Thanks for your replies - I've decided to roll my own in the end, as I
also need to scope the user lookup inside an account. It's not too
complicated to adapt the code in the Auth module as it's quite
straightforward.
Cheers
Dave
On Sep 3, 9:04 pm, Anthony <abasta...@gmail.com> wrote:
> Maybe something like this:
>
> def user():
> form=auth()
> if request.args(0)=='request_reset_password' and form.errors:
> session.flash='If your user ID was found, we have sent you reset
> details by email.'
> redirect(URL('user',args='login'))
> return dict(form=form)
>
> Anthony
>
>
>
>
>
>
>
> On Saturday, September 3, 2011 12:55:56 PM UTC-4, Dave H wrote:
>
> > Hi, I'd like to customise the "reset password" part of the
> > authentication module. At the moment, it tells you if you have entered
> > an incorrect email address, and doesn't in fact try to send the email
> > unless the user is found in the database. I'd like to change it so
> > that if a valid email address is entered, it says something like
>
> > "if your user was found, we have sent you reset details by email"
>
> > so that someone couldn't discover if an email address was valid or not
> > just by using the password reset function.
>
> > I've tried to hook into the code using this:
>
> > auth.settings.reset_password_onvalidation = my_onvalidation_function
> > auth.settings.reset_password_onaccept = my_onaccept_function
>
> > but it seems to do the email check before then. (the second line above
> > actually gives an error and says the key doesn't exist).
>
> > Is there any way to do this without subclassing the auth module?
>
> > Any suggestions are greatly appreciated!
>
> > Many thanks
> > Dave
