Permalink
Browse files

Consolidate and improve authentication related forms

- Login form

- Logged-in form: logout, change email, change password

- Change-email, Change-password and Reset-Password forms

- Use pure forms, buttons

- Test the various authentication related forms and fix bugs

- Add some emails to report changes of email and passwords
  • Loading branch information...
tanzer committed Jun 11, 2015
1 parent fe6de3d commit a3b0d211dae37003b88c6aefca994fbb806de453
View
@@ -58,6 +58,9 @@
# 11-Jun-2015 (CT) Add `description` guard to `_Activate_.GET._response_body`
# 11-Jun-2015 (CT) Add `field_name_password = current` to
# `_Activate_.POST._response_body`
+# 12-Jun-2015 (CT) Add argument `account` to `_send_notification`
+# 12-Jun-2015 (CT) Add `new_email_template` to
+# `_Change_Email_.POST._response_body`
# ««revision-date»»···
#--
@@ -83,6 +86,7 @@
from posixpath import join as pp_join
import datetime
+import logging
import time
urlparse = pyk.urlparse
@@ -164,7 +168,7 @@ class _Action_ (_Ancestor) :
class _Action__GET_ (_Ancestor.GET) :
- ### actions are handle by GET because the links are sent to the user
+ ### actions are handled by GET because the links are sent to the user
### as email's and they should only click these links !
_real_name = "GET"
@@ -183,7 +187,9 @@ def _response_body (self, resource, request, response) :
next = action.handle (resource)
if description :
response.add_notification \
- (GTW.Notification (_T (description)))
+ ( GTW.Notification
+ (" ".join (( _T (description), account.name)))
+ )
raise HTTP_Status.See_Other (next)
except GTW.OMP.Auth.Action_Expired :
action.destroy ()
@@ -216,9 +222,13 @@ def _check_account (self, account, errors) :
return True
# end def _check_account
- def _send_notification (self, response) :
+ def _send_notification (self, response, account) :
response.add_notification \
- (GTW.Notification (_T ("Activation successful.")))
+ ( GTW.Notification
+ ( _T ("Activation of account %s successful.")
+ % (account.name, )
+ )
+ )
# end def _send_notification
class _Activate__GET_ (_Ancestor.GET) :
@@ -238,10 +248,13 @@ def _render_context (self, resource, request, response, ** kw) :
account = getattr (response, "account", None)
if not account :
raise HTTP_Status.Not_Found ()
- result ["account"] = account
else :
if not resource._check_account (account, None) :
raise HTTP_Status.Forbidden ()
+ result.update \
+ ( account = account
+ , username = account.name
+ )
return result
# end def _render_context
@@ -277,7 +290,7 @@ def _response_body (self, resource, request, response) :
response.username = account.name
account.change_password (new_password, suspended = False)
top.scope.commit ()
- resource._send_notification (response)
+ resource._send_notification (response, account)
raise HTTP_Status.See_Other (next)
# end def _response_body
@@ -316,31 +329,38 @@ def get_email ( self, request
# end def get_email
def _response_body (self, resource, request, response) :
- debug = getattr (resource.top, "DEBUG", False)
- req_data = request.req_data
- top = resource.top
- HTTP_Status = top.Status
- self.errors = Errors ()
- self._credentials_validation (resource, request, debug = debug)
- new_email = self.get_email (request)
+ debug = getattr (resource.top, "DEBUG", False)
+ req_data = request.req_data
+ top = resource.top
+ HTTP_Status = top.Status
+ self.errors = Errors ()
+ old_email, _ = self._credentials_validation \
+ (resource, request, debug = debug)
+ new_email = self.get_email (request)
if not self.errors :
- account = self.account
- next = req_data.get ("next", "/")
- host = request.host
- token = account.change_email_prepare (new_email)
- link = resource.parent.href_action (account, token, request)
+ account = self.account
+ next = req_data.get ("next", "/")
+ host = request.host
+ token = account.change_email_prepare (new_email)
+ link = resource.parent.href_action \
+ (account, token, request)
top.scope.commit ()
+ subject = \
+ (_T ( "Confirmation for change of email "
+ "for account %s to %s for website %s"
+ )
+ % (old_email, new_email, host)
+ )
try :
resource.send_email \
( resource.new_email_template
- , email_to = new_email
- , email_subject =
- _T ("Email confirmation for %s") % (host, )
+ , NAV = top
, email_from = resource.email_from
+ , email_subject = subject
+ , email_to = new_email
+ , host = host
, link = link
- , NAV = top
, page = resource
- , host = host
)
except Exception as exc :
self.errors [None].append (str (exc))
@@ -350,9 +370,24 @@ def _response_body (self, resource, request, response) :
(_T ( "A confirmation email has been sent to "
"the new email address."
)
+ + " " + new_email
)
)
- ### XXX Send info email to old email
+ try :
+ resource.send_email \
+ ( resource.old_email_template
+ , NAV = top
+ , email_from = resource.email_from
+ , email_subject = subject
+ , email_to = old_email
+ , host = host
+ , new_email = new_email
+ , old_email = old_email
+ , page = resource
+ , request = request
+ )
+ except Exception as exc :
+ logging.exception ("Exception during Change-Email")
raise HTTP_Status.See_Other (next)
response.errors = self.errors
response.account = self.account
@@ -370,6 +405,7 @@ def _response_body (self, resource, request, response) :
class _Change_Password_ (_Ancestor) :
active_account_required = True
+ new_password_template = "account_change_password_info"
_action_kind = _ ("Change")
_auth_required = True
@@ -382,9 +418,25 @@ def _check_account (self, account, errors) :
return True
# end def _check_account
- def _send_notification (self, response) :
+ def _send_notification (self, response, account) :
response.add_notification \
(GTW.Notification (_T ("The password has been changed.")))
+ try :
+ request = response._request
+ self.send_email \
+ ( self.new_password_template
+ , NAV = self.top
+ , account_name = account.name
+ , email_from = self.email_from
+ , email_subject = _T \
+ ("Password change for account %s" % (account.name, ))
+ , email_to = account.name
+ , host = request.host
+ , page = self
+ , request = request
+ )
+ except Exception as exc :
+ logging.exception ("Exception during Change-Password")
# end def _send_notification
# end class _Change_Password_
View
@@ -83,6 +83,8 @@
# 21-Jan-2015 (CT) Add `ETR_table`
# 11-Feb-2015 (CT) Factor `SRM` template declarations,
# remove obsolete templates
+# 12-Jun-2015 (CT) Add `account_change_email_info`,
+# `account_change_password_info`
# ««revision-date»»···
#--
@@ -548,7 +550,9 @@ def __str__ (self) :
]
Template ("account_change_email", "html/change_email.jnj")
+Template ("account_change_email_info", "email/change_email_info.jnj")
Template ("account_change_password", "html/change_password.jnj")
+Template ("account_change_password_info", "email/change_password_info.jnj")
Template ("account_make_cert", "html/make_client_cert.jnj")
Template ("account_register", "html/register.jnj")
Template ("account_reset_password", "html/reset_password.jnj")
@@ -0,0 +1,35 @@
+{%- extends "email/email.jnj" %}
+{#- jinja template: email/change_email_info.jnj -#}
+{#
+## Copyright (C) 2015 Mag. Christian Tanzer All rights reserved
+## Glasauergasse 32, A--1130 Wien, Austria. tanzer@swing.co.at
+## #*** <License> ************************************************************#
+## This template is part of the package JNJ.
+##
+## This template is licensed under the terms of the BSD 3-Clause License
+## <http://www.c-tanzer.at/license/bsd_3c.html>.
+## #*** </License> ***********************************************************#
+##
+##++
+## Name
+## email/change_email_info.jnj
+##
+## Purpose
+## Email sent to the user's old email address to report the change of email
+##
+## Revision Dates
+## 12-Jun-2015 (CT) Creation
+## ««revision-date»»···
+##--
+#}
+
+{%- block body -%}
+
+{{ GTW._T
+ ( "The email address for your account %s on website %s "
+ "is about to be changed to %s due to a request from %s to %s."
+ ) % (old_email, host, new_email, request.remote_addr, request.path)
+-}}
+{%- endblock body -%}
+
+{#- __END__ jinja template: email/change_email_info.jnj -#}
@@ -0,0 +1,35 @@
+{%- extends "email/email.jnj" %}
+{#- jinja template: email/change_password_info.jnj -#}
+{#
+## Copyright (C) 2015 Mag. Christian Tanzer All rights reserved
+## Glasauergasse 32, A--1130 Wien, Austria. tanzer@swing.co.at
+## #*** <License> ************************************************************#
+## This template is part of the package JNJ.
+##
+## This template is licensed under the terms of the BSD 3-Clause License
+## <http://www.c-tanzer.at/license/bsd_3c.html>.
+## #*** </License> ***********************************************************#
+##
+##++
+## Name
+## email/change_password_info.jnj
+##
+## Purpose
+## Email sent to the user's email address to report the change of password
+##
+## Revision Dates
+## 12-Jun-2015 (CT) Creation
+## ««revision-date»»···
+##--
+#}
+
+{%- block body -%}
+
+{{ GTW._T
+ ( "The password for your account %s on website %s "
+ "was changed due to a request from %s to %s."
+ ) % (account_name, host, request.remote_addr, request.path)
+-}}
+{%- endblock body -%}
+
+{#- __END__ jinja template: email/change_password_info.jnj -#}
@@ -1,7 +1,7 @@
{%- extends "email/email.jnj" %}
-{#- jinja template: verify_new_email.jnj -#}
+{#- jinja template: email/verify_new_email.jnj -#}
{#
-## Copyright (C) 2010 Martin Glueck All rights reserved
+## Copyright (C) 2010-2015 Martin Glueck All rights reserved
## Langstrasse 4, A--2244 Spannberg, Austria. martin@mangari.org
## ****************************************************************************
## This template is part of the package JNJ.
@@ -12,10 +12,10 @@
##
##++
## Name
-## verify_new_email
+## email/verify_new_email.jnj
##
## Purpose
-## Email sent to the user to confirm a change of the user's email address
+## Email sent to the user's new email address to confirm the change of email address
##
## Revision Dates
## 21-Feb-2010 (MG) Creation
@@ -33,4 +33,4 @@
{%- endblock body -%}
-{#- __END__ jinja template: verify_new_email.jnj -#}
+{#- __END__ jinja template: email/verify_new_email.jnj -#}
Oops, something went wrong.

0 comments on commit a3b0d21

Please sign in to comment.