def confirm_password(request, uidb64=None, token=None):
assert uidb64 is not None and token is not None # checked by URLconf
try:
uid = urlsafe_base64_decode(uidb64)
user = User.objects.get(pk=uid)
except:
user = None
if user is not None:
if request.method == 'POST':
if default_token_generator.check_token(user, token):
password1 = request.POST.get('password1')
password2 = request.POST.get('password2')
if password1 == password2 and len(password1) !=0:
user.set_password(password1)
user.save()
messages.success(request,'Password Changed! Login to Continue')
return redirect('fosssite:login_user')
else:
messages.success(request,'Both Passwords Must Match. Please try again!')
return redirect('fosssite:confirm_password',uidb64=uidb64, token=token)
else:
messages.success(request,"The reset password link is no longer valid. Try again!")
return redirect('fosssite:forgot_password')
elif not default_token_generator.check_token(user, token):
messages.success(request,"The reset password link is no longer valid. Try again!")
return redirect('fosssite:forgot_password')
else:
return render(request, 'fosssite/confirm_password.html',{})
else:
messages.success(request,"The reset password link is no longer valid. Try again!")
return redirect('fosssite:forgot_password')
def password_reset_confirm(request, uidb36=None, token=None):
"""
Pulled from django contrib so that we can add user into the form
so then we can show relevant messages about the user.
"""
assert uidb36 is not None and token is not None
user = None
try:
uid_int = base36_to_int(uidb36)
user = UserProfile.objects.get(id=uid_int)
except (ValueError, UserProfile.DoesNotExist):
pass
if user is not None and default_token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = forms.SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
log_cef('Password Changed', 5, request,
username=user.username,
signature='PASSWORDCHANGED',
msg='User changed password')
return redirect(reverse('django.contrib.auth.'
'views.password_reset_complete'))
else:
form = forms.SetPasswordForm(user)
else:
validlink = False
form = None
return jingo.render(request, 'users/pwreset_confirm.html',
{'form': form, 'validlink': validlink})
def save(self, uidb36, token):
password = self.cleaned_data.get('password')
user = Hacker.objects.get(pk=base36_to_int(uidb36))
if default_token_generator.check_token(user, token):
user.set_password(password)
user.save()
return user
def authenticate(self, *args, **kwargs):
if kwargs:
username = kwargs.pop("username", None)
if username:
username_or_email = Q(username__iexact=username) | Q(email__iexact=username)
password = kwargs.pop("password", None)
try:
user = User.objects.get(username_or_email, **kwargs)
except User.DoesNotExist:
pass
else:
if user.check_password(password):
return user
else:
if 'uidb36' not in kwargs:
return
kwargs["id"] = base36_to_int(kwargs.pop("uidb36"))
token = kwargs.pop("token")
try:
user = User.objects.get(**kwargs)
except User.DoesNotExist:
pass
else:
if default_token_generator.check_token(user, token):
return user
def account_activate_done(request, uidb64, token):
if request.method == "GET":
assert uidb64 is not None and token is not None
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
the_user = TheUser.objects.get(id=user_id)
except (TypeError, ValueError, OverflowError, ObjectDoesNotExist):
the_user = None
template_name = 'registration/account_activate_done.html'
if the_user is not None and default_token_generator.check_token(the_user, token):
if not the_user.is_active:
valid_link = True
the_user.is_active = True
the_user.save(force_update=True)
user_profile = UserProfile(
the_user=the_user,
user_image='image/user_avatar/avatar.jpg',
intro='This user wrote nothing yet.',
)
user_profile.save(force_insert=True)
context = {
'title': 'Account Activated Successfully',
'valid_link': valid_link
}
return render(request, template_name, context)
else:
return HttpResponseRedirect(request.user.get_absolute_url())
else:
# activation failed page
valid_link = False
context = {
'title': 'Account Activation Failed',
'valid_link': valid_link
}
return render(request, template_name, context)
def recupera_password_conferma(request, uidb64=None, token=None,
template='base_recupero_password_conferma.html',
contesto_extra=None):
assert uidb64 is not None and token is not None # checked by URLconf
try:
# urlsafe_base64_decode() decodes to bytestring on Python 3
uid = force_text(urlsafe_base64_decode(uidb64))
utente = Utenza.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, Utenza.DoesNotExist):
utente = None
if utente is not None and default_token_generator.check_token(utente, token):
link_valido = True
titolo = 'Inserisci una nuova password'
if request.method == 'POST':
modulo = ModuloImpostaPassword(utente, request.POST)
if modulo.is_valid():
modulo.save()
return HttpResponseRedirect(reverse('recupero_password_completo'))
else:
modulo = ModuloImpostaPassword(utente)
else:
link_valido = False
modulo = None
titolo = 'Errore nell\'impostazione della nuova password'
contesto = {
'modulo': modulo,
'titolo': titolo,
'link_valido': link_valido,
"scadenza_token": django_settings.PASSWORD_RESET_TIMEOUT_DAYS * 24
}
if contesto_extra is not None:
contesto.update(contesto_extra)
return TemplateResponse(request, template, contesto)
def confirm_reset(request, username, token):
context = {}
context['username'] = username
context['token'] = token
context['reset_message'] = 'Reset your password.'
user = get_object_or_404(User, username=username)
if not default_token_generator.check_token(user, token):
raise Http404
if request.method == 'GET':
form = ResetPasswordForm()
context['form'] = form
return render(request, 'confirm-reset.html', context)
form = ResetPasswordForm(request.POST)
context['form'] = form
if not form.is_valid():
raise Http404
form.save(username)
context['confirmed'] = 'Your password has been reset.'
return render(request, 'login-register.html', context)
def registration_confirm(request, uidb36=None, token=None,
template_name='registration_complete.html'):
assert uidb36 is not None and token is not None # checked by URLconf
try:
uid = base36_to_int(uidb36)
# uid = urlsafe_base64_decode(uidb64)
user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
user.is_active = True
user.save()
title = 'Email confirmation complete'
message = 'The registration is complete. You may go ahead and log in now.'
else:
title = 'Email confirmation unsuccessful'
message = "The email confirmation link was invalid, possibly because it has already been used. Please check that you haven't been validated already by trying to log in."
login_url = resolve_url(settings.LOGIN_URL)
context = {
'title': title,
'message': message,
'login_url': login_url}
return TemplateResponse(request, template_name, context)
def get(self, request, uidb64, activation_key):
if uidb64 is not None and activation_key is not None:
uid = get_int(urlsafe_base64_decode(uidb64))
user = get_object_or_404(User, id=uid)
ret = default_token_generator.check_token(
user,
activation_key
)
if ret:
user_profile = user.get_profile()
user_profile.is_email_bind = True
user_profile.guide_switch = True
user_profile.save()
# 开始登录
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return render(
request,
self.template,
{
'status': 'ok',
'msg': u'绑定接收邮箱成功',
},
)
return render(
request,
self.template,
{
'status': 'error',
'msg': u'无效的激活链接',
}
)
def mutate_and_get_payload(cls, input, request, info):
errors = []
UserModel = User._meta.model
try:
# urlsafe_base64_decode() decodes to bytestring on Python 3
uid = force_text(urlsafe_base64_decode(input.get('uidb64')))
user = UserModel.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user and default_token_generator.check_token(user, input.get('token')):
form = SetPasswordForm(user=user, data=input)
if form.is_valid():
user = form.save(commit=False)
user.save(request=request)
# workarout to re authenticate the user
# when as change the user on the DB it gets disconected
user.backend = settings.DEFAULT_AUTHENTICATION_BACKENDS
auth_login(request, user)
else:
errors = form_erros(form, errors)
else:
errors.append(Error(
code='password_reset_incorrect_token',
message=_('Password reset failed')
))
return PasswordResetComplete(errors=errors)
def reset_confirm(request, uidb36=None, token=None):
assert uidb36 is not None and token is not None
validlink = False
form = UserSetPasswordForm(None)
try:
uid_int = base36_to_int(uidb36)
user = User.objects.get(id=uid_int)
except (ValueError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = UserSetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
messages.success(request, _(u'You have successfully reseted password, please sign in.'))
return redirect('app_auth_sign_in')
if not validlink:
raise Http404
return direct_to_template(request, 'auth/reset_confirm.html', {'form': form})
def reset_password(request, uidb64=None, token=None):
if request.user.is_authenticated():
return redirect(settings.LOGIN_REDIRECT_URL)
assert uidb64 is not None and token is not None
try:
uid = force_text(urlsafe_base64_decode(uidb64))
user = MyUser.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = ResetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return render(request, 'account/authentication/password_reset_complete.html')
else:
form = ResetPasswordForm(user)
else:
validlink = False
form = None
context = { 'validlink' : validlink, 'form' : form }
return render(request, 'account/authentication/password_reset_confirm_form.html', context)
def post(self, request, uidb64=None, token=None, *arg, **kwargs):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
UserModel = UserCred()
form = self.form_class(request.POST)
assert uidb64 is not None and token is not None # checked by URLconf
try:
if isinstance(uidb64, unicode): uidb64 = str(uidb64)
uid = urlsafe_base64_decode(uidb64)
user = UserCred.objects.using('users').get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
if form.is_valid():
new_password = form.cleaned_data['new_password2']
user.set_password(new_password)
user.save()
messages.success(request, 'Password has been reset.')
return self.form_valid(form)
else:
messages.error(request, 'Password reset has not been successful.')
return self.form_invalid(form)
else:
messages.error(request,'The reset password link is no longer valid.')
return self.form_invalid(form)
def post(self, request, uidb64=None, token=None, *arg, **kwargs):
try:
uid = urlsafe_base64_decode(uidb64)
user = CustomUser.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, CustomUser.DoesNotExist):
user = None
form = self.form_class(request.POST)
if user is not None and default_token_generator.check_token(user, token):
if form.is_valid():
new_password = form.cleaned_data['new_password2']
user.set_password(new_password)
user.save()
messages.success(request, 'Password has been reset.')
return self.form_valid(form)
else:
messages.error(request, 'Password reset has not been successful.')
form.add_error(None, 'Password reset has not been successful.')
return self.form_invalid(form)
else:
messages.error(request, 'The reset password link is no longer valid.')
form.add_error(None, 'The reset password link is no longer valid.')
return self.form_invalid(form)
def post(self, request, uidb64=None, token=None):
if request.POST.get('new_password1') != request.POST.get('new_password2'):
raise ValidationError("Passwords don't match")
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
UserModel = get_user_model()
assert uidb64 is not None and token is not None # checked by URLconf
try:
# urlsafe_base64_decode() decodes to bytestring on Python 3
uid = force_text(urlsafe_base64_decode(uidb64))
user = UserModel._default_manager.get(pk=uid)
except (UserModel.DoesNotExist):
user = None
# si el link aún es válido
#Hack to avoid csrf_protect
if user is not None and default_token_generator.check_token(user, token):
request.csrf_processing_done = True
response = password_reset_confirm(
request._request,
uidb64=uidb64,
token=token)
if type(response) is HttpResponseRedirect:
return Response({'msg': "Su contraseña ha sido establecida. Ahora puede seguir adelante e iniciar sesión."})
else:
return Response({'msg': "El enlace de restablecimiento de contraseña era invalido, seguramente por haberse utilizado previamente. Por favor, solicite un nuevo restablecimiento de contraseña."})
def verify_email_view(request, uidb36, token):
user = Hacker.objects.get(pk=base36_to_int(uidb36))
if default_token_generator.check_token(user, token):
user.email_verified = True
user.save()
return HttpResponseRedirect(reverse_lazy('profile'))
raise Http404
def put(self, request, **kwargs):
token = request.data.get('token')
password = request.data.get('password')
matches = re.search(r'([0-9A-Za-z]+)-(.*)', token)
if not matches:
return Response(status=HTTP_404_NOT_FOUND)
uidb36 = matches.group(1)
key = matches.group(2)
if not (uidb36 and key):
return Response(status=HTTP_404_NOT_FOUND)
user = self._get_user(uidb36)
if user is None:
return Response(status=HTTP_404_NOT_FOUND)
if not default_token_generator.check_token(user, key):
return Response(status=HTTP_404_NOT_FOUND)
try:
validate_password(password)
except DjangoValidationError as e:
return Response(dict(password=e.messages), status=HTTP_400_BAD_REQUEST)
cache.set(backoff_cache_key(user.email, None), None)
user.set_password(password)
user.save()
return self.get_response()
def password_reset_confirm(request, uidb36=None, token=None):
"""View that checks the hash in a password reset link and presents a
form for entering a new password.
Based on django.contrib.auth.views.
"""
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
context = {}
if default_token_generator.check_token(user, token):
context['validlink'] = True
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('users.pw_reset_complete'))
else:
form = SetPasswordForm(None)
else:
context['validlink'] = False
form = None
context['form'] = form
return jingo.render(request, 'users/pw_reset_confirm.html', context)
def check_token(token):
"""
:param token:
:return: user
"""
# split the token in it's 3 components delimited by '-'
parts = token.split("-")
# get the length of the uid decoding the last component
uid_len = int("-" + urlsafe_base64_decode(parts[2]))
# get the uid by decoding the last uid_len chars of the second component
uid = urlsafe_base64_decode(parts[1][uid_len:])
# get the original generated token by concatenating the first component
# and the second component without it's last uid_len characters
token = parts[0] + "-" + parts[1][:uid_len]
# try to get the user with the uid user id
try:
user = User.objects.get(id=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
return None
# if the token is valid for the given user return the user
if default_token_generator.check_token(user, token):
return user
return None
def form_valid(self, form):
uidb64 = self.kwargs['uidb64']
token = self.kwargs['token']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
if password1 != password2:
form.add_error(None, 'Passwords do not match!')
return self.form_invalid(form)
else:
uid = urlsafe_base64_decode(uidb64)
try:
user = User.objects.get(pk=uid)
except user.DoesNotExist:
form.add_error(None, 'Invalid token')
return self.form_invalid(form)
if not default_token_generator.check_token(user, token):
form.add_error(None, 'Invalid token')
return self.form_invalid(form)
new_password = form.cleaned_data['password2']
user.set_password(new_password)
user.save()
messages.success(
self.request, 'Password has been reset for '
'user: {0}'.format(user))
return super(PasswordConfirmView,self).form_valid(form)
def post(self, request, *args, **kwargs):
uidb64 = request.data.get("user_id")
token = request.data.get("token")
password = request.data.get("password")
if not (uidb64 and token and password):
raise ValidationError(
{"detail": "You have to provide user_id, token and password."}
)
user = self.get_user(uidb64)
if user is None:
raise ValidationError({"detail": "User does not exist."})
if not (
has_perm(user, "users.can_change_password")
or has_perm(user, "users.can_manage")
):
self.permission_denied(request)
if not default_token_generator.check_token(user, token):
raise ValidationError({"detail": "Invalid token."})
try:
validate_password(password, user=user)
except DjangoValidationError as errors:
raise ValidationError({"detail": " ".join(errors)})
user.set_password(password)
user.save()
return super().post(request, *args, **kwargs)
def post(self, request, uidb64=None, token=None, *arg, **kwargs):
form = self.get_form()
assert uidb64 is not None and token is not None
try:
uid = urlsafe_base64_decode(uidb64)
user = User._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
if form.is_valid():
new_password = form.cleaned_data['new_password']
user.set_password(new_password)
user.save()
messages.success(request, _('Password reset successfully.'))
return self.form_valid(form)
else:
messages.error(request, _('We were not able to reset your password.'))
return self.form_invalid(form)
else:
messages.error(request, _('The reset password link is no longer valid.'))
return self.form_invalid(form)
def reset_password_new_user(request, uidb36, token):
"""
Checks the link the user clicked and prompts for a new password
:param request: the standard request given by Django
:param uidb36: the id's hash
:param token: token created dynamically
"""
try:
uid_int = base36_to_int(uidb36)
user = User.objects.get(pk=uid_int)
except (ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and not user.has_usable_password() \
and default_token_generator.check_token(user, token):
validlink = True
if request.method == "POST":
form = SetPasswordForm(user, request.POST)
if form.is_valid():
user = form.save()
user.is_active = True
user.save()
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect(reverse('index'))
else:
form = SetPasswordForm(None)
else:
validlink = False
form = None
return render(request, 'registration/reset_password_complete.html', {
'form': form,
'validlink': validlink
})
def confirm(request, username, token):
user = get_object_or_404(User, username = username)
pieces = token.split("AAA")
token = pieces[0]
authen = pieces[1]
password = pieces[2]
if not default_token_generator.check_token(user, token):
raise Http404
user.is_active = True
user.save()
user = get_object_or_404(User, username = username)
auth = authenticate(username = username, password = password)
login(request, auth)
if authen == "merchant":
new_merchant = Merchant(username = username,
belonging = user)
new_merchant.save()
return redirect('merchant_profile')
elif authen == "customer":
new_customer = Customer(username = username,
belonging = user)
new_customer.save()
creditCard = CreditCard(belonging = new_customer)
address = CustomerAddress(belonging = new_customer)
creditCard.save()
address.save()
return redirect('customer_profile', showPart = 0)
def verify_account(request, uidb36=None, token=None):
"""
View for the link in the verification email sent to a new user
when they create an account and ``ACCOUNTS_VERIFICATION_REQUIRED``
is set to ``True``. Activates the user and logs them in,
redirecting to the URL they tried to access when signing up.
"""
user = None
if uidb36 and token:
try:
user = User.objects.get(is_active=False, id=base36_to_int(uidb36))
except User.DoesNotExist:
pass
else:
if default_token_generator.check_token(user, token):
user.is_active = True
user.save()
user.backend = settings.AUTHENTICATION_BACKENDS[0]
login(request, user)
else:
user = None
url = request.GET.get("next", "/")
if user is None:
error(request, _("The link you clicked is no longer valid."))
url = "/"
return redirect(url)
def confirm_registration(request, username, token):
user = get_object_or_404(User, username=username)
#Send 404 error if token is invalid
if not default_token_generator.check_token(user, token):
raise Http404
#Otherwise token was valid, activate the user.
user.is_active = True
user.save()
email_body = """
Welcome to the Kappa Sigma Delta-Alpha. The admin has approved your registration. Please click on the link below to login.
http://%s%s
""" % (request.get_host(), reverse('login'))
brother = Brother.objects.get(user=user)
send_mail(subject="Your Request Has Been Approved",
message=email_body,
from_email="*****@*****.**",
recipient_list=[brother.email])
return render(request, 'ksda/confirmed.html', {})
def password_reset_confirm(request, uidb64=None, token=None):
if request.user.is_authenticated():
return HttpResponseRedirect(reverse("index"))
context = {}
UserModel = get_user_model()
assert uidb64 is not None and token is not None
try:
uid = force_text(urlsafe_base64_decode(uidb64))
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
valid_link = True
title = _("Enter new password")
if request.method == "POST":
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("players:password_reset_complete"))
else:
form = SetPasswordForm(user)
else:
valid_link = False
title = _("Password reset failed")
form = None
context.update({"form": form, "title": title, "valid_link": valid_link})
context.update({"request": request})
return render(request, "players/password_reset/confirm.html", context)
def password_reset_confirm(request, uidb36=None, token=None):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
assert uidb36 is not None and token is not None # checked by URLconf
post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
try:
uid_int = base36_to_int(uidb36)
user = User.objects.get(pk=uid_int)
except (ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return JsonResponse({'status': True, 'redirect': post_reset_redirect})
else:
status = False
else:
form = SetPasswordForm(None)
status = True
else:
raise Http404
context = {'form': form, 'validlink': validlink, 'uidb36': uidb36, 'token': token}
if request.is_ajax():
return JsonResponse({'status': status, 'template': render_to_string(
'account/password_reset/confirm_form.html', context, context_instance=RequestContext(request))})
return TemplateResponse(request, 'account/password_reset/confirm_container.html', context)
def password_reset_confirm(request, uidb64=None, token=None):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
assert uidb64 is not None and token is not None # checked by URLconf
post_reset_redirect = reverse('web.password_reset_done')
try:
uid = urlsafe_base64_decode(uidb64).decode('utf-8')
user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
validlink = True
if request.method == 'POST':
form = forms.SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(post_reset_redirect)
else:
form = forms.SetPasswordForm(None)
else:
validlink = False
form = None
ctx = {'form': form, 'validlink': validlink, }
return render(request, 'pages/password_reset_confirm.html', ctx)
def validate(self, attrs):
self._errors = {}
# Get the UserModel
UserModel = get_user_model()
# Decode the uidb64 to uid to get User object
try:
uid = uid_decoder(attrs['uid'])
self.user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
raise ValidationError({
'non_field_errors': [
self.validate_error_messages['invalid_uid']
]
})
self.custom_validation(attrs)
self.set_password_form = self.set_password_form_class(user=self.user,
data=attrs)
if not self.set_password_form.is_valid():
raise ValidationError(self.set_password_form.errors)
if not default_token_generator.check_token(self.user, attrs['token']):
raise ValidationError({
'non_field_errors': [
self.validate_error_messages['invalid_token']
]
})
super(FixedPasswordResetConfirmSerializer, self).validate(attrs)
return attrs
def post(self, request, uidb64=None, token=None, *args, **kwargs):
userModel = get_user_model()
form = self.form_class(request.POST)
if uidb64 is None or token is None:
form.add_error(
field=None,
error=
u"O link usado para a troca de senha não é válido ou expirou, por favor tente enviar novamente."
)
return self.form_invalid(form)
try:
uid = urlsafe_base64_decode(uidb64)
user = userModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, userModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(
user, token):
if form.is_valid():
new_password = form.cleaned_data['new_password']
new_password_confirm = form.cleaned_data[
'new_password_confirm']
if new_password == new_password_confirm:
user.set_password(new_password)
user.save()
messages.success(request, u"Senha trocada com sucesso")
return self.form_valid(form)
else:
form.add_error(field=None, error=u"Senhas diferentes.")
return self.form_invalid(form)
else:
form.add_error(
field=None,
error=
u"Não foi possivel trocar a senha. Formulário inválido.")
return self.form_invalid(form)
else:
form.add_error(
field=None,
error=
u"O link usado para a troca de senha não é válido ou expirou, por favor tente enviar novamente."
)
return self.form_invalid(form)
def post(self, request, uid=None, token=None):
# Get the UserModel
UserModel = get_user_model()
# Decode the uidb64 to uid to get User object
try:
uid = uid_decoder(uid)
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
# If we get the User object
if user:
serializer = self.serializer_class(data=request.DATA, user=user)
if serializer.is_valid():
# Construct SetPasswordForm instance
form = SetPasswordForm(user=user, data=serializer.data)
if form.is_valid():
if default_token_generator.check_token(user, token):
form.save()
# Return the success message with OK HTTP status
return Response(
{
"success":
"Password has been reset with the new password."
},
status=status.HTTP_200_OK)
else:
return Response(
{"error": "Invalid password reset token."},
status=status.HTTP_400_BAD_REQUEST)
else:
return Response(form._errors,
status=status.HTTP_400_BAD_REQUEST)
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
else:
return Response({"errors": "Couldn\'t find the user from uid."},
status=status.HTTP_400_BAD_REQUEST)
def custom_password_reset_confirm(
request,
uidb64=None,
token=None,
template_name='wagtailadmin/account/password_reset/confirm.html',
post_reset_redirect='wagtailadmin_password_reset_complete'):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
UserModel = get_user_model()
assert uidb64 is not None and token is not None # checked by URLconf
post_reset_redirect = resolve_url(post_reset_redirect)
try:
# urlsafe_base64_decode() decodes to bytestring on Python 3
uid = force_text(urlsafe_base64_decode(uidb64))
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
validlink = True
title = _('Enter new password')
if request.method == 'POST':
form = CFGOVSetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
user.temporarylockout_set.all().delete()
return HttpResponseRedirect(post_reset_redirect)
else:
form = CFGOVSetPasswordForm(user)
else:
validlink = False
form = None
title = _('Password reset unsuccessful')
context = {
'form': form,
'title': title,
'validlink': validlink,
}
return TemplateResponse(request, template_name, context)
def changePassword(request, uidb64, token):
if request.method != "POST":
return exit_with_error("Wrong method", 405)
password = request.POST.get('new_password1', None)
confirm = request.POST.get('new_password2', None)
if password == None or confirm == None:
return exit_with_error("900090 Wrong request", 400)
if token == None or uidb64 == None:
return exit_with_error("900090 Wrong request", 400)
UserModel = get_user_model()
try:
uid = urlsafe_base64_decode(uidb64)
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(user, token):
if password != confirm:
return exit_with_error("900091 Password and confirm do not match",
400)
# PWD validation
matches = 0
if re.search('[a-z]+', password):
matches += 1
if re.search('[A-Z]+', password):
matches += 1
if re.search('[0-9]+', password):
matches += 1
if re.search('[+=\[\]~!@#$%\^&*_-`|(){}:;<>,.?]+', password):
matches += 1
if len(password) < 7 or matches < 3:
return exit_with_error("900092 Password is not valid", 400)
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
return exit_with_error("Password changed", 204)
else:
return exit_with_error("900093 Form errors : ".join(form.erros),
400)
else:
return exit_with_error("Invalid token", 404)
def activate(request, uid64, token):
try:
uid = force_text(urlsafe_base64_decode(uid64))
current_user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist,
ValidationError):
messages.error(request, '메일 인증에 실패했습니다.')
return redirect('/')
if default_token_generator.check_token(current_user, token):
current_user.is_active = True
current_user.save()
messages.info(request, '메일 인증이 완료 되었습니다. 회원가입을 축하드립니다!')
return redirect('/register/login/')
messages.error(request, '메일 인증에 실패했습니다.')
return redirect('/register/main/')
def user_password_reset_from_token(request, user_base36, reset_token):
user_id = base36_to_int(user_base36)
reset_user = get_user_manager().get(id=user_id)
token_valid = password_reset_token_generator.check_token(
reset_user, reset_token)
if not token_valid:
logger.warn("Invalid password reset token to user " + str(reset_user))
return AccountsError.INVALID_PASSWORD_RESET_TOKEN
reset_user.set_unusable_password()
reset_user.save()
# Logout the user everywhere else (invalidate all sessions)
# Log him in here in a new session
# update_session_auth_hash(request, request.user)
login(request, reset_user)
return {}
def reset_password_view(request, uidb36, token):
user = Hacker.objects.get(pk=base36_to_int(uidb36))
if default_token_generator.check_token(user, token):
if request.method == 'POST':
form = PasswordRecoveryForm(request.POST)
if form.is_valid():
user = form.save(uidb36, token)
password = form.cleaned_data.get('password')
user = authenticate(username=user.username, password=password)
if user is not None and user.is_active:
login(request, user)
return HttpResponseRedirect(reverse_lazy('home'))
else:
form = PasswordRecoveryForm()
return render(request, 'accounts/set_password.html', {
'form': form,
})
raise Http404
def get(self, request, uidb64, token):
try:
uid = urlsafe_base64_decode(uidb64)
# print(uid)
user = User.objects.get(pk=uid)
# print(user)
except (TypeError, ValueError, OverflowError, user.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(
user, token):
user.is_active = True
user.save()
return HttpResponse(
"Thank you for your email confimation. Now you can login your account."
)
else:
return HttpResponse('Activation link is invalid!')
def active_account(request, uidb36, token):
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
if user and default_token_generator.check_token(user, token):
user.is_active = True
user.save(update_fields=['is_active'])
login(request,
user,
backend='django.contrib.auth.backends.ModelBackend')
messages.success(request, 'Selamat, akun Anda sudah aktif')
else:
messages.warning(request, 'Maaf, ada masalah dengan aktivasi akun')
return redirect("website:accounts:index")
def validate(self, attrs):
self._errors = {}
try:
uid = force_text(uid_decoder(attrs['uid']))
self.user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
raise ValidationError({'uid': ['Invalid value']})
self.custom_validation(attrs)
self.set_password_form = self.set_password_form_class(user=self.user,
data=attrs)
if not self.set_password_form.is_valid():
raise serializers.ValidationError(self.set_password_form.errors)
if not default_token_generator.check_token(self.user, attrs['token']):
raise ValidationError({'token': ['Invalid value']})
return attrs
def recover(request, uidb64=None, token=None):
"""
Login via an account recovery link.
Modeled on django.contrib.auth.views.password_reset_confirm, but resets
the password to an unusable password instead of prompting for a new
password.
"""
UserModel = get_user_model()
try:
uid = force_text(urlsafe_base64_decode(uidb64))
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user and default_token_generator.check_token(user, token):
login(request, user, "kuma.users.auth_backends.KumaAuthBackend")
return redirect("users.recover_done")
return render(request, "users/recover_failed.html")
def get(self, request, *args, **kwargs):
uidb36 = kwargs.get('uidb36')
token = kwargs.get('token')
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(get_user_model(), id=uid_int)
if default_token_generator.check_token(user, token):
user.is_active = True
user.save()
login(request, user=user)
return redirect('forum:home')
def get(self, request, token, uid):
username = force_text(urlsafe_base64_decode(uid))
user = User.objects.filter(username=username).first()
verify_token = default_token_generator.check_token(user, token)
msg = {"message": "email verified"}
st = status.HTTP_200_OK
if not verify_token:
msg["message"] = "token invalid"
st = status.HTTP_400_BAD_REQUEST
else:
user.is_verified = True
user.save()
return Response(msg, status=st)
def mutate(self, info, input):
uid = input.get("uid")
token = input.get("token")
try:
uid = decode_uid(uid)
user = UserModel.objects.get(pk=uid)
if not default_token_generator.check_token(user, token):
error = "Activation code invalid. You might have waited too long. Try again with a new activation link."
raise GraphQLError(error)
user.is_active = True
user.save()
return ConfirmEmail(success=True)
except UserModel.DoesNotExist:
error = "Unknown user."
raise GraphQLError(error)
def confirm_register(request, username, token):
context = {}
try:
user_to_activate = User.objects.get(username=username)
except ObjectDoesNotExist:
context['user_error'] = 'Can not find user'
return render(request, 'draw_something/registration_error.html',
context)
match = default_token_generator.check_token(user_to_activate, token)
if match:
user_to_activate.is_active = True
user_to_activate.save()
return redirect(reverse('home'))
else:
context['token_error'] = 'Token is invalid'
return render(request, 'draw_something/registration_error.html',
context)
def get(self, request, uid, token):
"""
Mainly ripped from django.contrib.auth.views.password_reset_confirm
"""
try:
uid_int = base36_to_int(uid)
user = User.objects.get(pk=uid_int)
except (ValueError, User.DoesNotExist):
user = None
if user is not None and token_generator.check_token(user, token):
# Hack because we're not getting the password
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect('/#/users/%s/change-password/' %
user.pk)
return HttpResponseRedirect('/')
def get_jwt_token(request):
"""API для получения jwt-токена"""
serializer = ConfirmationCodeSerializer(data=request.data)
if not serializer.is_valid():
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
email = serializer.data.get('email')
confirmation_code = serializer.data.get('confirmation_code')
user = get_object_or_404(User, email=email)
if default_token_generator.check_token(user, confirmation_code):
refresh = RefreshToken.for_user(user)
return Response(
{'access': str(refresh.access_token)},
status=status.HTTP_200_OK
)
return Response(
{'confirmation_code': 'Неверный код подтверждения'},
status=status.HTTP_400_BAD_REQUEST
)
def auth_user(request, uidb36, token):
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
if user and default_token_generator.check_token(user, token):
login(request,
user,
backend='django.contrib.auth.backends.ModelBackend')
if hasattr(user, 'survey'):
return redirect("website:accounts:edit_survey")
else:
return redirect("website:accounts:survey")
messages.warning(request, 'Maaf link tidak valid')
return redirect('website:index')
def post(self, request, *args, **kwargs):
if self.form.is_valid():
try:
user = User.objects.get(id=self.request.GET.get('id'))
except User.DoesNotExist:
return self.invalid('unknownuser')
if not default_token_generator.check_token(
user, self.request.GET.get('token')):
return self.invalid('invalid')
user.set_password(self.form.cleaned_data['password'])
user.save()
messages.success(request,
_('You can now login using your new password.'))
user.log_action(
'pretix.control.auth.user.forgot_password.recovered')
return redirect('control:auth.login')
else:
return self.get(request, *args, **kwargs)
def get(self, request, uidb64, token, *args, **kwargs):
try:
uid = urlsafe_base64_decode(uidb64).decode()
user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(
user, token):
user.is_active = True
user.save()
return self.render_to_response({
'msg':
'Thank you for your email confirmation. Now you can login your account.'
})
else:
return HttpResponse('Activation link is invalid!')
return self.render_to_response(
{'msg': 'Activation link is invalid!'})
def signup_confirm(request, uidb64, token):
User = get_user_model()
try:
uid = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
if user and token_generator.check_token(user, token):
user.is_active = True
user.save()
messages.info(request, '이메일을 인증했습니다. 로그인 해주세요.')
return redirect(settings.LOGIN_URL)
else:
messages.error(request, '잘못된 경로로 접근하셨습니다.')
return redirect(settings.LOGINS_URL)
def validate(self, attrs):
# Decode the uidb64 to uid to get User object
try:
uid = force_text(uid_decoder(attrs['uidb64']))
self.user = UserModel._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
raise ValidationError({'uidb64': _('Invalid value')})
# Construct SetPasswordForm instance
self.set_password_form = self.set_password_form_class(user=self.user,
data=attrs)
if not self.set_password_form.is_valid():
raise serializers.ValidationError(self.set_password_form.errors)
if not default_token_generator.check_token(self.user, attrs['token']):
raise ValidationError({'token': _('Invalid value')})
return attrs
def get(self, request, uidb64=None, token=None, *args, **kwargs):
klass = get_user_model()
try:
uid = urlsafe_base64_decode(uidb64)
user = klass._default_manager.get(pk=uid)
except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
user = None
if user is not None and default_token_generator.check_token(
user, token):
user.is_active = True
user.save()
template_name = self.get_template_name(request)
context = self.get_context_data(request)
return render(request, template_name, context)
else:
# message
return redirect('home:top')
def activation_user(uidb64, token):
try:
uid = urlsafe_base64_decode(uidb64).decode()
customer = User.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError):
customer = None
if customer is not None and default_token_generator.check_token(
customer, token):
customer.is_active = True
customer.save()
msg = {
'message':
'Thank you for your email confirmation. Now you can login your account.'
}
return Response(msg, status=status.HTTP_200_OK)
else:
msg = {'message': 'Activation link is invalid!'}
return Response(msg, status=status.HTTP_400_BAD_REQUEST)
def perform_mutation(cls, _root, info, **data):
user = info.context.user
cls.clean_instance(info, user)
token = data.pop("token")
if not default_token_generator.check_token(user, token):
raise ValidationError({
"token":
ValidationError(INVALID_TOKEN, code=AccountErrorCode.INVALID)
})
db_id = user.id
user.delete()
# After the instance is deleted, set its ID to the original database's
# ID so that the success response contains ID of the deleted object.
user.id = db_id
return cls.success_response(user)
def get(self, request, *args, **kwargs):
try:
user = get_user_model().objects.get(id=kwargs['user_id'])
except get_user_model().DoesNotExist:
raise Http404
if user.is_active:
raise Http404
if not default_token_generator.check_token(user,kwargs['token']):
raise Http404
user.is_active = True
user.save()
print("Acitvating %s" % user.username)
return super(CheckConfirmationView,self).get(self, request, *args, **kwargs)
def get(self, request, *args, **kwargs):
uidb64 = kwargs.get('uidb64')
token = kwargs.get('token')
order = ConfirmEmailOrder.objects.filter(key=uidb64).filter(checked=False).first()
if order and default_token_generator.check_token(order.user, token):
response = order.invoke()
if response == ConfirmEmailOrder.OK:
return HttpResponseRedirect(redirect_to=reverse('login'))
else:
error = 'Error'
if response == ConfirmEmailOrder.EMAIL_ERROR:
error = 'Correo Repetido'
if response == ConfirmEmailOrder.EXPIRED:
error = "Too Late"
return HttpResponse(status=400,content=error)
else:
return HttpResponse(status=404)
def changeemail(request, uidb64, token, newemail):
try:
# Query User using decoded UID
uid = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=uid)
except(TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
newemail = force_text(urlsafe_base64_decode(newemail))
# This will fail if the user has already used the link to changed their email, the token is invalid, the UID is invalid, or the user has requested to change to another email
if user is not None and default_token_generator.check_token(user, token) and user.target_new_email == newemail:
user.email = newemail
user.target_new_email = None
user.save()
return redirect('emailchangesuccess')
else:
return redirect('emailchangefail')
def confirm_registration(request, username, token):
new_user = get_object_or_404(User, username=username)
# Send 404 error if token is invalid
if not default_token_generator.check_token(new_user, token):
raise Http404
# Otherwise token was valid, activate the user.
new_user.is_active = True
new_user.save()
entry = Entry(age=0,
created_by=new_user,
update_time=datetime.now(),
creation_time=datetime.now())
entry.save()
return render(request, 'socialnetwork/confirmed.html', {})
def reset_password_universal(request, token=None):
if token is None:
if not request.user.is_authenticated:
raise Http404
if request.method == 'POST':
form = PasswordResetForm(request.POST)
if form.is_valid():
user = User.objects.get(username=request.user)
user.set_password(form.cleaned_data['password2'])
user.save()
logout(request)
messages.success(request, 'Password Changed.')
return redirect('home')
else:
form = PasswordResetForm()
context = {
'form': form,
'title': 'Simple TV | Password Reset',
'header': 'Change Password',
}
return render(request, 'accounts/commonformindex.html', context)
if token is not None:
user_id = int(token[-1])
user_obj = User.objects.get(id=user_id)
main_token = token[:-1]
if default_token_generator.check_token(user_obj, main_token):
if request.method == 'POST':
form = PasswordResetForm(request.POST)
if form.is_valid():
user = User.objects.get(username=user_obj.username)
user.set_password(form.cleaned_data['password2'])
user.save()
messages.success(request, 'Password Reset Done.')
return redirect('login_user')
else:
form = PasswordResetForm()
context = {
'form': form,
'title': 'Simple TV | Password Reset',
'header': 'Reset Password',
}
return render(request, 'accounts/commonformindex.html', context)
else:
return HttpResponse('<h1>Invalid Token</h1>')
