Mail Password Process

proxy Plone mail_password_form

tell Plone site to send password reset email to user, who submit the request.

Requirement

• The password reset email will have a URL with a token, which allow user to reset his/her password by clicking it.
• The password reset URL should use the Proxy server's host (DNS) name.  Internet users should have NO idea about the internal Plone site.
• Using Plone site's feature as more as possible.

Mail password request pass through without authentication

we will let request from httplib2 go through the mod_python handler.  We should only let the mail_password request from a specific IP and specific User-Agent to pass through without authentication!

using the User-Agent header now.

set the header in httplib2 request

headers['User-Agent'] = 'Leocornus Django PloneProxy (httplib2)'

get the header from mod_python request object.

req.headers_in['User-Agent']

details: http://www.modpython.org/live/current/doc-html/pyapi-mprequest-mem.html

mod_python connection object

local_ip and remote_ip from mod_python connection object

req.connection.local_ip

req.connection.remote_ip

Check this for details: http://www.modpython.org/live/current/doc-html/pyapi-mpconn-mem.html

Build the Plone mail password URL

This depends the value of redirect to.

using Django's HTTPRequest object to build the Plone mail_password URL.

Plone's mail_password form works on most Plone objects: folder, page, event, collection, etc.

The add-on product Products.PasswordResetTool provides the mail password and password reset functionality for a Plone site.

Messages and Error Handling

The only way to know whether the password been mailed successfully or not is by checking the response content from httplib2.

The content is a well formed HTML, it could parsed to DOM object and check the message from Plone!

OR, simple check if the mail_password form still in response or not.  If it is still in the response content, that means failure!  If not, that means success!