allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john...@apache.org
Subject [01/14] git commit: [#6783] ticket:463 added hash expiry
Date Thu, 07 Nov 2013 21:07:14 GMT
Updated Branches:
  refs/heads/master 97e80d971 -> 7c7b19773


[#6783] ticket:463 added hash expiry


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/8b662d06
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/8b662d06
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/8b662d06

Branch: refs/heads/master
Commit: 8b662d0642905c7fdf22047054c91af983e98757
Parents: 5c328f5
Author: coldmind <sokandpal@yandex.ru>
Authored: Fri Oct 25 18:02:14 2013 +0300
Committer: Cory Johns <cjohns@slashdotmedia.com>
Committed: Thu Nov 7 21:05:00 2013 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py | 11 ++++++++++-
 Allura/development.ini            |  3 +++
 2 files changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/8b662d06/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 9ca5ff2..c6f9f88 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -17,6 +17,7 @@
 
 import logging, string, os
 from urllib import urlencode
+import datetime
 
 import bson
 from tg import expose, session, flash, redirect, validate, config
@@ -166,9 +167,14 @@ class AuthController(BaseController):
             if not user_record:
                 flash('Hash was not found')
                 redirect('/')
+            hash_expiry = user_record.get_tool_data('AuthPasswordReset', 'hash_expiry')
+            if not hash_expiry or hash_expiry < datetime.datetime.now():
+                flash('Hash time was expired.')
+                redirect('/')
             if request.method == 'POST':
                 ap = plugin.AuthenticationProvider.get(request)
                 ap.recovery_set_password(user_record, kw['pw'])
+                user_record.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
                 flash('Password changed')
                 redirect('/auth/')
         return dict()
@@ -181,7 +187,10 @@ class AuthController(BaseController):
             redirect('/')
         user_record = M.User.query.find({'preferences.email_address': email}).first()
         hash = h.nonce(42)
-        user_record.set_tool_data('AuthPasswordReset', hash=hash)
+        user_record.set_tool_data('AuthPasswordReset',
+                                  hash=hash,
+                                  hash_expiry=datetime.datetime.now() +
+                                  datetime.timedelta(hours=int(config['auth.recovery_hash_expiry_period'])))
 
         log.info('Sending password recovery link to %s', email)
         text = '''

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/8b662d06/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index b1c41c5..98e251b 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -86,6 +86,9 @@ auth.ldap.admin_dn = cn=admin,dc=localdomain
 auth.ldap.admin_password = secret
 auth.ldap.schroot_name = scm
 
+# In hours
+auth.recovery_hash_expiry_period = 1
+
 # Set the locations of some static resources
 #  script_name is the path that is handled by the application
 #  url_base is the prefix that references to the static resources should have


Mime
View raw message