def forgot(request):
"""Sends a password reset link to a user's validated email address. If
the email address isn't validated, do nothing (?)
"""
# This doesn't make sense if the user is logged in
if not request.user.is_anonymous():
return HttpResponseRedirect('/')
if request.method == 'POST':
User = get_user_model()
form = ForgotPasswordForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
try:
user = User.objects.get(email=email,
userdata__email_verified=True)
if getattr(user, 'social_auth', None) and user.social_auth.exists():
send_social_auth_provider_login_email(request, user)
else:
send_password_reset_email(request, user)
except User.DoesNotExist:
pass
return render(request, 'accounts/forgot/wait_for_email.html')
else:
form = ForgotPasswordForm()
c = {
'form': form,
}
return render(request, 'accounts/forgot/forgot.html', c)
def forgotPassword(request):
messages = []
if request.method == 'POST':
forgotPasswordForm = ForgotPasswordForm(request.POST)
if forgotPasswordForm.is_valid():
try:
user= User.objects.get(username= forgotPasswordForm.cleaned_data['username'])
print user
print user.email
messages.append('user found, forgot password email to be sent')
# send_mail('Subject here', 'Here is the message.', '*****@*****.**',
# ['*****@*****.**'], fail_silently=False)
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
except User.DoesNotExist:
messages.append('user not found')
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
else:
messages.append('invalid form')
forgotPasswordForm = ForgotPasswordForm()
return render(request,'ForgotPassword.html',{'forgotPasswordForm':forgotPasswordForm,'messages':messages})
else:
forgotPasswordForm = ForgotPasswordForm()
return render(request, 'ForgotPassword.html', {'forgotPasswordForm':forgotPasswordForm,'messages':messages})
def reset_password(request):
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
data = {'message': str(), 'error': str()}
if form.is_valid():
user = User.objects.filter(email=request.POST['email'])
data['form'] = ForgotPasswordForm()
if len(user) > 0:
user = user[0]
user.set_password(request.POST['password'])
user.save()
auth_user = authenticate(identification=request.POST['email'],
password=request.POST['password'])
if auth_user is not None:
login(request, auth_user)
return redirect('home')
else:
data['error'] = 'Invalid login'
else:
data['error'] = 'Invalid user.'
else:
data['error'] = 'Passwords must match.'
if data['error'] == str():
del data['error']
if data['message'] == str():
del data['message']
return render(request, 'forgot_password.jade', data)
return render(request, 'forgot_password.jade', dict())
def forgot_password(request):
"""If the user forgot his password, he can have a new one."""
if request.method == "POST":
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.data
username = data["username"]
usr = get_object_or_404(User, username=username)
# Generate a valid token during one hour.
uuid_token = str(uuid.uuid4())
date_end = datetime.now() + timedelta(
days=0, hours=1, minutes=0, seconds=0)
token = TokenForgotPassword(user=usr,
token=uuid_token,
date_end=date_end)
token.save()
# send email
subject = _(u"{} - Mot de passe oubliƩ").format(
settings.ZDS_APP['site']['abbr'])
from_email = "{} <{}>".format(
settings.ZDS_APP['site']['litteral_name'],
settings.ZDS_APP['site']['email_noreply'])
message_html = get_template(
"email/forgot_password/confirm.html").render(
Context({
"username":
usr.username,
"url":
settings.ZDS_APP['site']['url'] +
token.get_absolute_url()
}))
message_txt = get_template(
"email/forgot_password/confirm.txt").render(
Context({
"username":
usr.username,
"url":
settings.ZDS_APP['site']['url'] +
token.get_absolute_url()
}))
msg = EmailMultiAlternatives(subject, message_txt, from_email,
[usr.email])
msg.attach_alternative(message_html, "text/html")
msg.send()
return render_template("member/forgot_password/success.html")
else:
return render_template("member/forgot_password/index.html",
{"form": form})
form = ForgotPasswordForm()
return render_template("member/forgot_password/index.html", {"form": form})
def forgot_password(request):
form = ForgotPasswordForm()
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
email = form.cleaned_data['email']
et = EmailTool()
et.send([email], "your new password is:sss")
messages.add_message(
request, messages.SUCCESS,
'%s:Your password has been emailed to you!' % username)
return redirect('login')
return render_to_response('forgot_password.html', {'form': form},
context_instance=RequestContext(request))
def forgot_password(request):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect(reverse('main_page'))
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s' % (_hostname(),
reverse('reset_password'),
reset_string, str(profile.id))
email_body = render_message(
'mongologin/static/emails/forgot_password.txt', locals())
send_email(email_to=user.username,
email_body=email_body,
email_subject="Reset your password")
messages.add_message(
request, messages.SUCCESS,
"An email has been sent to you with instructions on resetting your password."
)
return HttpResponseRedirect(reverse('main_page'))
else:
form = ForgotPasswordForm()
return render_to_response('forgot_password.html',
locals(),
context_instance=RequestContext(request))
def forgot_password( request ):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect( reverse('main_page') )
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s'%(
_hostname(),
reverse( 'reset_password' ),
reset_string,
str(profile.id)
)
email_body = render_message(
'mongologin/static/emails/forgot_password.txt',
locals()
)
send_email( email_to=user.username, email_body=email_body, email_subject="Reset your password" )
messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." )
return HttpResponseRedirect( reverse('main_page') )
else:
form = ForgotPasswordForm()
return render_to_response( 'forgot_password.html',
locals(),
context_instance=RequestContext(request) )
def forgot_password(request):
"""If the user forgot his password, he can have a new one."""
if request.method == "POST":
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.data
username = data["username"]
usr = get_object_or_404(User, username=username)
# Generate a valid token during one hour.
uuidToken = str(uuid.uuid4())
date_end = datetime.now() + timedelta(days=0, hours=1, minutes=0,
seconds=0)
token = TokenForgotPassword(user=usr, token=uuidToken,
date_end=date_end)
token.save()
# send email
subject = "ZDS - Mot de passe oubliƩ"
from_email = "Zeste de Savoir <{0}>".format(settings.MAIL_NOREPLY)
message_html = get_template("email/forgot_password/confirm.html").render(Context(
{"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()}))
message_txt = get_template("email/forgot_password/confirm.txt") .render(Context(
{"username": usr.username, "url": settings.SITE_URL + token.get_absolute_url()}))
msg = EmailMultiAlternatives(subject, message_txt, from_email,
[usr.email])
msg.attach_alternative(message_html, "text/html")
msg.send()
return render_template("member/forgot_password/success.html")
else:
return render_template("member/forgot_password/index.html",
{"form": form})
form = ForgotPasswordForm()
return render_template("member/forgot_password/index.html", {"form": form})
def forgot_password(request):
FORGOT_PASSWORD_TEMPLATE = "core/forgot_password.html"
if request.method == "GET":
next_page = request.GET.get("next", "")
else:
next_page = ""
if request.method != "POST":
forgot_password_form = ForgotPasswordForm()
else:
forgot_password_form = ForgotPasswordForm(request.POST)
if forgot_password_form.is_valid():
username_or_email = forgot_password_form.cleaned_data["username_or_email"]
try:
if username_or_email.count("@") > 0:
username = ""
email = username_or_email
user = User.objects.get(email=username_or_email)
else:
username = username_or_email
email = ""
user = User.objects.get(username=username_or_email)
except:
# No username could be found.
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"not_found": True,
"form": forgot_password_form,
"next": next_page,
"username": username,
"email": email
})
username = user.username
email = user.email
# Username/email could be found (success).
# Reset the password.
new_random_password = UserManager().make_random_password()
user.set_password(new_random_password)
user.save()
# Load a template for the message body and render it (to a string).
email_body_template = loader.get_template("core/password_reset.html")
template_context = Context({
"first_name": user.first_name,
"last_name": user.last_name,
"username": user.username,
"password": new_random_password,
"login_url": "http://localhost:8000/login/"
})
# Email the user with the new password.
user.email_user("EpiC Account Password Reset", email_body_template.render(template_context))
# Display the page confirming to the user that their password was reset.
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"username": username,
"email": email,
"next": next_page
})
# No GET or POST data, so display the form (for the first time).
return render_to_response(FORGOT_PASSWORD_TEMPLATE, {
"form": forgot_password_form,
"next": next_page
})
def auth_login(request, template='auth/login.html', next='/'):
''' View for the main user authentication system. Display a LoginForm to
validate credentials, and optionally accept a ForgotPasswordForm to
allow users to reset their password.'''
from forms import LoginForm,ForgotPasswordForm
from atrinsic.base.models import User
form = LoginForm()
forgotform = ForgotPasswordForm()
user = None
error = None
next = request.REQUEST.get('next',next)
if request.method == "POST":
form = LoginForm(request.POST)
forgotform = ForgotPasswordForm(request.POST)
forgot_email = request.POST.get('forgot_email', None)
if forgotform.is_valid() and forgotform.cleaned_data['forgot_email'] is not None:
u = User.objects.get(email=forgotform.cleaned_data['forgot_email'])
reset_auth = uuid.uuid4()
UserPasswordReset.objects.filter(user=u).delete()
UserPasswordReset.objects.create(user=u, reset=reset_auth)
send_mail('Password Reset', """\nHello, You have requested your password be reset. To confirm your account and\n reset your password, please click on the link below:\n\n%s/accounts/reset?reset_auth=%s\n\n """ % (settings.SITE_URL, reset_auth), settings.SITE_CONTACT, [ u.email ], fail_silently=True)
return render_to_response('auth/reset.html', {}, context_instance = RequestContext(request))
elif form.is_valid():
user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password'])
if user is not None:
if user.is_active:
login(request, user)
request.session["next"] = next
if request.session.get("organization_id",None):
del request.session["organization_id"]
return HttpResponseRedirect(reverse('auth_choice'))
else:
error = "Account disabled"
else:
error = "Invalid Login"
else:
error = "Invalid Login"
if request.GET.get("newhome",None)=="1":
return render_to_response("notlogged/home.html",{
'form':form,
'error':error,
'next' : next,
'forgotform' : forgotform,
}, context_instance=RequestContext(request))
return render_to_response("auth/login2.html",{
'form':form,
'error':error,
'next' : next,
'forgotform' : forgotform,
}, context_instance=RequestContext(request))
def forgot_password(request):
"""Form for requesting a PasswordResetToken for a specified account.
Accepts email or username. Keeps for each user at most one token at a time
in the database. Also, it saves FakeTokens to obfuscate an account's existence
whilst at the same time forcing a 5 minutes gap between the sending of two
tokens for the same account."""
if request.user.is_authenticated():
return not_logged_out_routine(request)
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
identifier = form.cleaned_data['identifier']
user = None # do we need this here? -- Probably.
try:
# Form input could be an email or a username
if looks_like_email(identifier):
user = CustomUser.objects.get(email=identifier)
else:
user = CustomUser.objects.get(username=identifier)
# At this point, we do have a user object.
try:
# Between sending two tokens for the same user, a certain period should pass (--> settings)
previous_token = PasswordResetToken.objects.get(user=user)
if previous_token.blocks_new():
messages.error(request, 'You need to wait between sending two tokens for the same account.')
return redirect('accounts:forgot_password')
# Only one token per user in the database; and we are about to create a new one.
else:
previous_token.delete()
except PasswordResetToken.DoesNotExist:
# Fair enough.
pass
# Alright, create the new token and send it.
token = PasswordResetToken(user=user)
token.save()
request.session['token_value'] = token.value
# EXTEND: send email
except CustomUser.DoesNotExist:
# No such user, therefor no email or token. But we do want a FakeToken.
# See models.FakeToken or the docstring here for explanation why we do this FakeToken thing.
try:
# Clear all previous FakeTokens.
# No difference between email or username here:
previous_token = FakeToken.objects.get(user_identifier=identifier)
if previous_token.blocks_new() == True:
messages.error(request, 'You need to wait between sending two tokens for the same account.')
return redirect('accounts:forgot_password')
else:
previous_token.delete()
except FakeToken.DoesNotExist:
pass
ft = FakeToken(user_identifier=identifier)
ft.save()
request.session['token_value'] = None
# we want to tell the user whether he had stated a username or an
# email address; and we want to tell him which of both he stated
if looks_like_email(identifier):
request.session['token_email'] = identifier
request.session['token_username'] = None
else:
request.session['token_email'] = None
request.session['token_username'] = identifier
return redirect('accounts:token_sent')
else:
form = ForgotPasswordForm
return render(request, 'accounts/forgot_password.html', {
'form':form
})
