from Products.CMFCore.utils import getUtilityByInterfaceName
from Products.GroupUserFolder.GroupsToolPermissions import ManageGroups
from Products.Plinn.utils import Message as _
+from Products.Plinn.utils import translate
+from Products.Plinn.utils import encodeQuopriEmail
+from Products.Plinn.utils import encodeMailHeader
from DateTime import DateTime
from types import TupleType, ListType
from uuid import uuid4
""" add uuid / (userid, expiration) pair and return uuid """
self.clearExpiredPasswordResetRequests()
mtool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IMembershipTool')
- if mtool.getMemberById(userid) :
+ member = mtool.getMemberById(userid)
+ if member :
uuid = str(uuid4())
+ while self._passwordResetRequests.has_key(uuid) :
+ uuid = str(uuid4())
self._passwordResetRequests[uuid] = (userid, DateTime() + 1)
- return uuid
+ utool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IURLTool')
+ ptool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IPropertiesTool')
+ # fuck : mailhost récupéré avec getUtilityByInterfaceName n'est pas correctement
+ # wrappé. Un « unrestrictedTraverse » ne marche pas.
+ # mailhost = getUtilityByInterfaceName('Products.MailHost.interfaces.IMailHost')
+ portal = utool.getPortalObject()
+ mailhost = portal.MailHost
+ sender = encodeQuopriEmail(ptool.getProperty('email_from_name'), ptool.getProperty('email_from_address'))
+ to = encodeQuopriEmail(member.getMemberFullName(nameBefore=0), member.getProperty('email'))
+ subject = translate(_('How to reset your password on the %s website')) % ptool.getProperty('title')
+ subject = encodeMailHeader(subject)
+ options = {'fullName' : member.getMemberFullName(nameBefore=0),
+ 'siteName' : ptool.getProperty('title'),
+ 'resetPasswordUrl' : '%s/password_reset_form/%s' % (utool(), uuid)}
+ body = self.password_reset_mail(options)
+ message = self.echange_mail_template(From=sender,
+ To=to,
+ Subject=subject,
+ ContentType = 'text/plain',
+ charset = 'UTF-8',
+ body=body)
+ mailhost.send(message)
+ return
+
+ return _('Unknown user name. Please retry.')
security.declarePrivate('clearExpiredPasswordResetRequests')
def clearExpiredPasswordResetRequests(self):
security.declarePublic('resetPassword')
- def resetPassword(self, userid, uuid, password, confirm) :
+ def resetPassword(self, uuid, password, confirm) :
record = self._passwordResetRequests.get(uuid)
if not record :
return _('Invalid reset password request.')
- recUserid, expiration = record
-
- if recUserid != userid :
- return _('Invalid userid.')
-
+ userid, expiration = record
+ now = DateTime()
if expiration < now :
self.clearExpiredPasswordResetRequests()
return _('Your reset password request has expired. You can ask a new one.')