-
Notifications
You must be signed in to change notification settings - Fork 37
Allows the user to login only via email without reseting the password #426
base: develop
Are you sure you want to change the base?
Conversation
… option "I have no password" the user is now able to login via email instead of requesting a new password. routing.py - added path to the "emaillogin" action in the user controller user.py - added perform_email_login method to the user controller.If the adhocracy.login_style is set to alternate it sends an email with an login link to the user - Added emaillogin method to catch EmailLoginRepozeWho errors Authentication.py - Changed the Path action path to perform_email_login - Added Email EmailLoginRepozeWho created emaillogin.py - Added EmailLoginRepozeWho controller created login_email.html - Informs the user that he got a new email
This simplifies the cookie session implementation and also #426 and hhucn/adhocracy.hhu_theme#341 .
except (TypeError, ValueError): | ||
return False | ||
correct_value = create_hash(email, user_time, config) | ||
if (user_hash == correct_value) and (time_dif < 3600): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of 3600, we should use a configuration option here, and default it to 3600.
We should require |
absolute=True) | ||
|
||
|
||
def create_token(email, config): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should definitely use the new crypto functions.
@@ -34,7 +34,7 @@ def get_secret(config=config, key=None): | |||
for k in search_keys: | |||
if config.get(k): | |||
assert config[k] != 'autogenerated' | |||
res = config[k] | |||
res = config.get(k) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can't be correct.
@@ -388,6 +388,9 @@ adhocracy.static_index_path = index | |||
# Ask the user for email and then password, instead of form + links | |||
# adhocracy.login_style = alternate | |||
|
|||
# Determines how long an email login link is valid in seconds | |||
3600 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before merging, we need to change this line, btw.
In case the loginstyle is set to alternate and the user clicks choses option "I have no password" the user is now able to login via email instead of requesting a new password.
routing.py
user.py
Authentication.py
created emaillogin.py
created login_email.html