def test_reset_password_email_is_sent(self):
"Test the email with the link to reset the password is sent."
user = User.objects.get(email="*****@*****.**")
uid = int_to_base36(user.id)
token = PasswordResetTokenGenerator()
protocol = "http"
domain = "127.0.0.1:8000"
email_template = get_template("password_reset_email.html")
context = {
"protocol": protocol,
"domain": domain,
"uid": uid,
"token": token.make_token(user)
}
mail.send_mail(
"Password Reset",
email_template.render(context),
"*****@*****.**",
["*****@*****.**"],
fail_silently=False,
)
self.assertEqual(len(mail.outbox), 1)
self.assertIn("Password Reset", str(mail.outbox[0].subject))
self.assertIn(
"{0}://{1}/accounts/password-reset/{2}-{3}".format(
protocol, domain, uid, token.make_token(user)),
mail.outbox[0].body)
def test_10265(self):
"""
Ensure that the token generated for a user created in the same request
will work correctly.
"""
# See ticket #10265
user = User.objects.create_user('comebackkid', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
reload = User.objects.get(username='******')
tk2 = p0.make_token(reload)
self.assertEqual(tk1, tk2)
def test_10265(self):
"""
The token generated for a user created in the same request
will work correctly.
"""
# See ticket #10265
user = User.objects.create_user('comebackkid', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
reload = User.objects.get(username='******')
tk2 = p0.make_token(reload)
self.assertEqual(tk1, tk2)
def send_token_message(host, user, template, subject, new_user=False, extra_context=None):
"""
Send an email to the the user with a new token
"""
token_generator = PasswordResetTokenGenerator()
t = loader.get_template(template)
c = {
'email': user.email,
'host': host,
'user_token': int_to_base36(user.id),
'user': user,
'key_token': token_generator.make_token(user),
'new_user' : new_user,
}
if extra_context:
# If we have extra_content we need for the template
for key in extra_context:
c[key] = extra_context[key]
# send the user an email with the template filled out
# the actual link can be created using:
# {% url signup_login_by_email user_token key_token %}
send_mail(subject, t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertIs(p0.check_token(None, tk1), False)
self.assertIs(p0.check_token(user, None), False)
def test_timeout(self):
"""
The token is valid after n days, but no greater.
"""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'today'
class Mocked(PasswordResetTokenGenerator):
def __init__(self, today):
self._today_val = today
def _today(self):
return self._today_val
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1))
def post(self, request):
serializer = se.SignupSerializer(data=request.data)
if serializer.is_valid():
user = Profile.objects.create(username=serializer.data['username'], email=serializer.data['email'])
user.set_password(serializer.data['password2'])
user.save()
current_site = get_current_site(request)
mail_subject = 'Activate your account.'
account_activation_token = PasswordResetTokenGenerator()
message = render_to_string('email_template.html', {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': account_activation_token.make_token(user),
})
server = smtplib.SMTP('smtp.mail.yahoo.com', 587)
server.ehlo()
server.starttls()
server.ehlo()
server.login("*****@*****.**", "man2Setdaram")
to_email = serializer.data.get('email')
text = message
server.sendmail('*****@*****.**', to_email, text)
return Response('Please confirm your email address to complete the registration')
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
"""
here, the user provides email to be used to get a link. The email must be registered,
token gets generated and sent to users via link.
"""
email = request.data.get('email', {})
serializer = self.serializer_class(data={'email': email})
serializer.is_valid(raise_exception=True)
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
message = {"message": "The email provided is not registered"}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
token_generator = PasswordResetTokenGenerator()
password_token = token_generator.make_token(user)
token = generate_password_token(email, password_token)
message = {"message": "We've sent a password reset link to your email"}
subject = "Password reset"
reset_link = os.getenv('PASSWORD_RESET')
body = render_to_string('password_reset.html', {
'link': reset_link + '?token=' + token,
'name': user.username,
})
sender = os.getenv('EMAIL_SENDER')
send_mail(subject,
"Password Reset",
sender, [email],
html_message=body)
return Response(message, status=status.HTTP_200_OK)
def send_activation_mail(request, user):
# Get the current site or empty string.
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
# Generate uidb36 and token for the activation link.
uidb36 = int_to_base36(user.pk)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
# Email to the user
send_templated_mail(
template_name='activation',
recipient_list=[user.email],
context={
'current_site': current_site,
'protocol': request.is_secure() and 'https' or 'http',
'user': user,
'uidb36': uidb36,
'token': token,
},
from_email=settings.EMAIL_PERSONAL_HOST_USER,
auth_user=settings.EMAIL_PERSONAL_HOST_USER,
auth_password=settings.EMAIL_PERSONAL_HOST_PASSWORD
)
def create_or_login(request):
if not request.method == "POST":
return HttpResponseRedirect(reverse(list))
form = EmailForm(request.POST)
if not form.is_valid():
return render(request, "members/login.html", {"form": form})
data = form.cleaned_data
member = get_object_or_None(Member, email=data["email"])
if not member:
member = Member(email=data["email"])
member.save()
member_url = reverse(edit, kwargs={"key": member.key})
token_gen = PasswordResetTokenGenerator()
token = token_gen.make_token(member)
try:
send_mail(
"Your Nick Reid Directory Profile",
"Follow this link to update your profile: %s?token=%s" % (member_url, token),
"*****@*****.**",
[member.email],
fail_silently=False,
)
except:
messages.error(request, "There was an error sending email to %s", member.email)
messages.success(request, "An email has been sent to %s." % (member.email))
return HttpResponseRedirect(reverse(list))
def test_reset_password(self):
response = self.client.get(reverse('auth_password_reset'))
self.assertEquals(response.status_code, 200)
self.assertIn('Reset your password', response.content)
response = self.client.post(reverse('auth_password_reset'),
{'email': self.user.email}, follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('email with a link to reset your password', response.content)
pt = PasswordResetTokenGenerator()
token = pt.make_token(self.user)
uid = base64.b64encode(str(self.user.id)).strip('=')
response = self.client.get(reverse('auth_password_reset_confirm',
args=(uid, token)),
follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('Enter your new password below', response.content)
data = {
'new_password1': 'newpassword',
'new_password2': 'newpassword'
}
response = self.client.post(reverse('auth_password_reset_confirm', args=(uid, token)),
data, follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('Your password has been reset!', response.content)
result = self.client.login(username=self.user.username, password='******')
self.assertTrue(result)
#reset password
self.user.set_password('supersecret')
def generate_confirmation_code(email):
user, created = User.objects.get_or_create(email=email)
token_generator = PasswordResetTokenGenerator()
confirmation_code = token_generator.make_token(user)
if created:
user.delete()
return confirmation_code
def send_activation_email(user, site=None):
"""
Send the activation email. The activation key is the username,
signed using TimestampSigner.
"""
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.pk))
activation_path = reverse('users:activate', kwargs={'uidb64': uid, 'token': token})
context = {
'user': user,
'name': user.get_full_name(),
'username': user.get_username(),
'activation_path': activation_path,
'timeout_days': settings.PASSWORD_RESET_TIMEOUT_DAYS,
'org_long_name': settings.ORG_LONG_NAME,
}
if site:
context.update(site=site)
subject = 'Account details for {username} at {org_long_name}'.format(**context)
# Force subject to a single line to avoid header-injection issues.
subject = ''.join(subject.splitlines())
message = render_to_string('users/activation/email.txt', context)
user.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)
def generate_password_reset_url(user_profile: UserProfile,
token_generator: PasswordResetTokenGenerator) -> str:
token = token_generator.make_token(user_profile)
uid = urlsafe_base64_encode(force_bytes(user_profile.id)).decode('ascii')
endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
return "{}{}".format(user_profile.realm.uri, endpoint)
def post(self, request):
serializer = PasswordResetSerializer(data=request.data)
if serializer.is_valid():
email = serializer.data.get("email")
check = User.objects.filter(email=email)
# If the email is in the database
if check:
# Retrieve user from database
user = User.objects.get(email=email)
# Generate a token using django's integrated functions
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
# Generate base64 encoded string based on user's private key (user ID)
uid = urlsafe_base64_encode(force_bytes(user.pk))
# Send email containing link to reset password
subject = 'Password reset'
message = 'You are receiving this email because you requested a password reset on lifTUe.\n\n' \
'Please go to the following page and choose a new password:\n\n' \
+ settings.URL + 'user/password/reset/' + uid.decode() + '/' + token + '\n\n' \
'Thanks!\n\nlifTUe'
send_mail(subject, message, '*****@*****.**',
(user.email, ))
return Response(status=HTTP_200_OK)
# If the request is invalid
else:
return Response(status=HTTP_400_BAD_REQUEST)
def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertIs(p0.check_token(None, tk1), False)
self.assertIs(p0.check_token(user, None), False)
def generate_password_reset_url(user_profile: UserProfile,
token_generator: PasswordResetTokenGenerator) -> str:
token = token_generator.make_token(user_profile)
uid = urlsafe_base64_encode(force_bytes(user_profile.id)).decode('ascii')
endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
return "{}{}".format(user_profile.realm.uri, endpoint)
def setUp(self):
"""
set up method to test password reset endpoint
"""
self.user = {
'user' : {
'username': '******',
'email': '*****@*****.**',
'password': '******'
}
}
self.register_url = api_reverse('authentication:user-registration')
self.client.post(self.register_url, self.user, format="json")
# activate this user
user = User.objects.get(email='*****@*****.**')
user.is_active = True
user.save()
email='*****@*****.**'
user_object = User.objects.filter(email=email).first()
token_generator = PasswordResetTokenGenerator()
raw_token = token_generator.make_token(user_object)
token = generate_password_token(email, raw_token)
self.url = api_reverse('authentication:password_reset')+'?token='+token
def test_generation_activation_key(self):
new_user = User.objects.create_inactive_user(**self.user_data)
new_user.send_activation_email()
email_inst = mail.outbox[0]
token_generator = PasswordResetTokenGenerator()
activation_key = token_generator.make_token(new_user)
self.assertIn(activation_key, email_inst.body)
def post(self, request, *args, **kwargs):
formularioRegistro = forms.FormularioRegistro(request.POST)
if formularioRegistro.is_valid():
tmpUsuario = User.objects.create_user(
formularioRegistro.data['correoElectronico'],
formularioRegistro.data['correoElectronico'],
formularioRegistro.data['contrasena'])
tmpUsuario.first_name = formularioRegistro.data['nombres']
tmpUsuario.last_name = formularioRegistro.data['apellidos']
tmpUsuario.is_active = False
tmpUsuario.save()
'''
Aqui inicia el proceso de autentificacion del la cuenta
'''
#tmpUsuario = User.objects.get(username=formularioRegistro.data['correoElectronico'])
sitio = get_current_site(request)
correoAsunto = _('Activacion de Cuenta Maria Bonita')
token = PasswordResetTokenGenerator()
mensaje = render_to_string(
'mariabonita/activacion_cuenta.html', {
'usuario': tmpUsuario,
'dominio': sitio.domain,
'uid': urlsafe_base64_encode(force_bytes(tmpUsuario.pk)),
'token': token.make_token(tmpUsuario)
})
destinatario = tmpUsuario.email
correo = EmailMessage(correoAsunto, mensaje, to=[destinatario])
correo.content_subtype = 'html'
correo.send()
return HttpResponse("mariabonita/redireccionamiento.html")
else:
return render(request, "mariabonita/registro.html",
{'formularioRegistro': formularioRegistro})
def user_password_retrieve(request):
username = request.GET['username_forgot']
u = User.objects.get(email=username)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(u)
u.set_password(token)
u.save()
msg = MIMEMultipart()
msg['Subject'] = 'Mail from the MicrobesFlux -- Password reset'
msg['From'] = '*****@*****.**'
msg['To'] = username
msg.preamble = 'Reset your password'
fromaddr = "*****@*****.**"
toaddrs = [
username,
]
content = MIMEText(
"Dear MicrobesFlux User: we have changed your password to " + token +
". -- MicrobesFlux")
msg.attach(content)
server = smtplib.SMTP('localhost')
server.sendmail(fromaddr, toaddrs, msg.as_string())
server.quit()
return HttpResponse(content="""New Email sent!""",
status=200,
content_type="text/html")
def password_reset_url(self, request, id, form_url=''):
if not self.has_change_permission(request):
raise PermissionDenied
user = self.get_object(request, unquote(id))
if user is None:
raise Http404(
_('%(name)s object with primary key %(key)r does '
'not exist.') % {
'name': self.model._meta.verbose_name,
'key': escape(id),
})
token_generator = PasswordResetTokenGenerator()
url = reverse('admin:password_reset_confirm',
kwargs={
'uidb64':
force_str(urlsafe_base64_encode(force_bytes(
user.pk))),
'token':
token_generator.make_token(user)
})
url = request.build_absolute_uri(url)
return TemplateResponse(request,
'admin/password_reset_url.html',
context={
'user':
user,
'url':
url,
'title':
_('Password reset'),
'timeout_days':
settings.PASSWORD_RESET_TIMEOUT_DAYS
})
def forget_password(request):
context = {
'title':'ClickTime',
}
if request.method == 'POST':
entered_email = request.POST['email']
try:
user = User.objects.get(email = entered_email)
except User.DoesNotExist:
context['message'] = "The email you entered doesn't belong to an account!"
return render(request, 'users/forget_password.html', context=context)
token_generator = PasswordResetTokenGenerator()
current_site = get_current_site(request)
mail_subject = 'Reset your ClickTime account password.'
message = render_to_string('users/password_acc.html',{
'user':user,
'domain':current_site.domain,
'uid':urlsafe_base64_encode(force_bytes(user.pk)),
'token':token_generator.make_token(user),
})
to_email = entered_email
email = EmailMessage(mail_subject, message, to = [to_email])
email.send()
context['message_true'] = 'An email with password reset instructions has been sent to you.'
return render(request, 'users/forget_password.html', context=context)
return render(request, 'users/forget_password.html', context=context)
def send_password_recovery_link(user_pk):
"""Sends an email verification link to the users email address."""
user = User.objects.get(pk=user_pk)
email_data = {}
email_data['heading'] = 'Password recovery'
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
email_data['main_content'] = '''\
We have received a request for password recovery. If it was you who made this request, \
please click the button below to set a new password. If you have not made this \
request please ignore this email.'''
email_data['extra_content'] = 'Token: {}'.format(token)
email_data['button_url'] = '{}/PasswordRecovery/{}/{}'.format(
settings.BASELINK, user.username, token)
email_data['button_text'] = 'Set New Password'
email_data['profile_url'] = '{}/Profile'.format(settings.BASELINK)
html_content = render_to_string('call_to_action.html',
{'email_data': email_data})
text_content = strip_tags(html_content)
email = EmailMultiAlternatives(
subject='eJournal password recovery',
body=text_content,
from_email='*****@*****.**'
if settings.ENVIRONMENT == 'PRODUCTION' else '*****@*****.**',
headers={'Content-Type': 'text/plain'},
to=[user.email])
email.attach_alternative(html_content, 'text/html')
email.send()
def test_password_reset_confirm_view_custom_username_hint(self):
custom_user = CustomUser.custom_objects.create_user(
email='*****@*****.**',
date_of_birth=date(1986, 11, 11),
first_name='Joe',
)
client = PasswordResetConfirmClient()
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(custom_user)
uidb64 = urlsafe_base64_encode(str(custom_user.pk).encode())
url = reverse('password_reset_confirm',
kwargs={
'uidb64': uidb64,
'token': token
})
response = client.get(url)
self.assertContains(
response,
'<title>Enter new password | Django site admin</title>',
)
self.assertContains(response, '<h1>Enter new password</h1>')
# The username field is added to the password reset confirmation form
# to help browser's password managers.
self.assertContains(
response,
'<input class="hidden" autocomplete="username" value="*****@*****.**">',
)
def send(self,
users: List[UserProfile],
subject_template_name: str = '',
email_template_name: str = '',
use_https: bool = True,
token_generator:
PasswordResetTokenGenerator = default_token_generator,
from_email: Optional[Text] = None,
html_email_template_name: Optional[str] = None) -> None:
"""Sends one-use only links for resetting password to target users
"""
for user_profile in users:
context = {
'email': user_profile.email,
'domain': user_profile.realm.host,
'site_name': "zulipo",
'uid': urlsafe_base64_encode(force_bytes(user_profile.id)),
'user': user_profile,
'token': token_generator.make_token(user_profile),
'protocol': 'https' if use_https else 'http',
}
logging.warning("Sending %s email to %s" % (
email_template_name,
user_profile.email,
))
send_email('zerver/emails/password_reset',
to_user_id=user_profile.id,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY,
context=context)
def generate_password_reset_url(
user_profile: UserProfile, token_generator: PasswordResetTokenGenerator
) -> str:
token = token_generator.make_token(user_profile)
uid = urlsafe_base64_encode(str(user_profile.id).encode())
endpoint = reverse("password_reset_confirm", kwargs=dict(uidb64=uid, token=token))
return f"{user_profile.realm.uri}{endpoint}"
def test_timeout(self):
"""The token is valid after n days, but no greater."""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'now'.
class Mocked(PasswordResetTokenGenerator):
def __init__(self, now):
self._now_val = now
def _now(self):
return self._now_val
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(datetime.now() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(datetime.now() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1))
with self.settings(PASSWORD_RESET_TIMEOUT_DAYS=1):
self.assertEqual(settings.PASSWORD_RESET_TIMEOUT, 60 * 60 * 24)
p3 = Mocked(datetime.now() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p3.check_token(user, tk1))
p4 = Mocked(datetime.now() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p4.check_token(user, tk1))
def mutate(self, info, data):
user = Users.objects.create(
username=data.get("username", None),
first_name=data.get("firstName", None),
last_name=data.get("lastName", None),
email=data.get("email", None),
)
password = data.get("password", None)
if password is not None:
user.set_password(password)
user.save()
domain = "http://localhost:8000"
mail_subject = "Auth Me Bro | Activate Your Account"
account_activation_token = PasswordResetTokenGenerator()
uid = user.id
token = account_activation_token.make_token(user)
message = render_to_string(
"acc_active_email.html",
{
"user": user,
"url": f"{domain}/auth/activate?uid={uid}&token={token}"
},
)
recipient_list = [user.email]
EmailNotification().send(recipient_list, mail_subject, message)
return SignUp(user)
def test_check_token_secret_key_fallbacks(self):
user = User.objects.create_user("tokentestuser", "*****@*****.**", "testpw")
p1 = PasswordResetTokenGenerator()
p1.secret = "oldsecret"
tk = p1.make_token(user)
p2 = PasswordResetTokenGenerator()
self.assertIs(p2.check_token(user, tk), True)
def test_timeout(self):
"""
The token is valid after n days, but no greater.
"""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'today'
class Mocked(PasswordResetTokenGenerator):
def __init__(self, today):
self._today_val = today
def _today(self):
return self._today_val
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1))
def post(self, request, *args, **kwargs):
form = RegisterForm(request.POST)
if form.is_valid():
user = form.save(commit=False)
user.is_active = False
user.save()
current_site = get_current_site(request)
mail_subject = 'Activate your blog account.'
token_generator = PasswordResetTokenGenerator()
txt = get_template('user/acc_active_email.txt')
html = get_template('user/acc_active_email.html')
d = {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': token_generator.make_token(user),
}
html_content = html.render(d)
txt_content = txt.render(d)
to_email = form.cleaned_data.get('email')
email = EmailMultiAlternatives(mail_subject,
txt_content,
to=[to_email])
email.attach_alternative(html_content, "text/html")
email.send()
message = _(
"Please confirm your email address to complete the registration"
)
messages.add_message(request, messages.INFO, message)
return redirect("fridge:settings")
return render(request, self.template_name, {'form': form})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
email = serializer.validated_data['email']
user = User.objects.filter(email__iexact=email).first()
active_user_found = False
if user:
active_user_found = True
if not active_user_found:
return Response({
'data': MESSAGE_CONSTANTS["LINK_SENT_MESSAGE"],
'status': status.HTTP_200_OK
})
token = PasswordResetTokenGenerator.make_token(default_token_generator,
user)
reset_url = '{}{}/{}/{}/'.format(
settings.WEBAPP_BASE_URL,
MESSAGE_CONSTANTS["PASSWORD_RESET_CONFIRM_URL"], user.id, token)
send_reset_email_task.delay(email, user.get_short_name(), reset_url)
return Response({
'data': MESSAGE_CONSTANTS["LINK_SENT_MESSAGE"],
'status': status.HTTP_200_OK
})
def setUp(self):
self.faker = Faker()
token_generator = PasswordResetTokenGenerator()
self.user = baker.make(get_user_model())
self.user.is_active = False
self.user.save()
self.token = token_generator.make_token(self.user)
def forgot_password_view(request, template_name='home/forgot_password.html'):
if request.user.is_authenticated == True:
return redirect('/')
if 'email' not in request.POST:
return render(request, template_name)
email = request.POST['email']
try:
user_obj = tbl_user.objects.get(email=email)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user_obj)
user_uid = user_obj.uid
password_reset_url = SITE_BASE_URL + 'reset_password?uid=' + str(
user_uid) + '&token=' + token
th = threading.Thread(target=send_pwd_reset_email_thread,
args=(user_obj.email, user_obj.first_name,
password_reset_url))
th.start()
except Exception as e:
pass
data = {'email': email, 'alert_str': 'Password reset link is sent.'}
return render(request, template_name, data)
def registration(request):
"""Регистрация пользователя и получение confirmation_code"""
serializer = RegistrationSerializer(data=request.data)
if not serializer.is_valid():
raise ValidationError(serializer.errors)
email = serializer.validated_data['email']
username = serializer.validated_data['username']
if not email:
return Response(
{'message': {
'Ошибка': 'Не указана почта для регистрации'
}},
status=status.HTTP_403_FORBIDDEN)
token = PasswordResetTokenGenerator()
user = get_user_model()
user.email = email
user.last_login = timezone.now()
user.password = ''
confirmation_code = token.make_token(user)
try:
query_get, flag = get_user_model().objects.get_or_create(
email=email,
defaults={
'username': username,
'confirmation_code': confirmation_code,
'last_login': timezone.now()
})
if not flag:
return Response(
{
'message': {
'Ошибка': ('Пользователь с таким email '
'уже существует.')
}
},
status=status.HTTP_403_FORBIDDEN)
except HTTPError:
return Response({'message': {
'Ошибка': 'Ошибка запроса'
}},
status=status.HTTP_403_FORBIDDEN)
send_mail(
'Подтверждение адреса электронной почты yamdb',
f'Вы получили это письмо, потому что регистрируетесь на ресурсе '
f'yamdb Код подтверждения confirmation_code = '
f'{confirmation_code}',
settings.DEFAULT_FROM_EMAIL,
[
email,
],
fail_silently=False,
)
return Response({
'message': {
'ОК':
f'Пользователь c email {email} успешно создан. '
'Код подтверждения отправлен на электронную почту'
}
})
def test_make_token(self):
"""
Ensure that we can make a token and that it is valid
"""
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertTrue(p0.check_token(user, tk1))
def test_PasswordResetConfirmView_valid_token(self):
# PasswordResetConfirmView valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(self.user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk)))
response = PasswordResetConfirmView.as_view(success_url='dummy/')(self.request, uidb64=uidb64, token=token)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
def _get_confirm_url(self, user):
token_maker = PasswordResetTokenGenerator()
token = token_maker.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.pk)) #same thing django does to generate uid
confirm_url = reverse('auth_password_reset_confirm',
kwargs={'token':token,
'uidb64':uid})
return confirm_url
def form_valid(self, form):
"""
Register a new user.
"""
# Do not accept any valid form when registration is closed.
if not settings.REGISTRATION_POSSIBLE:
messages.error(self.request, _('I\'m sorry, but I can\'t let anyone register at the moment.'))
return redirect(reverse_lazy('login'))
# Create and save user
user = LilyUser.objects.create_user(
email=form.cleaned_data['email'],
password=form.cleaned_data['password'],
first_name=form.cleaned_data['first_name'],
preposition=form.cleaned_data['preposition'],
last_name=form.cleaned_data['last_name'],
)
user.is_active = False
user.save()
# Add to admin group
account_admin = Group.objects.get_or_create(name='account_admin')[0]
user.groups.add(account_admin)
# Get the current site
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
# Generate uidb36 and token for the activation link
uidb36 = int_to_base36(user.pk)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
# Send an activation mail
# TODO: only create/save contact when e-mail sent successfully
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'user': user,
'uidb36': uidb36,
'token': token,
}
)
# Show registration message
messages.success(
self.request,
_('Registration completed. I\'ve sent you an email, please check it to activate your account.')
)
return self.get_success_url()
def get_token(user):
#assert request.user.is_authenticated()
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
return token
def test_PasswordResetConfirmView_valid_token(self):
# PasswordResetConfirmView valid token
client = PasswordResetConfirmClient()
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(self.user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk)))
url = reverse('password_reset_confirm', kwargs={'uidb64': uidb64, 'token': token})
response = client.get(url)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
class ActivationResendView(FormView):
"""
This view is used by an user to request a new activation e-mail.
"""
template_name = 'users/activation_resend_form.html'
form_class = ResendActivationForm
def form_valid(self, form):
"""
If ResendActivationForm passed the validation, generate new token and send an e-mail.
"""
self.TGen = PasswordResetTokenGenerator()
self.users = CustomUser.objects.filter(
contact__email_addresses__email_address__iexact=form.cleaned_data['email'],
contact__email_addresses__is_primary=True
)
# Get the current site or empty string
try:
self.current_site = Site.objects.get_current()
except Site.DoesNotExist:
self.current_site = ''
for user in self.users:
# Generate uidb36 and token for the activation link
self.uidb36 = int_to_base36(user.pk)
self.token = self.TGen.make_token(user)
# E-mail to the user
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': self.current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'full_name': " ".join([user.contact.first_name, user.contact.preposition, user.contact.last_name]),
'user': user,
'uidb36': self.uidb36,
'token': self.token,
}
)
# Show registration message
messages.success(self.request, _('Reactivation success. Check your <nobr>e-mail</nobr> to activate your account.'))
# Redirect to success url
return self.get_success_url()
def get_success_url(self):
"""
Redirect to the success url.
"""
return redirect(reverse_lazy('login'))
def test_token_with_different_secret(self):
"""
A valid token can be created with a secret other than SECRET_KEY by
using the PasswordResetTokenGenerator.secret attribute.
"""
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
new_secret = 'abcdefghijkl'
# Create and check a token with a different secret.
p0 = PasswordResetTokenGenerator()
p0.secret = new_secret
tk0 = p0.make_token(user)
self.assertTrue(p0.check_token(user, tk0))
# Create and check a token with the default secret.
p1 = PasswordResetTokenGenerator()
self.assertEqual(p1.secret, settings.SECRET_KEY)
self.assertNotEqual(p1.secret, new_secret)
tk1 = p1.make_token(user)
# Tokens created with a different secret don't validate.
self.assertFalse(p0.check_token(user, tk1))
self.assertFalse(p1.check_token(user, tk0))
def send_reset_password_email(user, request):
token_generator = PasswordResetTokenGenerator()
temp_key = token_generator.make_token(user)
# send the password reset email
path = reverse('account_reset_password_from_key',
kwargs=dict(uidb36=int_to_base36(user.id),
key=temp_key))
url = request.build_absolute_uri(path)
context = {'password_reset_url': url}
subject = 'Reset your password'
send_mail('account/email/forget_password.html', subject, user.email, context)
def send_email_auth_token(request, user, new_user=False):
token_generator = PasswordResetTokenGenerator()
t = loader.get_template('signup/email_auth_form.html')
c = {
'email': user.email,
'host': request.get_host(),
'user_token': int_to_base36(user.id),
'user': user,
'key_token': token_generator.make_token(user),
'new_user' : new_user,
}
send_mail(_("New Login token for %s") % request.get_host(), t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def generate_token(request):
username_or_email = request.POST.get('username_or_email')
#Check to see if we can find a valid user
try:
empous_user = User.objects.get(Q(username__iexact=username_or_email)|Q(email__iexact=username_or_email))
token_gen = PasswordResetTokenGenerator()
reset_token = token_gen.make_token(empous_user)
reset_message = "A password reset token has been requested for your account. Your token is : %s" % reset_token
email = EmailMessage("Empous: Password Reset Token", reset_message, to=[empous_user.email], from_email="*****@*****.**")
email.send()
return HttpResponse(json.dumps({'response_message':'A token has been emailed to "%s"' % empous_user.email}), mimetype='application/json')
except User.DoesNotExist:
return HttpResponse(json.dumps({'response_message':'Could not find an empous user with a username or email of "%s"' % username_or_email}), mimetype='application/json')
def form_valid(self, form):
"""
If ResendActivationForm passed the validation, generate new token and send an e-mail.
"""
token_generator = PasswordResetTokenGenerator()
users = LilyUser.objects.filter(
email__iexact=form.cleaned_data['email']
)
# Get the current site or empty string
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
for user in users:
# Generate uidb36 and token for the activation link
uidb36 = int_to_base36(user.pk)
token = token_generator.make_token(user)
# E-mail to the user
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'user': user,
'uidb36': uidb36,
'token': token,
}
)
# Show registration message
messages.success(
self.request,
_('Reactivation successful. I\'ve sent you an email, please check it to activate your account.')
)
# Redirect to success url
return self.get_success_url()
def test_timeout(self, password_reset_timeout_days=3):
"""
Ensure we can use the token after n days, but no greater.
"""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'today'
class Mocked(PasswordResetTokenGenerator):
def __init__(self, today):
self._today_val = today
def _today(self):
return self._today_val
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() + timedelta(password_reset_timeout_days))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() + timedelta(password_reset_timeout_days + 1))
self.assertFalse(p2.check_token(user, tk1))
def user_password_retrieve(request):
username = request.GET['username_forgot']
u = User.objects.get(email = username)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(u)
u.set_password(token)
u.save()
msg = MIMEMultipart()
msg['Subject'] = 'Mail from the MicrobesFlux -- Password reset'
msg['From'] = '*****@*****.**'
msg['To'] = username
msg.preamble = 'Reset your password'
fromaddr = "*****@*****.**"
toaddrs = [username, ]
content = MIMEText("Dear MicrobesFlux User: we have changed your password to " + token + ". -- MicrobesFlux")
msg.attach(content)
server = smtplib.SMTP('localhost')
server.sendmail(fromaddr, toaddrs, msg.as_string())
server.quit()
return HttpResponse(content = """New Email sent!""", status = 200, content_type = "text/html")
def send(self, users: List[UserProfile], subject_template_name: str='',
email_template_name: str='', use_https: bool=True,
token_generator: PasswordResetTokenGenerator=default_token_generator,
from_email: Optional[Text]=None, html_email_template_name: Optional[str]=None) -> None:
"""Sends one-use only links for resetting password to target users
"""
for user_profile in users:
context = {
'email': user_profile.email,
'domain': user_profile.realm.host,
'site_name': "zulipo",
'uid': urlsafe_base64_encode(force_bytes(user_profile.id)),
'user': user_profile,
'token': token_generator.make_token(user_profile),
'protocol': 'https' if use_https else 'http',
}
logging.warning("Sending %s email to %s" % (email_template_name, user_profile.email,))
send_email('zerver/emails/password_reset', to_user_id=user_profile.id,
from_name="Zulip Account Security", from_address=FromAddress.NOREPLY,
context=context)
def test_titles(self):
rf = RequestFactory()
user = User.objects.create_user('jsmith', '*****@*****.**', 'pass')
user = authenticate(username=user.username, password='******')
request = rf.get('/somepath/')
request.user = user
response = password_reset(request, post_reset_redirect='dummy/')
self.assertContains(response, '<title>Password reset</title>')
self.assertContains(response, '<h1>Password reset</h1>')
response = password_reset_done(request)
self.assertContains(response, '<title>Password reset successful</title>')
self.assertContains(response, '<h1>Password reset successful</h1>')
# password_reset_confirm invalid token
response = password_reset_confirm(request, uidb64='Bad', token='Bad', post_reset_redirect='dummy/')
self.assertContains(response, '<title>Password reset unsuccessful</title>')
self.assertContains(response, '<h1>Password reset unsuccessful</h1>')
# password_reset_confirm valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/')
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
response = password_reset_complete(request)
self.assertContains(response, '<title>Password reset complete</title>')
self.assertContains(response, '<h1>Password reset complete</h1>')
response = password_change(request, post_change_redirect='dummy/')
self.assertContains(response, '<title>Password change</title>')
self.assertContains(response, '<h1>Password change</h1>')
response = password_change_done(request)
self.assertContains(response, '<title>Password change successful</title>')
self.assertContains(response, '<h1>Password change successful</h1>')
def test_titles(self):
rf = RequestFactory()
user = User.objects.create_user('jsmith', '*****@*****.**', 'pass')
user = authenticate(username=user.username, password='******')
request = rf.get('/somepath/')
request.user = user
response = PasswordResetView.as_view(success_url='dummy/')(request)
self.assertContains(response, '<title>Password reset</title>')
self.assertContains(response, '<h1>Password reset</h1>')
response = PasswordResetDoneView.as_view()(request)
self.assertContains(response, '<title>Password reset sent</title>')
self.assertContains(response, '<h1>Password reset sent</h1>')
# PasswordResetConfirmView invalid token
response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64='Bad', token='Bad')
self.assertContains(response, '<title>Password reset unsuccessful</title>')
self.assertContains(response, '<h1>Password reset unsuccessful</h1>')
# PasswordResetConfirmView valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64=uidb64, token=token)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
response = PasswordResetCompleteView.as_view()(request)
self.assertContains(response, '<title>Password reset complete</title>')
self.assertContains(response, '<h1>Password reset complete</h1>')
response = PasswordChangeView.as_view(success_url='dummy/')(request)
self.assertContains(response, '<title>Password change</title>')
self.assertContains(response, '<h1>Password change</h1>')
response = PasswordChangeDoneView.as_view()(request)
self.assertContains(response, '<title>Password change successful</title>')
self.assertContains(response, '<h1>Password change successful</h1>')
def send_activation_email(request, user):
b64uid = urlsafe_base64_encode(str(user.id))
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
if user.is_active:
raise Exception('Will not send activation key to active user')
send_mail(
'Activate your Editors\' Notes account',
'This email was used to create an account at {site_url}.\n\n'
'To activate your account, visit the following link:\n\n'
'\t{activation_url}\n\n'
'If you did not request an account, please ignore this email.'.format(
site_url=request.build_absolute_uri('/'),
activation_url=request.build_absolute_uri(
reverse('auth:activate_account', args=[b64uid, token])
),
activation_token=token),
settings.SERVER_EMAIL,
[user.email]
)
def post(self, request, *args, **kwargs):
email = request.REQUEST['email']
try:
user = Customer.objects.get(email=email)
email_configuration = {
'uid' : int_to_base36(user.pk),
'user' : user,
'email' : user.email,
'token' : PasswordResetTokenGenerator.make_token(user),
'domain' : "example.com",
'site_name': "car sharing inc",
'protocol' : 'https',
}
send_mail(
_('Email password reset'),
render_to_string("reset_email", email_configuration),
"*****@*****.**",
user.email
)
return Response({'status': True, 'email': user.email, 'message': _('a mail will be sent to you in a short time')})
except Exception:
return Response({'status': False, 'email': user.email, 'message': _('this email is not associated with any user')})
def post(self, request, *args, **kwargs):
method = request.POST.get('_method')
_query = request.GET.copy()
print request.REQUEST.__str__();
print _query;
_query.pop("error", None)
_query.pop("message", None)
_query.pop("success", None)
if method == 'PUT':
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
email = request.GET.get('email')
token = request.GET.get('token')
print email
if password == password_confirm:
try:
user = User.objects.get(email=email)
token_gen = PasswordResetTokenGenerator()
if token_gen.check_token(user, token):
user.set_password(password)
user.save()
_query['success'] = 'password_changed'
_query['message'] = 'Tu password ha sido cambiado!'
# redirect ?success=password_changed
else:
_query['error'] = 'invalid_token'
_query['message'] = 'Esta url ha caducado o es inválida!'
# redirect ?error=invalid_token
except ObjectDoesNotExist:
# redirect ?error=user_does_not_exist
_query['error'] = 'user_does_not_exist'
_query['message'] = 'El usuario no existe!'
else:
# redirect ?error=password_missmatch
_query['error'] = 'password_missmatch'
_query['message'] = 'Las contraseñas no coinciden!'
pass
else:
email = request.POST.get('email')
user = User.objects.get(email=email)
if user:
token_gen = PasswordResetTokenGenerator()
token = token_gen.make_token(user)
print user.username
ctx = {
"name": user.username,
"url": request.build_absolute_uri(reverse('recuperar_pass')) + '?token=' + token + '&email=' + email
}
mensaje = get_template('registration/mail.recuperar.html').render(Context(ctx))
to = [email]
mail = EmailMessage('Recuperar Contraseña',
mensaje,
to=to,
from_email=settings.EMAIL_HOST_USER)
mail.content_type = 'html'
mail.send()
_query['success'] = 'email_sent'
_query['message'] = 'Se ha enviado un correo con las instrucciones!'
# redirect ?success=email_sent
return redirect(reverse('recuperar_pass') + '?' + _query.urlencode())
def test_make_token(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertTrue(p0.check_token(user, tk1))
def save(self,
domain_override: Optional[bool]=None,
subject_template_name: str='registration/password_reset_subject.txt',
email_template_name: str='registration/password_reset_email.html',
use_https: bool=False,
token_generator: PasswordResetTokenGenerator=default_token_generator,
from_email: Optional[str]=None,
request: HttpRequest=None,
html_email_template_name: Optional[str]=None,
extra_email_context: Optional[Dict[str, Any]]=None
) -> None:
"""
If the email address has an account in the target realm,
generates a one-use only link for resetting password and sends
to the user.
We send a different email if an associated account does not exist in the
database, or an account does exist, but not in the realm.
Note: We ignore protocol and the various email template arguments (those
are an artifact of using Django's password reset framework).
"""
email = self.cleaned_data["email"]
realm = get_realm(get_subdomain(request))
if not email_auth_enabled(realm):
logging.info("Password reset attempted for %s even though password auth is disabled." % (email,))
return
if realm.deactivated:
logging.info("Realm is deactivated")
return
user = None # type: Optional[UserProfile]
try:
user = get_active_user(email, realm)
except UserProfile.DoesNotExist:
pass
context = {
'email': email,
'realm_uri': realm.uri,
}
if user is not None:
token = token_generator.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.id)).decode('ascii')
endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
context['no_account_in_realm'] = False
context['reset_url'] = "{}{}".format(user.realm.uri, endpoint)
send_email('zerver/emails/password_reset', to_user_id=user.id,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context)
else:
context['no_account_in_realm'] = True
accounts = UserProfile.objects.filter(email__iexact=email)
if accounts:
context['accounts'] = accounts
context['multiple_accounts'] = accounts.count() != 1
send_email('zerver/emails/password_reset', to_email=email,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context)
def get_login_tokens(user):
token_generator = PasswordResetTokenGenerator()
return dict(user_token = int_to_base36(user.id),
key_token = token_generator.make_token(user))
