Remove fp_email_sent.html and refs to it

[mediagoblin.git] / mediagoblin / auth / views.py

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index caf9835a6974f646dc5b23908edf2c78d40a58c4..f707ecbea0006aaa877c3cc907fb939d99d7d93c 100644 (file)
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -84,6 +84,7 @@ def register(request):
             user.email = email
             user.pw_hash = auth_lib.bcrypt_gen_password_hash(
                 request.POST['password'])
+            user.verification_key = unicode(uuid.uuid4())
             user.save(validate=True)
 
             # log the user in
@@ -166,10 +167,10 @@ def verify_email(request):
     user = request.db.User.find_one(
         {'_id': ObjectId(unicode(request.GET['userid']))})
 
-    if user and user['verification_key'] == unicode(request.GET['token']):
+    if user and user.verification_key == unicode(request.GET['token']):
         user.status = u'active'
         user.email_verified = True
-        user[u'verification_key'] = None
+        user.verification_key = None
 
         user.save()
 
@@ -212,7 +213,7 @@ def resend_activation(request):
         
         return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
 
-    request.user[u'verification_key'] = unicode(uuid.uuid4())
+    request.user.verification_key = unicode(uuid.uuid4())
     request.user.save()
     
     email_debug_message(request)
@@ -231,16 +232,12 @@ def forgot_password(request):
     """
     Forgot password view
 
-    Sends an email whit an url to renew forgoten password
+    Sends an email with an url to renew forgotten password
     """
     fp_form = auth_forms.ForgotPassForm(request.POST)
 
     if request.method == 'POST' and fp_form.validate():
 
-        # Here, so it doesn't depend on the actual mail being sent
-        # and thus doesn't reveal, wether mail was sent.
-        email_debug_message(request)
-
         # '$or' not available till mongodb 1.5.3
         user = request.db.User.find_one(
             {'username': request.POST['username']})
@@ -250,12 +247,20 @@ def forgot_password(request):
 
         if user:
             if user.email_verified and user.status == 'active':
-                user[u'fp_verification_key'] = unicode(uuid.uuid4())
-                user[u'fp_token_expire'] = datetime.datetime.now() + \
+                user.fp_verification_key = unicode(uuid.uuid4())
+                user.fp_token_expire = datetime.datetime.now() + \
                                           datetime.timedelta(days=10)
                 user.save()
 
                 send_fp_verification_email(user, request)
+
+                messages.add_message(
+                    request,
+                    messages.INFO,
+                    _("An email has been sent with instructions on how to "
+                      "change your password."))
+                email_debug_message(request)
+
             else:
                 # special case... we can't send the email because the
                 # username is inactive / hasn't verified their email
@@ -269,9 +274,13 @@ def forgot_password(request):
                 return redirect(
                     request, 'mediagoblin.user_pages.user_home',
                     user=user.username)
-
-        # do not reveal whether or not there is a matching user
-        return redirect(request, 'mediagoblin.auth.fp_email_sent')
+            return redirect(request, 'mediagoblin.auth.login')
+        else:
+            messages.add_message(
+                request,
+                messages.WARNING,
+                _("Couldn't find someone with that username or email."))
+            return redirect(request, 'mediagoblin.auth.forgot_password')
 
     return render_to_response(
         request,
@@ -301,9 +310,9 @@ def verify_forgot_password(request):
         return render_404(request)
 
     # check if we have a real user and correct token
-    if ((user and user['fp_verification_key'] and
-         user['fp_verification_key'] == unicode(formdata_token) and
-         datetime.datetime.now() < user['fp_token_expire']
+    if ((user and user.fp_verification_key and
+         user.fp_verification_key == unicode(formdata_token) and
+         datetime.datetime.now() < user.fp_token_expire
          and user.email_verified and user.status == 'active')):
 
         cp_form = auth_forms.ChangePassForm(formdata_vars)
@@ -311,8 +320,8 @@ def verify_forgot_password(request):
         if request.method == 'POST' and cp_form.validate():
             user.pw_hash = auth_lib.bcrypt_gen_password_hash(
                 request.POST['password'])
-            user[u'fp_verification_key'] = None
-            user[u'fp_token_expire'] = None
+            user.fp_verification_key = None
+            user.fp_token_expire = None
             user.save()
 
             return redirect(request, 'mediagoblin.auth.fp_changed_success')