reset password method for auth
790 views
Skip to first unread message
Wes James
Nov 30, 2009, 6:19:16 PM11/30/09
to web2py Web Framework
Here are the changes I made in tools.py in web2py 1.73.1
added doc item in Auth:
- http://.../{application}/{controller}/authentication/reset_password
added Auth setting:
self.settings.reset_password_next = self.url('user', args='login')
added these messages:
self.messages.reset_password = 'Click here:\n\nhttp://' +
request.env.http_host + '/' + request.application + '/' +
request.controller + '/reset_password' + '?key=%(reset_password_key)s
\n\nto reset your password'
self.messages.reset_password_subject = 'Password reset'
self.messages.reset_password_log = 'User %(id)s Password reset'
self.messages.label_reset_password_key = 'Reset Password key'
addition to methods:
def __call__.....
elif args[0] == 'reset_password':
return self.reset_password()
def define_tables..... added field below
db.Field('reset_password_key', length=512,
writable=False, readable=False, default='',
label=self.messages.label_reset_password_key),
def get_or_create_user.... added reset_password_key
d = {username: keys[username],
'first_name': keys.get('first_name', keys[username]),
'last_name': keys.get('last_name', ''),
'registration_key': '',
'reset_password_key': ''}
new method:
def reset_password....
Attached is the new tools.py
thx,
-wes
added doc item in Auth:
- http://.../{application}/{controller}/authentication/reset_password
added Auth setting:
self.settings.reset_password_next = self.url('user', args='login')
added these messages:
self.messages.reset_password = 'Click here:\n\nhttp://' +
request.env.http_host + '/' + request.application + '/' +
request.controller + '/reset_password' + '?key=%(reset_password_key)s
\n\nto reset your password'
self.messages.reset_password_subject = 'Password reset'
self.messages.reset_password_log = 'User %(id)s Password reset'
self.messages.label_reset_password_key = 'Reset Password key'
addition to methods:
def __call__.....
elif args[0] == 'reset_password':
return self.reset_password()
def define_tables..... added field below
db.Field('reset_password_key', length=512,
writable=False, readable=False, default='',
label=self.messages.label_reset_password_key),
def get_or_create_user.... added reset_password_key
d = {username: keys[username],
'first_name': keys.get('first_name', keys[username]),
'last_name': keys.get('last_name', ''),
'registration_key': '',
'reset_password_key': ''}
new method:
def reset_password....
Attached is the new tools.py
thx,
-wes
Wes James
Nov 30, 2009, 6:43:45 PM11/30/09
to web2py Web Framework
I just noticed that the default verify message is:
self.messages.verify_email = \
'Click on the link http://...verify_email/%(key)s to
verify your email'
Could it be similar to the reset_password message I submitted. They
should probably also be "https"?
thx,
-wes
self.messages.verify_email = \
'Click on the link http://...verify_email/%(key)s to
verify your email'
Could it be similar to the reset_password message I submitted. They
should probably also be "https"?
thx,
-wes
mdipierro
Nov 30, 2009, 6:58:06 PM11/30/09
to web2py-users
thank you. This was needed. I will take a look asap. The only issue is
that this new mechanism should be the default if the ath_user table
has the new reset_password_field, esle it should revert to the old
mechanism (in case people have custom tables) for backward
compatibility.
I wonder if this can be done using registration_key instead of
reset_password_field. It would make life easier because we would not
need to trigger a database migration.
Massimo
On Nov 30, 5:19 pm, Wes James <compte...@gmail.com> wrote:
> Here are the changes I made in tools.py in web2py 1.73.1
>
> added doc item in Auth:
>
> -http://.../{application}/{controller}/authentication/reset_password
> tools.py
> 143KViewDownload
that this new mechanism should be the default if the ath_user table
has the new reset_password_field, esle it should revert to the old
mechanism (in case people have custom tables) for backward
compatibility.
I wonder if this can be done using registration_key instead of
reset_password_field. It would make life easier because we would not
need to trigger a database migration.
Massimo
On Nov 30, 5:19 pm, Wes James <compte...@gmail.com> wrote:
> Here are the changes I made in tools.py in web2py 1.73.1
>
> added doc item in Auth:
>
> 143KViewDownload
Thadeus Burgess
Nov 30, 2009, 8:34:35 PM11/30/09
to web...@googlegroups.com
+1 for the registration_key
But the only problem is the registration_key should change each time the password is to be changed ?
-Thadeus
But the only problem is the registration_key should change each time the password is to be changed ?
-Thadeus
--
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to web2py+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
mdipierro
Nov 30, 2009, 10:13:21 PM11/30/09
to web2py-users
I think the options should be:
registration_key=
- '' (login allowed)
- '<uuid>' (login not allowed, email sent, waiting for verification)
- 'pending' (login blocked, registration needs approval)
- 'blocked' (login blocked, registration disabled)
- 'reset:<time>:<uuid>' (login allowed, email sent, waiting for
password reset)
<time> should be used to expire the password reset. The only new case
is the last one but login check needs change.
Massimo
On Nov 30, 7:34 pm, Thadeus Burgess <thade...@thadeusb.com> wrote:
> +1 for the registration_key
>
> But the only problem is the registration_key should change each time the
> password is to be changed ?
>
> -Thadeus
>
> > web2py+un...@googlegroups.com<web2py%2Bunsu...@googlegroups.com>
> > .
registration_key=
- '' (login allowed)
- '<uuid>' (login not allowed, email sent, waiting for verification)
- 'pending' (login blocked, registration needs approval)
- 'blocked' (login blocked, registration disabled)
- 'reset:<time>:<uuid>' (login allowed, email sent, waiting for
password reset)
<time> should be used to expire the password reset. The only new case
is the last one but login check needs change.
Massimo
On Nov 30, 7:34 pm, Thadeus Burgess <thade...@thadeusb.com> wrote:
> +1 for the registration_key
>
> But the only problem is the registration_key should change each time the
> password is to be changed ?
>
> -Thadeus
>
> > .
Wes James
Nov 30, 2009, 11:19:40 PM11/30/09
to web...@googlegroups.com
I first was using registration_key, but then that needs to change
every time a user requests a password reset, registration_key seems
to only be there for registration (only once). I wasn't sure how to
work with reg_key for password usage too.
your other email makes sense if there is a way to distinguish a
reg_key that is for registration vs password reset.
-wes
every time a user requests a password reset, registration_key seems
to only be there for registration (only once). I wasn't sure how to
work with reg_key for password usage too.
your other email makes sense if there is a way to distinguish a
reg_key that is for registration vs password reset.
-wes
> --
>
> You received this message because you are subscribed to the Google Groups "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to web2py+un...@googlegroups.com.
>
> You received this message because you are subscribed to the Google Groups "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages