incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [10/14] git commit: [#6783] ticket:463 Fix validation
Date Thu, 07 Nov 2013 21:07:23 GMT
[#6783] ticket:463 Fix validation


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/0c864468
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/0c864468
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/0c864468

Branch: refs/heads/master
Commit: 0c8644689cce915ecb2d3cb928a79c9d9ae0e2af
Parents: a6f4e76
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Mon Nov 4 15:14:25 2013 +0000
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Thu Nov 7 21:05:04 2013 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py               | 41 +++++++++++++-------
 Allura/allura/lib/widgets/forms.py              |  2 +-
 Allura/allura/templates/forgotten_password.html |  4 +-
 3 files changed, 29 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0c864468/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 52c2c38..430d4fa 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -156,8 +156,21 @@ class AuthController(BaseController):
         c.form = F.registration_form
         return dict()
 
+    def _validate_hash(self, hash):
+        if not hash:
+            redirect(request.referer)
+        user_record = M.User.query.find({'tool_data.AuthPasswordReset.hash': hash}).first()
+        if not user_record:
+            flash('Hash was not found')
+            redirect(request.referer)
+        hash_expiry = user_record.get_tool_data('AuthPasswordReset', 'hash_expiry')
+        if not hash_expiry or hash_expiry < datetime.datetime.utcnow():
+            flash('Hash time was expired.')
+            redirect(request.referer)
+        return user_record
+
+
     @expose('jinja:allura:templates/forgotten_password.html')
-    @validate(F.recover_password_change_form, error_handler=index)
     def forgotten_password(self, hash=None, **kw):
         provider = plugin.AuthenticationProvider.get(request)
         if not provider:
@@ -165,21 +178,19 @@ class AuthController(BaseController):
         if not hash:
             c.forgotten_password_form = F.forgotten_password_form
         else:
+            self._validate_hash(hash)
             c.recover_password_change_form = F.recover_password_change_form
-            user_record = M.User.query.find({'tool_data.AuthPasswordReset.hash': hash}).first()
-            if not user_record:
-                flash('Hash was not found')
-                redirect(request.referer)
-            hash_expiry = user_record.get_tool_data('AuthPasswordReset', 'hash_expiry')
-            if not hash_expiry or hash_expiry < datetime.datetime.utcnow():
-                flash('Hash time was expired.')
-                redirect(request.referer)
-            if request.method == 'POST':
-                user_record.set_password(kw['pw'])
-                user_record.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
-                flash('Password changed')
-                redirect('/auth/')
-        return dict()
+        return dict(hash=hash)
+
+    @expose()
+    @require_post()
+    @validate(F.recover_password_change_form, error_handler=forgotten_password)
+    def set_new_password(self, hash=None, pw=None, pw2=None):
+        user = self._validate_hash(hash)
+        user.set_password(pw)
+        user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
+        flash('Password changed')
+        redirect('/auth/')
 
     @expose()
     @require_post()

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0c864468/Allura/allura/lib/widgets/forms.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py
index 23c2331..bf96445 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widgets/forms.py
@@ -135,7 +135,7 @@ class PasswordChangeBase(ForgeForm):
     @ew_core.core.validator
     def to_python(self, value, state):
         d = super(PasswordChangeBase, self).to_python(value, state)
-        if d.get('pw') != d.get('pw2'):
+        if d['pw'] != d['pw2']:
             raise formencode.Invalid('Passwords must match', value, state)
         return d
 

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/0c864468/Allura/allura/templates/forgotten_password.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/forgotten_password.html b/Allura/allura/templates/forgotten_password.html
index 56959c2..aa45609 100644
--- a/Allura/allura/templates/forgotten_password.html
+++ b/Allura/allura/templates/forgotten_password.html
@@ -30,7 +30,7 @@
   {% endif %}
 
   {% if c.recover_password_change_form %}
-    {{ c.recover_password_change_form.display(action="") }}
+    {{ c.recover_password_change_form.display(action="../set_new_password/" + hash if hash
else '') }}
   {% endif %}
 </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}


Mime
View raw message