- allow user to recover account password using an entry in the

rouilj · rouilj · commit 9f5e53e8e393 · 2016-06-20T22:04:32.000-04:00
Alternate E-mail addresses list. See: http://psf.upfronthosting.co.za/roundup/meta/issue564 for description. Merge request at: https://sourceforge.net/p/roundup/code/merge-requests/1/ Patch supplied by kinggreedy. Applied/tested by John Rouillard It makes this work: Click "Lost your login?" link Enter an alternate address in the email address block. Submit. Get an email sent to alternate address with a one time reset url. Go to that url. Before patch, email with new password was sent to the address "E-mail address" for the user and not to the alternate address. After the patch, the email with new password is sent to the "validated" (against the alternate address list) alternate address supplied by the user.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -67,6 +67,12 @@ Features:
     assignedto. Use exclude=['assignedto'] to prevent the
     indexargs_form from generating a confliciting assignedto field
     which lists all users regardless of the role.]
+- allow user to recover account password using an entry in the
+  Alternate E-mail addresses list. See:
+     http://psf.upfronthosting.co.za/roundup/meta/issue564
+  for description. Merge request at:
+    https://sourceforge.net/p/roundup/code/merge-requests/1/
+  Patch supplied by kinggreedy. Applied/tested by John Rouillard
 
 Fixed:
 
diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
@@ -704,6 +704,9 @@ def handle(self):
                         "to show up erroneously, please check your email)"))
                 return
 
+            # pull the additional email address if exist
+            uaddress = otks.get(otk, 'uaddress', default=None)
+
             # re-open the database as "admin"
             if self.user != 'admin':
                 self.client.opendb('admin')
@@ -726,8 +729,11 @@ def handle(self):
                 return
 
             # user info
-            address = self.db.user.get(uid, 'address')
             name = self.db.user.get(uid, 'username')
+            if uaddress is None:
+                address = self.db.user.get(uid, 'address')
+            else:
+                address = uaddress
 
             # send the email
             tracker_name = self.db.config.TRACKER_NAME
@@ -770,7 +776,7 @@ def handle(self):
         otk = ''.join([random.choice(chars) for x in range(32)])
         while otks.exists(otk):
             otk = ''.join([random.choice(chars) for x in range(32)])
-        otks.set(otk, uid=uid)
+        otks.set(otk, uid=uid, uaddress=address)
         self.db.commit()
 
         # send the email
