Skip to content
This repository has been archived by the owner on Jul 11, 2019. It is now read-only.

Allows the user to login only via email without reseting the password #426

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Allows the user to login only via email without reseting the password #426

wants to merge 4 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jun 5, 2013

In case the loginstyle is set to alternate and the user clicks choses option "I have no password" the user is now able to login via email instead of requesting a new password.

routing.py

  • added path to the "emaillogin" action in the user controller

user.py

  • added perform_email_login method to the user controller.If the adhocracy.login_style is set to alternate it sends an email with an login link to the user
  • Added emaillogin method to catch EmailLoginRepozeWho errors

Authentication.py

  • Changed the Path action path to perform_email_login
  • Added Email EmailLoginRepozeWho

created emaillogin.py

  • Added EmailLoginRepozeWho controller

created login_email.html

  • Informs the user that he got a new email

… option "I have no password" the user is now able to login via email instead of requesting a new password.

routing.py
- added path to the "emaillogin" action in the user controller
user.py
- added perform_email_login method to the user controller.If the adhocracy.login_style is set to alternate it sends an email with an login link to the user
- Added emaillogin method to catch EmailLoginRepozeWho errors
Authentication.py
- Changed the Path action path to perform_email_login
- Added Email EmailLoginRepozeWho
created emaillogin.py
- Added EmailLoginRepozeWho controller
created login_email.html
- Informs the user that he got a new email
phihag added a commit that referenced this pull request Jun 16, 2013
This simplifies the cookie session implementation and also #426 and hhucn/adhocracy.hhu_theme#341 .
except (TypeError, ValueError):
return False
correct_value = create_hash(email, user_time, config)
if (user_hash == correct_value) and (time_dif < 3600):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of 3600, we should use a configuration option here, and default it to 3600.

@phihag
Copy link
Collaborator

phihag commented Jun 29, 2013

We should require login_types to include email-token. Also, it looks like this PR is missing the necessary changes to the template.

absolute=True)


def create_token(email, config):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should definitely use the new crypto functions.

@@ -34,7 +34,7 @@ def get_secret(config=config, key=None):
for k in search_keys:
if config.get(k):
assert config[k] != 'autogenerated'
res = config[k]
res = config.get(k)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can't be correct.

@@ -388,6 +388,9 @@ adhocracy.static_index_path = index
# Ask the user for email and then password, instead of form + links
# adhocracy.login_style = alternate

# Determines how long an email login link is valid in seconds
3600
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before merging, we need to change this line, btw.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant