member = mtool.getMemberById(userid)
if member :
uuid = str(uuid4())
+ while self._passwordResetRequests.has_key(uuid) :
+ uuid = str(uuid4())
self._passwordResetRequests[uuid] = (userid, DateTime() + 1)
utool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IURLTool')
ptool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IPropertiesTool')
security.declarePublic('resetPassword')
- def resetPassword(self, userid, uuid, password, confirm) :
+ def resetPassword(self, uuid, password, confirm) :
record = self._passwordResetRequests.get(uuid)
if not record :
return _('Invalid reset password request.')
- recUserid, expiration = record
-
- if recUserid != userid :
- return _('Invalid userid.')
-
+ userid, expiration = record
+ now = DateTime()
if expiration < now :
self.clearExpiredPasswordResetRequests()
return _('Your reset password request has expired. You can ask a new one.')