Ajout fonction utilitaire pour encoder de manière sécurisé les en-tête des mails.
[Plinn.git] / RegistrationTool.py
index c35cb6a..021b714 100644 (file)
@@ -36,6 +36,7 @@ from Products.CMFCore.utils import getToolByName
 from Products.CMFCore.utils import getUtilityByInterfaceName
 from Products.GroupUserFolder.GroupsToolPermissions import ManageGroups
 from Products.Plinn.utils import Message as _
+from Products.Plinn.utils import translate
 from Products.Plinn.utils import encodeQuopriEmail
 from DateTime import DateTime
 from types import TupleType, ListType
@@ -201,6 +202,8 @@ class RegistrationTool(BaseRegistrationTool) :
         member = mtool.getMemberById(userid)
         if member :
             uuid = str(uuid4())
+            while self._passwordResetRequests.has_key(uuid) :
+                uuid = str(uuid4())
             self._passwordResetRequests[uuid] = (userid, DateTime() + 1)
             utool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IURLTool')
             ptool = getUtilityByInterfaceName('Products.CMFCore.interfaces.IPropertiesTool')
@@ -211,11 +214,12 @@ class RegistrationTool(BaseRegistrationTool) :
             mailhost = portal.MailHost
             sender = encodeQuopriEmail(ptool.getProperty('email_from_name'), ptool.getProperty('email_from_address'))
             to = encodeQuopriEmail(member.getMemberFullName(nameBefore=0), member.getProperty('email'))
-            subject = "=?utf-8?q?%s?=" % encodestring('Password reset')
-            lines = []
-            pr = lines.append
-            pr('%s/password_reset_form/%s' % (utool(), uuid))
-            body = '\n'.join(lines)
+            subject = translate(_('How to reset your password on the %s website')) % ptool.getProperty('title')
+            subject = "=?utf-8?q?%s?=" % encodestring(subject)
+            body = self.password_reset_mail_template(fullName=member.getMemberFullName(nameBefore=0),
+                                                     siteName=ptool.getProperty('title'),
+                                                     resetPasswordUrl='%s/password_reset_form/%s' % (utool(), uuid)
+                                                     )
             message = self.echange_mail_template(From=sender,
                                                  To=to,
                                                  Subject=subject,
@@ -223,6 +227,9 @@ class RegistrationTool(BaseRegistrationTool) :
                                                  charset = 'UTF-8',
                                                  body=body)
             mailhost.send(message)
+            return
+        
+        return _('Unknown user name. Please retry.')
     
     security.declarePrivate('clearExpiredPasswordResetRequests')
     def clearExpiredPasswordResetRequests(self):
@@ -234,16 +241,13 @@ class RegistrationTool(BaseRegistrationTool) :
     
     
     security.declarePublic('resetPassword')
-    def resetPassword(self, userid, uuid, password, confirm) :
+    def resetPassword(self, uuid, password, confirm) :
         record = self._passwordResetRequests.get(uuid)
         if not record :
             return _('Invalid reset password request.')
         
-        recUserid, expiration = record
-        
-        if recUserid != userid :
-            return _('Invalid userid.')
-        
+        userid, expiration = record
+        now = DateTime()
         if expiration < now :
             self.clearExpiredPasswordResetRequests()
             return _('Your reset password request has expired. You can ask a new one.')