# HG changeset patch # User bsw # Date 1448989920 -3600 # Node ID e7fc3fed1593fb10828af020a93c3de9047a2cf5 # Parent 02772bc49467e2f0da0b75d4edfa6196a0692807 Refactored password reset functionality diff -r 02772bc49467 -r e7fc3fed1593 app/main/index/_action/reset_password.lua --- a/app/main/index/_action/reset_password.lua Tue Dec 01 17:55:08 2015 +0100 +++ b/app/main/index/_action/reset_password.lua Tue Dec 01 18:12:00 2015 +0100 @@ -15,28 +15,7 @@ slot.put_into("error", _"Sorry, but there is not confirmed email address for your account. Please contact the administrator or support.") return false end - member.password_reset_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" ) - local expiry = db:query("SELECT now() + '1 days'::interval as expiry", "object").expiry - member.password_reset_secret_expiry = expiry - member:save() - local content = slot.use_temporary(function() - slot.put(_"Hello " .. member.name .. ",\n\n") - slot.put(_"to reset your password please click on the following link:\n\n") - slot.put(request.get_absolute_baseurl() .. "index/reset_password.html?secret=" .. member.password_reset_secret .. "\n\n") - slot.put(_"If this link is not working, please open following url in your web browser:\n\n") - slot.put(request.get_absolute_baseurl() .. "index/reset_password.html\n\n") - slot.put(_"On that page please enter the reset code:\n\n") - slot.put(member.password_reset_secret .. "\n\n") - end) - local success = net.send_mail{ - envelope_from = config.mail_envelope_from, - from = config.mail_from, - reply_to = config.mail_reply_to, - to = member.notify_email, - subject = config.mail_subject_prefix .. _"Password reset request", - content_type = "text/plain; charset=UTF-8", - content = content - } + member:send_password_reset_mail() end slot.put_into("notice", _"Your request has been processed.") @@ -67,8 +46,6 @@ end member:set_password(password1) - member.password_reset_secret = nil - member.password_reset_secret_expiry = nil member:save() slot.put_into("notice", _"Password has been reset successfully") diff -r 02772bc49467 -r e7fc3fed1593 model/member.lua --- a/model/member.lua Tue Dec 01 17:55:08 2015 +0100 +++ b/model/member.lua Tue Dec 01 18:12:00 2015 +0100 @@ -326,6 +326,8 @@ end self.password = hash + self.password_reset_secret = nil + self.password_reset_secret_expiry = nil end function Member.object:check_password(password) @@ -542,6 +544,36 @@ :add_where("activated NOTNULL AND active") end +function Member.object:send_password_reset_mail() + trace.disable() + if not self.notify_email then + return false + end + self.password_reset_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" ) + local expiry = db:query("SELECT now() + '1 days'::interval as expiry", "object").expiry + self.password_reset_secret_expiry = expiry + self:save() + local content = slot.use_temporary(function() + slot.put(_"Hello " .. self.name .. ",\n\n") + slot.put(_"to reset your password please click on the following link:\n\n") + slot.put(request.get_absolute_baseurl() .. "index/reset_password.html?secret=" .. self.password_reset_secret .. "\n\n") + slot.put(_"If this link is not working, please open following url in your web browser:\n\n") + slot.put(request.get_absolute_baseurl() .. "index/reset_password.html\n\n") + slot.put(_"On that page please enter the reset code:\n\n") + slot.put(self.password_reset_secret .. "\n\n") + end) + local success = net.send_mail{ + envelope_from = config.mail_envelope_from, + from = config.mail_from, + reply_to = config.mail_reply_to, + to = self.notify_email, + subject = config.mail_subject_prefix .. _"Password reset request", + content_type = "text/plain; charset=UTF-8", + content = content + } + return success +end + function Member.object:send_invitation(template_file, subject) trace.disable() self.invite_code = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" )