Beispiel #1
0
    def reset_password_page(self, request):
        print('reset_password_page')
        if request.method == 'POST':
            form = PasswordResetForm(request.POST)
            print(form)
            # check whether it's valid:
            if form.is_valid():
                password = form.data.get("new_password")
                key = form.data.get("key")
                user = User.objects.get(reset_password_key=key)
                user.set_password(password)
                user.reset_password_key = ""
                user.save()
                user.remove_token()

                # process the data in form.cleaned_data as required
                # ...
                # redirect to a new URL:
                return render(request, 'users/password_reset_success.html')

        # if a GET (or any other method) we'll create a blank form
        else:
            key = request.GET.get('key')
            form = PasswordResetForm(initial={
                'key': key,
            })

        # return Response({'form': form}, 'users/password_reset_page.html')
        return render(request, 'users/password_reset_page.html',
                      {'form': form})
Beispiel #2
0
def recover_password(request):
    """Endpoint for requesting user's password recovery."""
    data = request.body
    if data:
        try:
            data = json.loads(data)
            user = User.objects.get(username=data.get("username",False))
            if user:
                form = PasswordResetForm({'email': user.email})
                if form.is_valid():
                    opts = {
                        'use_https': request.is_secure(),
                        'token_generator': default_token_generator,
                        'from_email': None,
                        'email_template_name': 'password_reset_email.html',
                        'subject_template_name': 'password_reset_subject.txt',
                        'request': request,
                        'html_email_template_name': None,
                    }
                    form.save(**opts)
                    return HttpResponse(json.dumps({"detail": "ok"}), status=status.HTTP_200_OK,
                                        content_type="application/json")
        except Exception as e:
            pass
    return HttpResponse(status=status.HTTP_400_BAD_REQUEST)
Beispiel #3
0
def forgotten_password(request):
    """
    Allow the user's password to be reset
    """
    if request.method == "POST":
        # send email with password reset in
        lForm = PasswordResetForm(request.POST)
        if lForm.is_valid():
            lPasswordReset = PasswordReset()
            lPasswordReset.generateKey()
            lPasswordReset.username = lForm.cleaned_data['username']
            lPasswordReset.ip = request.META['REMOTE_ADDR']
            lPasswordReset.useragent = request.META['HTTP_USER_AGENT']
            lPasswordReset.save()
            try:
                lUser = User.objects.filter(
                    username__iexact=lPasswordReset.username)[0]
            except:
                # try looking by email address
                try:
                    lUser = User.objects.filter(
                        email__iexact=lPasswordReset.username).order_by(
                            '-last_login')[0]
                except:
                    # don't send email if account not found
                    return HttpResponseRedirect(
                        '/accounts/forgottenpassword/sent/')

            if lUser.is_active == False:
                # don't send email if user is inactive
                return HttpResponseRedirect(
                    '/accounts/forgottenpassword/sent/')

            notification(lUser,
                         lPasswordReset,
                         'users',
                         'password_reset',
                         'request',
                         request.user,
                         browser_details(request),
                         pDestination=lUser.email)
            return HttpResponseRedirect('/accounts/forgottenpassword/sent/')
    else:
        # show password reset form
        lForm = PasswordResetForm()
    return render_auth(request, "users/resetpassword/forgotten_password.html",
                       {'form': lForm})
Beispiel #4
0
def view_reset_password(request, passwordreset_template):
    from users.forms import PasswordResetForm
    if request.method == 'POST':
        form = PasswordResetForm(post_data(request))
        if not form.is_valid():
            return response(passwordreset_template,locals(),request)
        email = form.cleaned_data.get('email')
        from users.models import UserProfile
        userprofile = UserProfile.objects.get(email=email)
        new_password = userprofile.reset_password()
        from utils.emailer import passwordreset_mailer
        passwordreset_mailer(userprofile, new_password)
        from users.messages import PASSWORD_RESET_EMAIL_SUCCESS
        _add_successmsg(request, PASSWORD_RESET_EMAIL_SUCCESS % email)
        return response(passwordreset_template,locals(),request)
    form = PasswordResetForm()
    return response(passwordreset_template,locals(),request)
Beispiel #5
0
def forgot_password(request, mobile=False):
    """Password reset form. This view sends an email with a reset link.
    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        valid = form.is_valid()
        if valid:
            form.save(use_https=request.is_secure(),
                      token_generator=default_token_generator,
                      email_template_name='users/email/pw_reset.ltxt')
        if mobile:
            if valid:
                return HttpResponseRedirect(
                    reverse('users.mobile_pw_reset_sent'))
        else:
            if not valid:
                return {
                    'status': 'error',
                    'errors': dict(form.errors.iteritems())
                }
            else:
                return {'status': 'success'}
    else:
        form = PasswordResetForm()

    if mobile:
        return jingo.render(request, 'users/mobile/pw_reset_form.html',
                            {'form': form})
Beispiel #6
0
def password_reset(request):
    """Password reset form.

    Based on django.contrib.auth.views. This view sends the email.

    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        if form.is_valid():
            form.save(use_https=request.is_secure(),
                      token_generator=default_token_generator,
                      email_template_name='users/email/pw_reset.ltxt')
        # Don't leak existence of email addresses.
        return HttpResponseRedirect(reverse('users.pw_reset_sent'))
    else:
        form = PasswordResetForm()

    return render(request, 'users/pw_reset_form.html', {'form': form})
Beispiel #7
0
 def post(request):
     form = PasswordResetForm(request.POST)
     email = request.POST['email']
     if form.is_valid():
         if request.POST['pwd1'] != request.POST['pwd2']:
             return render(
                 request, "password_reset.html", {
                     "email": email,
                     "reset_form": form,
                     "msg": "password were different between two enters"
                 })
         user = UserProfile.objects.get(email=email)
         user.password = make_password(request.POST['pwd2'])
         user.save()
         return render(request, "login.html",
                       {"msg": "reset success, please login."})
     else:
         return render(request, "password_reset.html", {
             "email": email,
             "reset_form": form
         })
def password_reset(request):
    if request.method == 'POST':
        form = PasswordResetForm(request.POST)
        if form.is_valid():
            email = form.cleaned_data['email']
            try:
                user = User.objects.get(email=email)
            except User.DoesNotExist:
                user = None
            if user:
                expires = timezone.now() + timezone.timedelta(minutes=5)
                token = jwt.encode({
                    'username': user.username,
                    'exp': expires
                },
                                   settings.SECRET_KEY,
                                   algorithm='HS256')
                url = request.build_absolute_uri(
                    reverse_lazy('users:new-password', args=(token, )))

                subject = '[Auth App] Please reset your password.'
                from_mail = '*****@*****.**'
                to_mail = user.email
                text_content = 'content'
                html_content = render_to_string('emails/password_reset.html',
                                                {'url': url})

                send_mail(subject,
                          text_content,
                          from_mail, [to_mail],
                          html_message=html_content)

            messages.success(request, (
                'Check your email for a link to reset your password. '
                'If it does not appear within a few minutes, check your spam folder.'
            ))
            return redirect('users:password-reset')
    else:
        form = PasswordResetForm()
    return render(request, 'users/reset_password.html', {'form': form})
Beispiel #9
0
def password_reset(request, template):
    """Password reset form.

    Based on django.contrib.auth.views. This view sends the email.

    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        was_valid = form.is_valid()
        if was_valid:
            # TODO: Since we're using Jingo in a way that doesn't
            # override the Django template loader, the pw_reset.ltxt
            # email template must be a Django template and not a Jinja
            # template.
            #
            # After we switch all the rendering everywhere, we can
            # probably change this back. Until then, I'm pretty sure
            # this won't get translated.
            try_send_email_with_form(
                form.save, form, 'email',
                use_https=request.is_secure(),
                token_generator=default_token_generator,
                text_template='users/email/pw_reset.ltxt',
                html_template='users/email/pw_reset.html',
                subject_template_name='users/email/pw_reset_subject.ltxt')
        # Form may now be invalid if email failed to send.
        # PasswordResetForm is invalid iff there is no user with the entered
        # email address.
        # The condition below ensures we don't leak existence of email address
        # _unless_ sending an email fails.
        if form.is_valid() or not was_valid:
            # Don't leak existence of email addresses.
            return HttpResponseRedirect(reverse('users.pw_reset_sent'))
    else:
        form = PasswordResetForm()

    return render(request, template, {'form': form})
Beispiel #10
0
def forgot_password(request, mobile=False):
    """Password reset form. This view sends an email with a reset link.
    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        valid = form.is_valid()
        if valid:
            form.save(use_https=request.is_secure(),
                      token_generator=default_token_generator,
                      email_template_name='users/email/pw_reset.ltxt')
        if mobile:
            if valid:
                return HttpResponseRedirect(reverse('users.mobile_pw_reset_sent'))
        else:
            if not valid:
                return {'status': 'error',
                        'errors': dict(form.errors.iteritems())}
            else:
                return {'status': 'success'}
    else:
        form = PasswordResetForm()

    if mobile:
        return jingo.render(request, 'users/mobile/pw_reset_form.html', {'form': form})
Beispiel #11
0
 def get(request, code):
     form = PasswordResetForm()
     records = EmailVerify.objects.filter(code=code, verify_type="forget")
     if len(records) == 0:
         return render(request, "register.html",
                       {"msg": "Wrong validation code"})
     elif (timezone.now() - records[0].send_time).total_seconds() > 1800:
         records[0].delete()
         return render(request, "register.html",
                       {"msg": "validation code out of date"})
     email = records[0].email
     records[0].delete()
     return render(request, "password_reset.html", {
         "email": email,
         "reset_form": form
     })
Beispiel #12
0
def reset_password(request):
    form = PasswordResetForm()
    status = request.GET.get('status')

    if request.method == 'POST':
        form = PasswordResetForm(request.POST)
    elif request.user.has_perm('auth.change_user'):  # Prefill user email
        try:
            user = User.objects.get(id=request.GET.get('id'))
            form = PasswordResetForm({'email': user.email})
        except User.DoesNotExist:
            pass

    if not status == 'invalid_token':
        status = None

    if form.is_valid():
        form.save()
        status = 'success'

    return render(request, 'users/reset_password.html', {
        'form': form,
        'status': status
    })
Beispiel #13
0
def password_reset(request):
    """Password reset form.

    Based on django.contrib.auth.views. This view sends the email.

    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        if form.is_valid():
            form.save(use_https=request.is_secure(),
                      token_generator=default_token_generator,
                      email_template_name='users/email/pw_reset.ltxt')
        # Don't leak existence of email addresses.
        return HttpResponseRedirect(reverse('users.pw_reset_sent'))
    else:
        form = PasswordResetForm()

    return jingo.render(request, 'users/pw_reset_form.html', {'form': form})
Beispiel #14
0
def reset_password(request):
	form = PasswordResetForm()
	status = request.GET.get('status')

	if request.method == 'POST':
		form = PasswordResetForm(request.POST)
	elif request.user.has_perm('auth.change_user'):		# Prefill user email
		try:
			user = User.objects.get(id=request.GET.get('id'))
			form = PasswordResetForm({'email': user.email})
		except User.DoesNotExist:
			pass
	
	if not status == 'invalid_token':
		status = None

	if form.is_valid():
		form.save()
		status = 'success'

	return render(request, 'users/reset_password.html', {'form': form, 'status': status})
Beispiel #15
0
def password_reset(request, template):
    """Password reset form.

    Based on django.contrib.auth.views. This view sends the email.

    """
    if request.method == "POST":
        form = PasswordResetForm(request.POST)
        was_valid = form.is_valid()
        if was_valid:
            # TODO: Since we're using Jingo in a way that doesn't
            # override the Django template loader, the pw_reset.ltxt
            # email template must be a Django template and not a Jinja
            # template.
            #
            # After we switch all the rendering everywhere, we can
            # probably change this back. Until then, I'm pretty sure
            # this won't get translated.
            try_send_email_with_form(
                form.save,
                form,
                'email',
                use_https=request.is_secure(),
                token_generator=default_token_generator,
                email_template_name='users/email/pw_reset.ltxt',
                subject_template_name='users/email/pw_reset_subject.ltxt')
        # Form may now be invalid if email failed to send.
        # PasswordResetForm is invalid iff there is no user with the entered
        # email address.
        # The condition below ensures we don't leak existence of email address
        # _unless_ sending an email fails.
        if form.is_valid() or not was_valid:
            # Don't leak existence of email addresses.
            return HttpResponseRedirect(reverse('users.pw_reset_sent'))
    else:
        form = PasswordResetForm()

    return render(request, template, {'form': form})