Pour des requêtes passées avec ajax, il vaut mieux toujours définir la balise <base...
[Plinn.git] / RegistrationTool.py
index 953e008..bddd44b 100644 (file)
@@ -32,10 +32,15 @@ from AccessControl.Permission import Permission
 from BTrees.OOBTree import OOBTree
 from Products.CMFCore.permissions import ManagePortal, AddPortalMember
 from Products.CMFCore.exceptions import AccessControl_Unauthorized
 from BTrees.OOBTree import OOBTree
 from Products.CMFCore.permissions import ManagePortal, AddPortalMember
 from Products.CMFCore.exceptions import AccessControl_Unauthorized
+from Products.CMFDefault.exceptions import EmailAddressInvalid
 from Products.CMFCore.utils import getToolByName
 from Products.CMFCore.utils import getUtilityByInterfaceName
 from Products.CMFCore.utils import getToolByName
 from Products.CMFCore.utils import getUtilityByInterfaceName
+from Products.CMFDefault.utils import checkEmailAddress
 from Products.GroupUserFolder.GroupsToolPermissions import ManageGroups
 from Products.Plinn.utils import Message as _
 from Products.GroupUserFolder.GroupsToolPermissions import ManageGroups
 from Products.Plinn.utils import Message as _
+from Products.Plinn.utils import translate
+from Products.Plinn.utils import encodeQuopriEmail
+from Products.Plinn.utils import encodeMailHeader
 from DateTime import DateTime
 from types import TupleType, ListType
 from uuid import uuid4
 from DateTime import DateTime
 from types import TupleType, ListType
 from uuid import uuid4
@@ -197,16 +202,45 @@ class RegistrationTool(BaseRegistrationTool) :
         self.clearExpiredPasswordResetRequests()
         mtool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IMembershipTool')
         member = mtool.getMemberById(userid)
         self.clearExpiredPasswordResetRequests()
         mtool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IMembershipTool')
         member = mtool.getMemberById(userid)
+        if not member :
+            try :
+                checkEmailAddress(userid)
+                member = mtool.searchMembers('email', userid)
+                if member :
+                    userid = member[0]['username']
+                    member = mtool.getMemberById(userid)
+            except EmailAddressInvalid :
+                pass
         if member :
             uuid = str(uuid4())
         if member :
             uuid = str(uuid4())
+            while self._passwordResetRequests.has_key(uuid) :
+                uuid = str(uuid4())
             self._passwordResetRequests[uuid] = (userid, DateTime() + 1)
             self._passwordResetRequests[uuid] = (userid, DateTime() + 1)
-            mailhost = getUtilityByInterfaceName('Products.MailHost.interfaces.IMailHost')
-            ptool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IPropertiesTool')
             utool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IURLTool')
             utool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IURLTool')
-            sender = ptool.getProperty('email_from_address')
-            to = member.getProperty('email')
+            ptool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IPropertiesTool')
+            # fuck : mailhost récupéré avec getUtilityByInterfaceName n'est pas correctement
+            # wrappé. Un « unrestrictedTraverse » ne marche pas.
+            # mailhost = getUtilityByInterfaceName('Products.MailHost.interfaces.IMailHost')
+            portal = utool.getPortalObject()
+            mailhost = portal.MailHost
+            sender = encodeQuopriEmail(ptool.getProperty('email_from_name'), ptool.getProperty('email_from_address'))
+            to = encodeQuopriEmail(member.getMemberFullName(nameBefore=0), member.getProperty('email'))
+            subject = translate(_('How to reset your password on the %s website')) % ptool.getProperty('title')
+            subject = encodeMailHeader(subject)
+            options = {'fullName' : member.getMemberFullName(nameBefore=0),
+                       'siteName' : ptool.getProperty('title'),
+                       'resetPasswordUrl' : '%s/password_reset_form/%s' % (utool(), uuid)}
+            body = self.password_reset_mail(options)
             message = self.echange_mail_template(From=sender,
             message = self.echange_mail_template(From=sender,
-                                                 To=to)
+                                                 To=to,
+                                                 Subject=subject,
+                                                 ContentType = 'text/plain',
+                                                 charset = 'UTF-8',
+                                                 body=body)
+            mailhost.send(message)
+            return
+        
+        return _('Unknown user name. Please retry.')
     
     security.declarePrivate('clearExpiredPasswordResetRequests')
     def clearExpiredPasswordResetRequests(self):
     
     security.declarePrivate('clearExpiredPasswordResetRequests')
     def clearExpiredPasswordResetRequests(self):
@@ -218,19 +252,16 @@ class RegistrationTool(BaseRegistrationTool) :
     
     
     security.declarePublic('resetPassword')
     
     
     security.declarePublic('resetPassword')
-    def resetPassword(self, userid, uuid, password, confirm) :
+    def resetPassword(self, uuid, password, confirm) :
         record = self._passwordResetRequests.get(uuid)
         if not record :
         record = self._passwordResetRequests.get(uuid)
         if not record :
-            return _('Invalid reset password request.')
-        
-        recUserid, expiration = record
-        
-        if recUserid != userid :
-            return _('Invalid userid.')
+            return None, _('Invalid reset password request.')
         
         
+        userid, expiration = record
+        now = DateTime()
         if expiration < now :
             self.clearExpiredPasswordResetRequests()
         if expiration < now :
             self.clearExpiredPasswordResetRequests()
-            return _('Your reset password request has expired. You can ask a new one.')
+            return None, _('Your reset password request has expired. You can ask a new one.')
         
         msg = self.testPasswordValidity(password, confirm=confirm)
         if not msg : # None if everything ok. Err message otherwise.
         
         msg = self.testPasswordValidity(password, confirm=confirm)
         if not msg : # None if everything ok. Err message otherwise.
@@ -239,9 +270,9 @@ class RegistrationTool(BaseRegistrationTool) :
             if member :
                 member.setSecurityProfile(password=password)
                 del self._passwordResetRequests[uuid]
             if member :
                 member.setSecurityProfile(password=password)
                 del self._passwordResetRequests[uuid]
-                return _('Password successfully resetted.')
+                return  userid, _('Password successfully reset.')
             else :
             else :
-                return _('"%s" username not found.') % userid
+                return None, _('"%s" username not found.') % userid
             
         
 InitializeClass(RegistrationTool)
\ No newline at end of file
             
         
 InitializeClass(RegistrationTool)
\ No newline at end of file