def post(self, request):
data = json.loads(request.body)
receiver_email = data.get('email', None)
try:
account = User.objects.get(email=receiver_email)
except ObjectDoesNotExist:
logger.exception(self.errs['user_not_found'].format(receiver_email))
return Response({
'status': _('Success'),
'message': self.msgs['success']
}, status=status.HTTP_200_OK)
if account is not None and receiver_email:
data['guid'] = hashlib.sha512(str(SystemRandom().getrandbits(512))).hexdigest()
data['user'] = account.id
date = datetime.datetime.utcnow()
data['expiration_date'] = date + datetime.timedelta(days=settings.FORGOT_PASSWORD_GUID_EXPIRATION)
try:
serializer = UserUIDSerializer(data=data)
if serializer.is_valid():
serializer.save()
try:
language_cookie_value = request.COOKIES.get(settings.LANGUAGE_COOKIE_NAME)
file_path = os.path.join(settings.EMAIL_TEMPLATE_FA_LOCATION)
if language_cookie_value == "en":
file_path = os.path.join(settings.EMAIL_TEMPLATE_EN_LOCATION)
file_handler = codecs.open(file_path, encoding="utf-8")
email_content = file_handler.read()
str_with_username = string.replace(email_content, '[username]', account.username)
absolute_url = request.build_absolute_uri(reverse('setpassword') + data['guid'])
personalized_email = string.replace(str_with_username, '[link]', absolute_url)
email = EmailMessage('Forgot Password Email', personalized_email, to=[receiver_email])
email.send()
logger.info(self.msgs['finish_success'].format(account.log_guid))
return Response({
'status': _('Success'),
'message': self.msgs['success']
}, status=status.HTTP_200_OK)
except Exception, e:
logger.exception(self.errs['smtp_fail'].format(e.message))
return Response({
'status': _('Fail'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
logger.error(self.errs['UID_invalid'].format(account.log_guid, data['guid'], date))
return Response({
'status': _('Bad request'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request):
data = json.loads(request.body)
guid = data.get('guid', None)
logger.info("SetPasswordView.post is called. GUID: {0}".format(guid))
password_serializer = PasswordSerializer(data=data, partial=True)
if not password_serializer.is_valid():
return Response({
'status': _('Bad request'),
'message': self.msgs['password_mismatch'],
'errors': 'Validation error'
}, status=status.HTTP_400_BAD_REQUEST)
try:
user_uid = UserUID.objects.get(guid=guid)
except ObjectDoesNotExist:
logger.exception(self.errs['GUID_invalid'].format(guid))
return Response({
'status': _('Bad request'),
'message': self.msgs['activation_invalid']
}, status=status.HTTP_400_BAD_REQUEST)
now_offset_aware = timezone.make_aware(datetime.datetime.utcnow(), timezone.get_current_timezone())
if user_uid.expiration_date < now_offset_aware:
logger.error(self.errs['GUID_expired'].format(guid, user_uid.expiration_date, now_offset_aware))
return Response({
'status': _('Bad request'),
'message': self.msgs['activation_invalid']
}, status=status.HTTP_400_BAD_REQUEST)
try:
account = User.objects.get(id=user_uid.user_id)
except ObjectDoesNotExist:
logger.exception(self.msgs['GUID_invalid'].format(guid))
return Response({
'status': _('Fail'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
if account is not None:
se_data = dict()
se_data['password'] = password_serializer.validated_data['new_password']
se_data['confirm_password'] = password_serializer.validated_data['confirm_password']
se_data['email'] = account.email
se_data['username'] = account.username
se_data['log_guid'] = account.log_guid
try:
with transaction.atomic():
serializer = UserSerializer(account, data=se_data)
if serializer.is_valid():
serializer.save()
# We need to mark the forgotpassword GUID as expired
uid_data = dict()
uid_data['guid'] = guid
uid_data['user'] = user_uid.user_id
uid_data['expiration_date'] = datetime.datetime.utcnow()
uidSerializer = UserUIDSerializer(user_uid, data=uid_data)
if uidSerializer.is_valid():
uidSerializer.save()
logger.info(self.msgs['finish_success'].format(guid))
return Response({
'status': _('Success'),
'message': self.msgs['update_pass_success']
}, status=status.HTTP_200_OK)
else:
logger.error(self.errs['ser_not_valid'].format(guid, user_uid.user_id, uid_data['expiration_date']))
return Response({
'status': _('Fail'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
logger.error(self.errs['server_error'])
return Response({
'status': _('Fail'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except Exception as e:
logger.exception(self.errs['exception'].format(guid, e.message))
return Response({
'status': _('Bad request'),
'message': self.msgs['internal_server_error']
}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
logger.exception(self.errs['GUID_none'].format(guid))
return Response({
'status': _('Bad request'),
'message': self.msgs['activation_invalid']
}, status=status.HTTP_400_BAD_REQUEST)
