Merge remote-tracking branch 'refs/remotes/rodney757-github/mail'

[mediagoblin.git] / mediagoblin / auth / lib.py

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 7cf021bc63e976f1103fafb26d2c53e8bcb9ef89..0810bd1bf8d1aa95a5e78d5e0aee5c47b7c698d0 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -1,5 +1,5 @@
 # GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 Free Software Foundation, Inc
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -14,11 +14,15 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import os
 import random
 
 import bcrypt
 
+from mediagoblin.tools.mail import send_email
+from mediagoblin.tools.template import render_template
+from mediagoblin.tools.crypto import get_timed_signer_url
+from mediagoblin import mg_globals
+
 
 def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     """
@@ -38,13 +42,13 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
+    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
 
     # Reduce risk of timing attacks by hashing again with a random
     # number (thx to zooko on this advice, which I hopefully
     # incorporated right.)
     #
-    # See also: 
+    # See also:
     rand_salt = bcrypt.gensalt(5)
     randplus_stored_hash = bcrypt.hashpw(stored_hash, rand_salt)
     randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
@@ -64,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
+    return unicode(
+        bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
 
 
 def fake_login_attempt():
@@ -84,3 +89,35 @@ def fake_login_attempt():
     randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
 
     randplus_stored_hash == randplus_hashed_pass
+
+
+EMAIL_FP_VERIFICATION_TEMPLATE = (
+    u"{uri}?"
+    u"token={fp_verification_key}")
+
+
+def send_fp_verification_email(user, request):
+    """
+    Send the verification email to users to change their password.
+
+    Args:
+    - user: a user object
+    - request: the request
+    """
+    fp_verification_key = get_timed_signer_url('mail_verification_token') \
+            .dumps(user.id)
+
+    rendered_email = render_template(
+        request, 'mediagoblin/auth/fp_verification_email.txt',
+        {'username': user.username,
+         'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
+                uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
+                                   qualified=True),
+                fp_verification_key=fp_verification_key)})
+
+    # TODO: There is no error handling in place
+    send_email(
+        mg_globals.app_config['email_sender_address'],
+        [user.email],
+        'GNU MediaGoblin - Change forgotten password!',
+        rendered_email)