def forgot(request): """Sends a password reset link to a user's validated email address. If the email address isn't validated, do nothing (?) """ # This doesn't make sense if the user is logged in if not request.user.is_anonymous(): return HttpResponseRedirect('/') if request.method == 'POST': User = get_user_model() form = ForgotPasswordForm(request.POST) if form.is_valid(): email = form.cleaned_data['email'] try: user = User.objects.get(email=email, userdata__email_verified=True) if getattr(user, 'social_auth', None) and user.social_auth.exists(): send_social_auth_provider_login_email(request, user) else: send_password_reset_email(request, user) except User.DoesNotExist: pass return render(request, 'accounts/forgot/wait_for_email.html') else: form = ForgotPasswordForm() c = { 'form': form, } return render(request, 'accounts/forgot/forgot.html', c)
def forgotPassword(request): messages = [] if request.method == 'POST': forgotPasswordForm = ForgotPasswordForm(request.POST) if forgotPasswordForm.is_valid(): try: user= User.objects.get(username= forgotPasswordForm.cleaned_data['username']) print user print user.email messages.append('user found, forgot password email to be sent') # send_mail('Subject here', 'Here is the message.', '*****@*****.**', # ['*****@*****.**'], fail_silently=False) forgotPasswordForm = ForgotPasswordForm() return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages}) except User.DoesNotExist: messages.append('user not found') forgotPasswordForm = ForgotPasswordForm() return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages}) else: messages.append('invalid form') forgotPasswordForm = ForgotPasswordForm() return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages}) else: forgotPasswordForm = ForgotPasswordForm() return render(request, 'ForgotPassword.html', {'forgotPasswordForm':forgotPasswordForm,'messages':messages})
def reset_password(request): if request.method == 'POST': form = ForgotPasswordForm(request.POST) data = {'message': str(), 'error': str()} if form.is_valid(): user = User.objects.filter(email=request.POST['email']) data['form'] = ForgotPasswordForm() if len(user) > 0: user = user[0] user.set_password(request.POST['password']) user.save() auth_user = authenticate(identification=request.POST['email'], password=request.POST['password']) if auth_user is not None: login(request, auth_user) return redirect('home') else: data['error'] = 'Invalid login' else: data['error'] = 'Invalid user.' else: data['error'] = 'Passwords must match.' if data['error'] == str(): del data['error'] if data['message'] == str(): del data['message'] return render(request, 'forgot_password.jade', data) return render(request, 'forgot_password.jade', dict())
def forgot_password(request): """If the user forgot his password, he can have a new one.""" if request.method == "POST": form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.data username = data["username"] usr = get_object_or_404(User, username=username) # Generate a valid token during one hour. uuid_token = str(uuid.uuid4()) date_end = datetime.now() + timedelta( days=0, hours=1, minutes=0, seconds=0) token = TokenForgotPassword(user=usr, token=uuid_token, date_end=date_end) token.save() # send email subject = _(u"{} - Mot de passe oubliƩ").format( settings.ZDS_APP['site']['abbr']) from_email = "{} <{}>".format( settings.ZDS_APP['site']['litteral_name'], settings.ZDS_APP['site']['email_noreply']) message_html = get_template( "email/forgot_password/confirm.html").render( Context({ "username": usr.username, "url": settings.ZDS_APP['site']['url'] + token.get_absolute_url() })) message_txt = get_template( "email/forgot_password/confirm.txt").render( Context({ "username": usr.username, "url": settings.ZDS_APP['site']['url'] + token.get_absolute_url() })) msg = EmailMultiAlternatives(subject, message_txt, from_email, [usr.email]) msg.attach_alternative(message_html, "text/html") msg.send() return render_template("member/forgot_password/success.html") else: return render_template("member/forgot_password/index.html", {"form": form}) form = ForgotPasswordForm() return render_template("member/forgot_password/index.html", {"form": form})
def forgot_password(request): form = ForgotPasswordForm() if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] email = form.cleaned_data['email'] et = EmailTool() et.send([email], "your new password is:sss") messages.add_message( request, messages.SUCCESS, '%s:Your password has been emailed to you!' % username) return redirect('login') return render_to_response('forgot_password.html', {'form': form}, context_instance=RequestContext(request))
def forgot_password(request): ''' if the user forgot their password renders ForgotPasswordForm, or processes it if a POST request ''' if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.cleaned_data # Does the user in the email field even exist? try: user = User.objects.get(username=data['username']) profile = UserProfile.objects.get(user=user) except User.DoesNotExist: return HttpResponseRedirect(reverse('main_page')) # Ok, they do. Send them an email reset_string = random_string() profile.password_reset_stub = reset_string profile.save() reset_link = '%s%s?rid=%s&uid=%s' % (_hostname(), reverse('reset_password'), reset_string, str(profile.id)) email_body = render_message( 'mongologin/static/emails/forgot_password.txt', locals()) send_email(email_to=user.username, email_body=email_body, email_subject="Reset your password") messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." ) return HttpResponseRedirect(reverse('main_page')) else: form = ForgotPasswordForm() return render_to_response('forgot_password.html', locals(), context_instance=RequestContext(request))
def forgot_password( request ): ''' if the user forgot their password renders ForgotPasswordForm, or processes it if a POST request ''' if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.cleaned_data # Does the user in the email field even exist? try: user = User.objects.get(username=data['username']) profile = UserProfile.objects.get(user=user) except User.DoesNotExist: return HttpResponseRedirect( reverse('main_page') ) # Ok, they do. Send them an email reset_string = random_string() profile.password_reset_stub = reset_string profile.save() reset_link = '%s%s?rid=%s&uid=%s'%( _hostname(), reverse( 'reset_password' ), reset_string, str(profile.id) ) email_body = render_message( 'mongologin/static/emails/forgot_password.txt', locals() ) send_email( email_to=user.username, email_body=email_body, email_subject="Reset your password" ) messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." ) return HttpResponseRedirect( reverse('main_page') ) else: form = ForgotPasswordForm() return render_to_response( 'forgot_password.html', locals(), context_instance=RequestContext(request) )
def forgot_password(request): """If the user forgot his password, he can have a new one.""" if request.method == "POST": form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.data username = data["username"] usr = get_object_or_404(User, username=username) # Generate a valid token during one hour. uuidToken = str(uuid.uuid4()) date_end = datetime.now() + timedelta(days=0, hours=1, minutes=0, seconds=0) token = TokenForgotPassword(user=usr, token=uuidToken, date_end=date_end) token.save() # send email subject = "ZDS - Mot de passe oubliƩ" from_email = "Zeste de Savoir <{0}>".format(settings.MAIL_NOREPLY) message_html = get_template("email/forgot_password/confirm.html").render(Context( {"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()})) message_txt = get_template("email/forgot_password/confirm.txt") .render(Context( {"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()})) msg = EmailMultiAlternatives(subject, message_txt, from_email, [usr.email]) msg.attach_alternative(message_html, "text/html") msg.send() return render_template("member/forgot_password/success.html") else: return render_template("member/forgot_password/index.html", {"form": form}) form = ForgotPasswordForm() return render_template("member/forgot_password/index.html", {"form": form})
def forgot_password(request): FORGOT_PASSWORD_TEMPLATE = "core/forgot_password.html" if request.method == "GET": next_page = request.GET.get("next", "") else: next_page = "" if request.method != "POST": forgot_password_form = ForgotPasswordForm() else: forgot_password_form = ForgotPasswordForm(request.POST) if forgot_password_form.is_valid(): username_or_email = forgot_password_form.cleaned_data["username_or_email"] try: if username_or_email.count("@") > 0: username = "" email = username_or_email user = User.objects.get(email=username_or_email) else: username = username_or_email email = "" user = User.objects.get(username=username_or_email) except: # No username could be found. return render_to_response(FORGOT_PASSWORD_TEMPLATE, { "not_found": True, "form": forgot_password_form, "next": next_page, "username": username, "email": email }) username = user.username email = user.email # Username/email could be found (success). # Reset the password. new_random_password = UserManager().make_random_password() user.set_password(new_random_password) user.save() # Load a template for the message body and render it (to a string). email_body_template = loader.get_template("core/password_reset.html") template_context = Context({ "first_name": user.first_name, "last_name": user.last_name, "username": user.username, "password": new_random_password, "login_url": "http://localhost:8000/login/" }) # Email the user with the new password. user.email_user("EpiC Account Password Reset", email_body_template.render(template_context)) # Display the page confirming to the user that their password was reset. return render_to_response(FORGOT_PASSWORD_TEMPLATE, { "username": username, "email": email, "next": next_page }) # No GET or POST data, so display the form (for the first time). return render_to_response(FORGOT_PASSWORD_TEMPLATE, { "form": forgot_password_form, "next": next_page })
def auth_login(request, template='auth/login.html', next='/'): ''' View for the main user authentication system. Display a LoginForm to validate credentials, and optionally accept a ForgotPasswordForm to allow users to reset their password.''' from forms import LoginForm,ForgotPasswordForm from atrinsic.base.models import User form = LoginForm() forgotform = ForgotPasswordForm() user = None error = None next = request.REQUEST.get('next',next) if request.method == "POST": form = LoginForm(request.POST) forgotform = ForgotPasswordForm(request.POST) forgot_email = request.POST.get('forgot_email', None) if forgotform.is_valid() and forgotform.cleaned_data['forgot_email'] is not None: u = User.objects.get(email=forgotform.cleaned_data['forgot_email']) reset_auth = uuid.uuid4() UserPasswordReset.objects.filter(user=u).delete() UserPasswordReset.objects.create(user=u, reset=reset_auth) send_mail('Password Reset', """\nHello, You have requested your password be reset. To confirm your account and\n reset your password, please click on the link below:\n\n%s/accounts/reset?reset_auth=%s\n\n """ % (settings.SITE_URL, reset_auth), settings.SITE_CONTACT, [ u.email ], fail_silently=True) return render_to_response('auth/reset.html', {}, context_instance = RequestContext(request)) elif form.is_valid(): user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password']) if user is not None: if user.is_active: login(request, user) request.session["next"] = next if request.session.get("organization_id",None): del request.session["organization_id"] return HttpResponseRedirect(reverse('auth_choice')) else: error = "Account disabled" else: error = "Invalid Login" else: error = "Invalid Login" if request.GET.get("newhome",None)=="1": return render_to_response("notlogged/home.html",{ 'form':form, 'error':error, 'next' : next, 'forgotform' : forgotform, }, context_instance=RequestContext(request)) return render_to_response("auth/login2.html",{ 'form':form, 'error':error, 'next' : next, 'forgotform' : forgotform, }, context_instance=RequestContext(request))
def forgot_password(request): """Form for requesting a PasswordResetToken for a specified account. Accepts email or username. Keeps for each user at most one token at a time in the database. Also, it saves FakeTokens to obfuscate an account's existence whilst at the same time forcing a 5 minutes gap between the sending of two tokens for the same account.""" if request.user.is_authenticated(): return not_logged_out_routine(request) if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): identifier = form.cleaned_data['identifier'] user = None # do we need this here? -- Probably. try: # Form input could be an email or a username if looks_like_email(identifier): user = CustomUser.objects.get(email=identifier) else: user = CustomUser.objects.get(username=identifier) # At this point, we do have a user object. try: # Between sending two tokens for the same user, a certain period should pass (--> settings) previous_token = PasswordResetToken.objects.get(user=user) if previous_token.blocks_new(): messages.error(request, 'You need to wait between sending two tokens for the same account.') return redirect('accounts:forgot_password') # Only one token per user in the database; and we are about to create a new one. else: previous_token.delete() except PasswordResetToken.DoesNotExist: # Fair enough. pass # Alright, create the new token and send it. token = PasswordResetToken(user=user) token.save() request.session['token_value'] = token.value # EXTEND: send email except CustomUser.DoesNotExist: # No such user, therefor no email or token. But we do want a FakeToken. # See models.FakeToken or the docstring here for explanation why we do this FakeToken thing. try: # Clear all previous FakeTokens. # No difference between email or username here: previous_token = FakeToken.objects.get(user_identifier=identifier) if previous_token.blocks_new() == True: messages.error(request, 'You need to wait between sending two tokens for the same account.') return redirect('accounts:forgot_password') else: previous_token.delete() except FakeToken.DoesNotExist: pass ft = FakeToken(user_identifier=identifier) ft.save() request.session['token_value'] = None # we want to tell the user whether he had stated a username or an # email address; and we want to tell him which of both he stated if looks_like_email(identifier): request.session['token_email'] = identifier request.session['token_username'] = None else: request.session['token_email'] = None request.session['token_username'] = identifier return redirect('accounts:token_sent') else: form = ForgotPasswordForm return render(request, 'accounts/forgot_password.html', { 'form':form })