1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
# Copyright 2009 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
# pylint: disable-msg=E0211,E0213
"""Login token interfaces."""
__metaclass__ = type
__all__ = [
'LoginTokenType',
'IAuthToken',
]
from lazr.enum import (
DBEnumeratedType,
DBItem,
)
from zope.interface import (
Attribute,
Interface,
)
from zope.schema import (
Choice,
Datetime,
Int,
Text,
TextLine,
)
from lp import _
from lp.services.fields import PasswordField
class LoginTokenType(DBEnumeratedType):
"""Login token type
Tokens are emailed to users in workflows that require email address
validation, such as forgotten password recovery or account merging.
We need to identify the type of request so we know what workflow
is being processed.
"""
PASSWORDRECOVERY = DBItem(1, """
Password Recovery
User has forgotten or never known their password and need to
reset it.
""")
ACCOUNTMERGE = DBItem(2, """
Account Merge
User has requested that another account be merged into their
current one.
""")
NEWACCOUNT = DBItem(3, """
New Account
A new account is being setup. They need to verify their email address
before we allow them to set a password and log in.
""")
VALIDATEEMAIL = DBItem(4, """
Validate Email
A user has added more email addresses to their account and they
need to be validated.
""")
VALIDATETEAMEMAIL = DBItem(5, """
Validate Team Email
One of the team administrators is trying to add a contact email
address for the team, but this address need to be validated first.
""")
VALIDATEGPG = DBItem(6, """
Validate GPG key
A user has submited a new GPG key to his account and it need to
be validated.
""")
VALIDATESIGNONLYGPG = DBItem(7, """
Validate a sign-only GPG key
A user has submitted a new sign-only GPG key to his account and it
needs to be validated.
""")
NEWPROFILE = DBItem(9, """
A user created a new Launchpad profile for another person.
Any Launchpad user can create new "placeholder" profiles to represent
people who don't use Launchpad. The person that a given profile
represents has to first use the token to finish the registration
process in order to be able to login with that profile.
""")
TEAMCLAIM = DBItem(10, """
Turn an unvalidated Launchpad profile into a team.
A user has found an unvalidated profile in Launchpad and is trying
to turn it into a team.
""")
BUGTRACKER = DBItem(11, """
Launchpad is authenticating itself with a remote bug tracker.
The remote bug tracker will use the LoginToken to authenticate
Launchpad.
""")
NEWPERSONLESSACCOUNT = DBItem(12, """
New Personless Account
A new personless account is being setup. They need to verify their
email address before we allow them to set a password and log in. At
the end, this account will not have a Person associated with.
""")
# XXX: Guilherme Salgado, 2010-03-30: This interface was created to be used by
# our old OpenID provider, but that doesn't exist anymore, so we should merge
# it with ILoginToken.
class IAuthToken(Interface):
"""The object that stores one time tokens used for validating email
addresses and other tasks that require verifying if an email address is
valid such as password recovery, account merging and registration of new
accounts. All LoginTokens must be deleted once they are "consumed"."""
id = Int(
title=_('ID'), required=True, readonly=True,
)
date_created = Datetime(
title=_('The timestamp that this request was made.'), required=True,
)
date_consumed = Datetime(
title=_('Date and time this was consumed'),
required=False, readonly=False
)
tokentype = Choice(
title=_('The type of request.'), required=True,
vocabulary=LoginTokenType
)
token = Text(
title=_('The token (not the URL) emailed used to uniquely identify '
'this request.'),
required=True,
)
requester = Int(
title=_('The Person that made this request.'), required=True,
)
requester_account = Int(
title=_('The account that made this request.'), required=True)
requesteremail = Text(
title=_('The email address that was used to login when making this '
'request.'),
required=False,
)
email = TextLine(
title=_('Email address'),
required=True,
)
redirection_url = Text(
title=_('The URL to where we should redirect the user after '
'processing his request'),
required=False,
)
# used for launchpad page layout
title = Attribute('Title')
# Quick fix for Bug #2481
password = PasswordField(
title=_('Password'), required=True, readonly=False)
def consume():
"""Mark this token as consumed by setting date_consumed.
As a consequence of a token being consumed, all tokens requested by
the same person and with the same requester email will also be marked
as consumed.
"""
def sendEmailValidationRequest():
"""Send an email message with a magic URL to validate self.email."""
def sendPasswordResetEmail():
"""Send an email message to the requester with a magic URL that allows
him to reset his password.
"""
def sendNewUserEmail():
"""Send an email message to the requester with a magic URL that allows
him to finish the Launchpad registration process.
"""
|