+ },
+
+ sub (/action/request-reset + %:username=) {
+ return reply 'Password resets are disabled' unless $ENV{GRUNTMASTER_RESET_FROM};
+ my $user = db->user($_{username});
+ return reply 'No such user' unless $user;
+ my $token = join ':', $user->make_reset_hmac;
+ my $body = <<EOF;
+Someone has requested a password reset for your account.
+
+To reset your password, please submit the reset password form on the
+website using the following information:
+
+Username: $_{username}
+Password: <your new password>
+Reset token: $token
+EOF
+ my $email = Email::Simple->create(
+ header => [
+ From => $ENV{GRUNTMASTER_RESET_FROM},
+ To => $user->email,
+ Subject => 'Password reset token',
+ ],
+ body => $body,
+ );
+
+ my $ok = 0;
+ eval {
+ sendmail $email;
+ $ok = 1;
+ };
+ return reply 'Email sent' if $ok;
+ reply "Failure sending email: $@";
+ },
+
+ sub (/action/reset + %:username=&:password=&:token=) {
+ my $user = db->user($_{username});
+ return reply 'No such user' unless $user;
+ my ($token, $exp) = split ':', $_{token};
+ return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
+ $user->set_passphrase($_{password});
+ reply 'Password reset successfully';
+ },
projects / gruntmaster-page.git / commitdiff