Pakfire November 2017

pakfire@lists.ipfire.org

1 participants
2 discussions

[PATCH] Add mail feature to password reset
by Jonatan Schlag 01 Nov '17

01 Nov '17

We can now send an email with an reset code. Fixes: #10095 Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- Makefile.am | 3 ++- src/buildservice/users.py | 5 ++--- src/templates/messages/users/password-reset.markdown | 10 ++++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 src/templates/messages/users/password-reset.markdown diff --git a/Makefile.am b/Makefile.am index cf6c610..918178e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -255,7 +255,8 @@ templates_messages_jobsdir = $(templates_messagesdir)/jobs dist_templates_messages_users_DATA = \ src/templates/messages/users/account-activation.markdown \ - src/templates/messages/users/email-activation.markdown + src/templates/messages/users/email-activation.markdown \ + src/templates/messages/users/password-reset.markdown templates_messages_usersdir = $(templates_messagesdir)/users diff --git a/src/buildservice/users.py b/src/buildservice/users.py index a886b82..01cf497 100644 --- a/src/buildservice/users.py +++ b/src/buildservice/users.py @@ -474,9 +474,8 @@ class User(base.DataObject): # Add a recovery code to the database and a timestamp when this code expires self.password_recovery_code = generate_random_string(64) - # XXX - # We should send an email with the activation code - + # Send an email with the activation code + self.send_template("messages/users/password-reset", user=self) @property def activated(self): diff --git a/src/templates/messages/users/password-reset.markdown b/src/templates/messages/users/password-reset.markdown new file mode 100644 index 0000000..b4f9fdf --- /dev/null +++ b/src/templates/messages/users/password-reset.markdown @@ -0,0 +1,10 @@ +Subject: {{ _("Password Reset") }} + +{{ _("You, or somebody else has requested a password reset for the Pakfire Build Service.") }} + +{{ _("To reset your password, please click on the link below:") }} + + {{ baseurl }}/password-reset?code={{ user.password_recovery_code }} + +Sincerely, +-The Pakfire Build Service -- 2.11.0

1 0

[PATCH] Add password recovery feature
by Jonatan Schlag 01 Nov '17

01 Nov '17

It is now possible to reset the password, we only need to implement the mail feature. At the moment we cannot send a mail with the recovery code to the user. Fixes: #10095 Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org> --- Makefile.am | 6 ++- src/buildservice/users.py | 35 +++++++++++++++++ src/templates/user-forgot-password.html | 9 +---- .../user-requested-password-recovery.html | 18 +++++++++ src/templates/user-reset-password-fail.html | 18 +++++++++ src/templates/user-reset-password-success.html | 18 +++++++++ src/templates/user-reset-password.html | 36 ++++++++++++++++++ src/web/__init__.py | 1 + src/web/auth.py | 44 ++++++++++++++++++++-- 9 files changed, 174 insertions(+), 11 deletions(-) create mode 100644 src/templates/user-requested-password-recovery.html create mode 100644 src/templates/user-reset-password-fail.html create mode 100644 src/templates/user-reset-password-success.html create mode 100644 src/templates/user-reset-password.html diff --git a/Makefile.am b/Makefile.am index bc5cd94..ccbf96c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -214,7 +214,11 @@ dist_templates_DATA = \ src/templates/user-profile.html \ src/templates/user-profile-need-activation.html \ src/templates/user-profile-passwd.html \ - src/templates/user-profile-passwd-ok.html + src/templates/user-profile-passwd-ok.html \ + src/templates/user-requested-password-recovery.html \ + src/templates/user-reset-password.html \ + src/templates//user-reset-password-success.html \ + src/templates//user-reset-password-fail.html templatesdir = $(datadir)/templates diff --git a/src/buildservice/users.py b/src/buildservice/users.py index 7c98d4b..a4ce2b0 100644 --- a/src/buildservice/users.py +++ b/src/buildservice/users.py @@ -1,5 +1,6 @@ #!/usr/bin/python +import datetime import email.utils import hashlib import logging @@ -185,6 +186,10 @@ class Users(base.Object): LEFT JOIN users_emails ON users.id = users_emails.user_id \ WHERE users_emails.email = %s", email) + def get_by_password_recovery_code(self, code): + return self._get_user("SELECT * FROM users \ + WHERE password_recovery_code = %s AND password_recovery_code_expires_at > NOW()", code) + def find_maintainers(self, maintainers): email_addresses = [] @@ -297,6 +302,10 @@ class User(base.DataObject): """ Update the passphrase the users uses to log on. """ + # We cannot set the password for ldap users + if self.ldap_dn: + raise AttributeError("Cannot set passphrase for LDAP user") + self.db.execute("UPDATE users SET passphrase = %s WHERE id = %s", generate_password_hash(passphrase), self.id) @@ -437,6 +446,32 @@ class User(base.DataObject): timezone = property(get_timezone, set_timezone) + def get_password_recovery_code(self): + return self.data.password_recovery_code + + def set_password_recovery_code(self, code): + self._set_attribute("password_recovery_code", code) + + self._set_attribute("password_recovery_code_expires_at", + datetime.datetime.utcnow() + datetime.timedelta(days=1)) + + password_recovery_code = property(get_password_recovery_code, set_password_recovery_code) + + def forgot_password(self): + log.debug("User %s reqested password recovery" % self.name) + + # We cannot reset te password for ldap users + if self.ldap_dn: + # Maybe we should send an email with an explanation + return + + # Add a recovery code to the database and a timestamp when this code expires + self.password_recovery_code = generate_random_string(64) + + # XXX + # We should send an email with the activation code + + @property def activated(self): return self.data.activated diff --git a/src/templates/user-forgot-password.html b/src/templates/user-forgot-password.html index 2896ea4..3c21804 100644 --- a/src/templates/user-forgot-password.html +++ b/src/templates/user-forgot-password.html @@ -17,11 +17,6 @@ <h1>{{ _("Forgot password") }}</h1> </div> -  - <div class="alert alert-warning"> - {{ _("Work in progress!") }} - </div> - <div class="row"> <div class="span6"> <p> @@ -29,7 +24,7 @@ {{ _("However, we allow to re-activate your account.") }} </p> <p> - {{ _("You need to enter your username below.") }} + {{ _("You need to enter your username or your email address below") }} {{ _("After that, you will receive an email with intructions how to go on.") }} </p> <hr> @@ -39,7 +34,7 @@ <fieldset> <div class="control-group"> - <label class="control-label" for="name">{{ _("Your username") }}</label> + <label class="control-label" for="name">{{ _("Your username or email address") }}</label> <div class="controls"> <input type="text" class="input-xlarge" id="name" name="name" /> </div> diff --git a/src/templates/user-requested-password-recovery.html b/src/templates/user-requested-password-recovery.html new file mode 100644 index 0000000..29eb95a --- /dev/null +++ b/src/templates/user-requested-password-recovery.html @@ -0,0 +1,18 @@ +{% extends "base-form2.html" %} + +{% block title %}{{ _("Requested password recovery") }}{% end block %} + +{% block body %} + <div class="page-header"> + <h1>{{ _("Password recovery requested") }}</h1> + </div> + + <div class="row"> + <div class="span6"> + <p> + {{ _("An email with instructions how to recover your password was send to your primary email address.") }} + </p> + <hr> + </div> + </div> +{% end %} diff --git a/src/templates/user-reset-password-fail.html b/src/templates/user-reset-password-fail.html new file mode 100644 index 0000000..1daaef3 --- /dev/null +++ b/src/templates/user-reset-password-fail.html @@ -0,0 +1,18 @@ +{% extends "base-form2.html" %} + +{% block title %}{{ _("Password reset failed") }}{% end block %} + +{% block body %} + <div class="page-header"> + <h1>{{ _("Password reset failed") }}</h1> + </div> + + <div class="row"> + <div class="span6"> + <p> + {{ message }} + </p> + <hr> + </div> + </div> +{% end %} diff --git a/src/templates/user-reset-password-success.html b/src/templates/user-reset-password-success.html new file mode 100644 index 0000000..f75b3a7 --- /dev/null +++ b/src/templates/user-reset-password-success.html @@ -0,0 +1,18 @@ +{% extends "base-form2.html" %} + +{% block title %}{{ _("Password reset succeeded") }}{% end block %} + +{% block body %} + <div class="page-header"> + <h1>{{ _("Password reset succeeded") }}</h1> + </div> + + <div class="row"> + <div class="span6"> + <p> + {{ _("Successfully reset your password") }} + </p> + <hr> + </div> + </div> +{% end %} diff --git a/src/templates/user-reset-password.html b/src/templates/user-reset-password.html new file mode 100644 index 0000000..1fa07e4 --- /dev/null +++ b/src/templates/user-reset-password.html @@ -0,0 +1,36 @@ +{% extends "base.html" %} + +{% block title %}{{ _("Register a new account") }}{% end block %} + +{% block body %} + <div class="page-header"> + <h2> + {{ _("Reset password") }} + </h2> + </div> + + <form class="form-horizontal" method="POST" action=""> + {% raw xsrf_form_html() %} + <input type="hidden" name="code" value="{{ user.password_recovery_code }}"> + + <fieldset> + <div class="control-group"> + <label class="control-label" for="password1">{{ _("Password") }}</label> + <div class="controls"> + <input type="password" class="input-xlarge" id="password1" name="password1"> + </div> + </div> + + <div class="control-group"> + <label class="control-label" for="password2">{{ _("Confirm password") }}</label> + <div class="controls"> + <input type="password" class="input-xlarge" id="password2" name="password2"> + </div> + </div> + </fieldset> + + <div class="form-actions"> + <button type="submit" class="btn btn-primary">{{ _("Reset password") }}</button> + </div> + </form> +{% end block %} diff --git a/src/web/__init__.py b/src/web/__init__.py index 5be08d8..f44a123 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -118,6 +118,7 @@ class Application(tornado.web.Application): (r"/logout", auth.LogoutHandler), (r"/register", auth.RegisterHandler), (r"/password-recovery", auth.PasswordRecoveryHandler), + (r"/password-reset", auth.PasswordResetHandler), # User profiles (r"/users", users.UsersHandler), diff --git a/src/web/auth.py b/src/web/auth.py index 4538db5..811b3e9 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -143,10 +143,48 @@ class PasswordRecoveryHandler(base.BaseHandler): def post(self): username = self.get_argument("name", None) - if not username: - return self.get() + with self.db.transaction(): + user = self.backend.users.get_by_email(username) \ + or self.backend.users.get_by_name(username) + + if user: + user.forgot_password() + + self.render("user-requested-password-recovery.html") + + +class PasswordResetHandler(base.BaseHandler): + def get(self): + code = self.get_argument("code") + + user = self.backend.users.get_by_password_recovery_code(code) + if not user: + raise tornado.web.HTTPError(400) + + self.render("user-reset-password.html", user=user) + + def post(self): + _ = self.locale.translate + + code = self.get_argument("code") + pass1 = self.get_argument("password1") + pass2 = self.get_argument("password2") + + user = self.backend.users.get_by_password_recovery_code(code) + if not user: + raise tornado.web.HTTPError(400) + + if not pass1 == pass2: + return self.render("user-reset-password-fail.html", + message=_("Second password does not match")) + + # XXX Check password strength + + with self.db.transaction(): + user.passphrase = pass1 + user.password_recovery_code = None - # XXX TODO + self.render("user-reset-password-success.html") class LogoutHandler(base.BaseHandler): -- 2.11.0

1 0

2024

2023

2022

2021

2020

2019

2018

2017

Pakfire November 2017