get_password_recovery_code(self): + return self.data.password_recovery_code + + def set_password_recovery_code(self, code): + self._set_attribute("password_recovery_code", code) + + self._set_attribute("password_recovery_code_expires_at", + datetime.datetime.utcnow() + datetime.timedelta(days=1)) + + password_recovery_code = property(get_password_recovery_code, set_password_recovery_code) + + def forgot_password(self): + log.debug("User %s reqested password recovery" % self.name) + + # We cannot reset te password for ldap users + if self.ldap_dn: + # Maybe we should send an email with an explanation + return + + # Add a recovery code to the database and a timestamp when this code expires + self.password_recovery_code = generate_random_string(64) + + # XXX + # We should send an email with the activation code + + @property def activated(self): return self.data.activated diff --git a/src/templates/user-forgot-password.html b/src/templates/user-forgot-password.html index 2896ea4..3c21804 100644 --- a/src/templates/user-forgot-password.html +++ b/src/templates/user-forgot-password.html @@ -17,11 +17,6 @@
@@ -29,7 +24,7 @@ {{ _("However, we allow to re-activate your account.") }}
- {{ _("You need to enter your username below.") }} + {{ _("You need to enter your username or your email address below") }} {{ _("After that, you will receive an email with intructions how to go on.") }}