Add erp_change_password web service
This commit is contained in:
parent
e6a9bda7c9
commit
090ae4a1d8
|
@ -6,6 +6,10 @@ for schema in (String('xmlrpc_registration_url',
|
|||
N_('XMLRPC Neogia registration URL'),
|
||||
default = '',
|
||||
presentation_hint = { 'args': { 'size': 100 }}),
|
||||
String('erp_secret',
|
||||
N_('Shared secret with the ERP'),
|
||||
default = '',
|
||||
presentation_hint = { 'args': { 'size': 100 }}),
|
||||
String('cnil_text',
|
||||
N_("Texte d'information CNIL"),
|
||||
default = '',
|
||||
|
|
|
@ -51,7 +51,7 @@ def check_classification(classification):
|
|||
return classification_ok
|
||||
|
||||
class IfefRootDirectory(authentic.root.RootDirectory):
|
||||
_q_exports = authentic.root.RootDirectory._q_exports + [ 'register2' ]
|
||||
_q_exports = authentic.root.RootDirectory._q_exports + [ 'register2', 'erp_change_password' ]
|
||||
|
||||
def _q_traverse(self, path):
|
||||
request = get_request()
|
||||
|
@ -250,5 +250,60 @@ RecaptchaOptions = { "theme" : "white", "lang" : "fr" };
|
|||
url, htmltext(_('Log on %s') % label))
|
||||
'</ul>'
|
||||
|
||||
def erp_change_password_get [html] (self):
|
||||
template.html_top(title = _('ERP Change Password'))
|
||||
'<p>This service expects a POST-ed form with the following fields'
|
||||
'<dl>'
|
||||
'<dt>secret</dtd><dd>The secret giving access to this service</dd>'
|
||||
'<dt>uid</dtd><dd>The uid for which we want to change password</dd>'
|
||||
'<dt>password</dt><dd>(optional) the password to set</dd>'
|
||||
'</dl>'
|
||||
'<h2>Behaviour</h2>'
|
||||
'<p>If secret or uid are missing or if an unknown field is given, an error 400 is returned.</p>'
|
||||
'<p>If secret is wrong, an error 403 is returned,</p>'
|
||||
'<p>If uid is unknown, an error 400 is returned.</p>'
|
||||
'<p>If a password is given, it is set and sent by mail, if the account has an email.</p>'
|
||||
'<p>If no password is given, one is generated and sent by mail.</p>'
|
||||
'<p>If no password is given and no email is present, an error 400 is returned.</p>'
|
||||
'<h2>Result</h2>'
|
||||
'<p>If no error occured, a document containing the string "ok" of content-type text/plain is returned</p>'
|
||||
|
||||
def erp_change_password(self):
|
||||
request = get_request()
|
||||
store = identities.get_store()
|
||||
if request.get_method() != 'POST':
|
||||
return self.erp_change_password_get()
|
||||
form = request.form
|
||||
if 'secret' not in form or 'uid' not in form:
|
||||
raise errors.QueryError('%s' % form)
|
||||
secret = form['secret']
|
||||
uid = form['uid']
|
||||
password = form.get('password')
|
||||
# Verify the secret
|
||||
if secret != configuration.get_configuration('identities').get('erp_secret'):
|
||||
raise errors.AccessError()
|
||||
# Check the uid exists
|
||||
identity = identities.get_store().get_identity_for_username(uid)
|
||||
if not identity:
|
||||
raise errors.QueryError('User %r not found' % uid)
|
||||
# Suppose there is only one account object
|
||||
account = identity.accounts[0]
|
||||
if password:
|
||||
# Check the password is acceptable
|
||||
pass
|
||||
else:
|
||||
# Check that the identity has an email
|
||||
if not identity.email:
|
||||
raise errors.QueryError('User %r has no email, we cannot generate a new password' % uid)
|
||||
password = store.create_password(for_account=uid)
|
||||
if identity.email:
|
||||
self.email_password(identity, password=password)
|
||||
account.password = store.hash_password(password)
|
||||
store.save(identity)
|
||||
response = get_response()
|
||||
response.set_content_type('text/plain')
|
||||
return 'ok'
|
||||
|
||||
|
||||
from qommon.publisher import get_publisher_class
|
||||
get_publisher_class().root_directory_class = IfefRootDirectory
|
||||
|
|
Reference in New Issue