Ejemplo n.º 1
0
    def post(self, request):
        data = json.loads(request.body)
        receiver_email = data.get('email', None)
        try:
            account = User.objects.get(email=receiver_email)
        except ObjectDoesNotExist:
            logger.exception(self.errs['user_not_found'].format(receiver_email))
            return Response({
                'status': _('Success'),
                'message': self.msgs['success']
            }, status=status.HTTP_200_OK)
        if account is not None and receiver_email:
            data['guid'] = hashlib.sha512(str(SystemRandom().getrandbits(512))).hexdigest()
            data['user'] = account.id
            date = datetime.datetime.utcnow()
            data['expiration_date'] = date + datetime.timedelta(days=settings.FORGOT_PASSWORD_GUID_EXPIRATION)
            try:
                serializer = UserUIDSerializer(data=data)
                if serializer.is_valid():
                    serializer.save()
                    try:
                        language_cookie_value = request.COOKIES.get(settings.LANGUAGE_COOKIE_NAME)
                        file_path = os.path.join(settings.EMAIL_TEMPLATE_FA_LOCATION)

                        if language_cookie_value == "en":
                            file_path = os.path.join(settings.EMAIL_TEMPLATE_EN_LOCATION)
                        file_handler = codecs.open(file_path, encoding="utf-8")
                        email_content = file_handler.read()
                        str_with_username = string.replace(email_content, '[username]', account.username)
                        absolute_url = request.build_absolute_uri(reverse('setpassword') + data['guid'])
                        personalized_email = string.replace(str_with_username, '[link]', absolute_url)
                        email = EmailMessage('Forgot Password Email', personalized_email, to=[receiver_email])
                        email.send()
                        logger.info(self.msgs['finish_success'].format(account.log_guid))
                        return Response({
                            'status': _('Success'),
                            'message': self.msgs['success']
                        }, status=status.HTTP_200_OK)
                    except Exception, e:
                        logger.exception(self.errs['smtp_fail'].format(e.message))
                        return Response({
                            'status': _('Fail'),
                            'message': self.msgs['internal_server_error']
                        }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                else:
                    logger.error(self.errs['UID_invalid'].format(account.log_guid, data['guid'], date))
                    return Response({
                        'status': _('Bad request'),
                        'message': self.msgs['internal_server_error']
                    }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
Ejemplo n.º 2
0
    def post(self, request):
        data = json.loads(request.body)
        guid = data.get('guid', None)
        logger.info("SetPasswordView.post is called. GUID: {0}".format(guid))

        password_serializer = PasswordSerializer(data=data, partial=True)
        if not password_serializer.is_valid():
            return Response({
                'status': _('Bad request'),
                'message': self.msgs['password_mismatch'],
                'errors': 'Validation error'
            }, status=status.HTTP_400_BAD_REQUEST)

        try:
            user_uid = UserUID.objects.get(guid=guid)
        except ObjectDoesNotExist:
            logger.exception(self.errs['GUID_invalid'].format(guid))
            return Response({
                'status': _('Bad request'),
                'message': self.msgs['activation_invalid']
            }, status=status.HTTP_400_BAD_REQUEST)

        now_offset_aware = timezone.make_aware(datetime.datetime.utcnow(), timezone.get_current_timezone())

        if user_uid.expiration_date < now_offset_aware:
            logger.error(self.errs['GUID_expired'].format(guid, user_uid.expiration_date, now_offset_aware))
            return Response({
                'status': _('Bad request'),
                'message': self.msgs['activation_invalid']
            }, status=status.HTTP_400_BAD_REQUEST)

        try:
            account = User.objects.get(id=user_uid.user_id)
        except ObjectDoesNotExist:
            logger.exception(self.msgs['GUID_invalid'].format(guid))
            return Response({
                'status': _('Fail'),
                'message': self.msgs['internal_server_error']
            }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)

        if account is not None:
            se_data = dict()
            se_data['password'] = password_serializer.validated_data['new_password']
            se_data['confirm_password'] = password_serializer.validated_data['confirm_password']
            se_data['email'] = account.email
            se_data['username'] = account.username
            se_data['log_guid'] = account.log_guid
            try:
                with transaction.atomic():
                    serializer = UserSerializer(account, data=se_data)
                    if serializer.is_valid():
                        serializer.save()
                        # We need to mark the forgotpassword GUID as expired
                        uid_data = dict()
                        uid_data['guid'] = guid
                        uid_data['user'] = user_uid.user_id
                        uid_data['expiration_date'] = datetime.datetime.utcnow()
                        uidSerializer = UserUIDSerializer(user_uid, data=uid_data)

                        if uidSerializer.is_valid():
                            uidSerializer.save()
                            logger.info(self.msgs['finish_success'].format(guid))
                            return Response({
                                'status': _('Success'),
                                'message': self.msgs['update_pass_success']
                            }, status=status.HTTP_200_OK)
                        else:
                            logger.error(self.errs['ser_not_valid'].format(guid, user_uid.user_id, uid_data['expiration_date']))
                            return Response({
                                'status': _('Fail'),
                                'message': self.msgs['internal_server_error']
                            }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                    else:
                        logger.error(self.errs['server_error'])
                        return Response({
                            'status': _('Fail'),
                            'message': self.msgs['internal_server_error']
                        }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
            except Exception as e:
                logger.exception(self.errs['exception'].format(guid, e.message))
                return Response({
                    'status': _('Bad request'),
                    'message': self.msgs['internal_server_error']
                }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
        else:
            logger.exception(self.errs['GUID_none'].format(guid))
            return Response({
                'status': _('Bad request'),
                'message': self.msgs['activation_invalid']
            }, status=status.HTTP_400_BAD_REQUEST)