[web2py] Re: How to customise the reset password function

Wed, 07 Sep 2011 07:11:14 -0700 

I'm not sure if this is relevant to what you're doing, but you might also 
check out web2py's new multi-tenant functionality, which might enable you to 
use Auth but maintain separate accounts for different groups of 
users: https://groups.google.com/d/topic/web2py/NrvxeWQJvH0/discussion

Anthony

On Wednesday, September 7, 2011 9:59:13 AM UTC-4, Dave H wrote:
>
> Thanks for your replies - I've decided to roll my own in the end, as I 
> also need to scope the user lookup inside an account. It's not too 
> complicated to adapt the code in the Auth module as it's quite 
> straightforward. 
>
> Cheers 
> Dave 
>
> On Sep 3, 9:04 pm, Anthony <abas...@gmail.com> wrote: 
> > Maybe something like this: 
> > 
> > def user(): 
> >     form=auth() 
> >     if request.args(0)=='request_reset_password' and form.errors: 
> >         session.flash='If your user ID was found, we have sent you reset 
> > details by email.' 
> >         redirect(URL('user',args='login')) 
> >     return dict(form=form) 
> > 
> > Anthony 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Saturday, September 3, 2011 12:55:56 PM UTC-4, Dave H wrote: 
> > 
> > > Hi, I'd like to customise the "reset password" part of the 
> > > authentication module. At the moment, it tells you if you have entered 
> > > an incorrect email address, and doesn't in fact try to send the email 
> > > unless the user is found in the database. I'd like to change it so 
> > > that if a valid email address is entered, it says something like 
> > 
> > > "if your user was found, we have sent you reset details by email" 
> > 
> > > so that someone couldn't discover if an email address was valid or not 
> > > just by using the password reset function. 
> > 
> > > I've tried to hook into the code using this: 
> > 
> > > auth.settings.reset_password_onvalidation = my_onvalidation_function 
> > > auth.settings.reset_password_onaccept = my_onaccept_function 
> > 
> > > but it seems to do the email check before then. (the second line above 
> > > actually gives an error and says the key doesn't exist). 
> > 
> > > Is there any way to do this without subclassing the auth module? 
> > 
> > > Any suggestions are greatly appreciated! 
> > 
> > > Many thanks 
> > > Dave

Reply via email to