Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'hotfix/1.1.2'

  • Loading branch information...
commit d44f9bdfae5479ac47aa0400f8c9ee827ca1fe09 2 parents dcfb368 + b3d171b
Alan Malloy amalloy authored
Showing with 45 additions and 21 deletions.
  1. +1 −1  project.clj
  2. +44 −20 src/foreclojure/login.clj
2  project.clj
View
@@ -1,4 +1,4 @@
-(defproject foreclojure "1.1.1"
+(defproject foreclojure "1.1.2"
:description "4clojure - a website for lisp beginners"
:dependencies [[clojure "1.2.1"]
[clojure-contrib "1.2.0"]
64 src/foreclojure/login.clj
View
@@ -4,7 +4,9 @@
hiccup.page-helpers
[foreclojure utils config users]
compojure.core
- [amalloy.utils :only [rand-in-range]]
+ [amalloy.utils :only [rand-in-range keywordize]]
+ [clojail.core :only [thunk-timeout]]
+ clojure.stacktrace
somnium.congomongo)
(:require [sandbar.stateful-session :as session]
[ring.util.response :as response]))
@@ -87,30 +89,52 @@
(text-field :email)
[:button {:type "submit"} "Reset!"])]]])
-(def pw-chars "abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVWXY1234567890")
+(let [pw-chars "abcdefghijklmnopqrstuvxyzABCDEFGHIJKLMNOPQRSTUVWXY1234567890"]
+ (defn random-pwd []
+ (let [pw (apply str
+ (repeatedly 10 #(rand-nth pw-chars)))
+ hash (.encryptPassword (StrongPasswordEncryptor.) pw)]
+ (keywordize [pw hash]))))
+
+(defn try-to-email [email name id]
+ (let [{:keys [pw hash]} (random-pwd)]
+ (try
+ (thunk-timeout
+ (fn []
+ (update! :users
+ {:_id id}
+ {:$set {:pwd hash}})
+ (send-email
+ {:from "team@4clojure.com"
+ :to [email]
+ :subject "Password reset"
+ :body
+ (str "The password for your 4clojure.com account "
+ name " has been reset to " pw ". Make sure to change it"
+ " soon at https://4clojure.com/login/update - pick"
+ " something you'll remember!")})
+ {:success true})
+ 10 :sec)
+ (catch Throwable t
+ {:success false, :exception t,
+ :message (.getMessage t),
+ :trace (with-out-str
+ (binding [*err* *out*]
+ (print-cause-trace t)))
+ :pw pw, :hash hash}))))
(defn do-reset-password! [email]
(if-let [{id :_id, name :user} (fetch-one :users
:where {:email email}
:only [:_id :user])]
- (let [pw (apply str
- (repeatedly 10 #(rand-nth pw-chars)))
- pw-hash (.encryptPassword (StrongPasswordEncryptor.) pw)]
- (update! :users
- {:_id id}
- {:$set {:pwd pw-hash}})
- (send-email
- {:from "team@4clojure.com"
- :to [email]
- :subject "Password reset"
- :body
- (str "The password for your 4clojure.com account "
- name " has been reset to " pw ". Make sure to change it"
- " soon at https://4clojure.com/login/update - pick"
- " something you'll remember!")})
- (session/session-put! :login-to "/login/update")
- (flash-msg "Your password has been reset! You should receive an email soon"
- (login-url "/login/update")))
+ (let [{:keys [success] :as diagnostics} (? (try-to-email email name id))]
+ (if success
+ (do (session/session-put! :login-to "/login/update")
+ (flash-msg "Your password has been reset! You should receive an email soon."
+ (login-url "/login/update")))
+ (do (spit (? (str name ".pwd")) (? diagnostics))
+ (flash-error (str "Something went wrong emailing your new password! Please contact <a href='mailto:team@4clojure.com?subject=Password Reset: " name "'>team@4clojure.com</a> - we'll reset it manually and look into the problem. When you do, please mention your username.")
+ "/login/reset"))))
(flash-error "We don't know anyone with that email address!"
"/login/reset")))
Please sign in to comment.
Something went wrong with that request. Please try again.