def post(self, request): data = json.loads(request.body) receiver_email = data.get('email', None) try: account = User.objects.get(email=receiver_email) except ObjectDoesNotExist: logger.exception(self.errs['user_not_found'].format(receiver_email)) return Response({ 'status': _('Success'), 'message': self.msgs['success'] }, status=status.HTTP_200_OK) if account is not None and receiver_email: data['guid'] = hashlib.sha512(str(SystemRandom().getrandbits(512))).hexdigest() data['user'] = account.id date = datetime.datetime.utcnow() data['expiration_date'] = date + datetime.timedelta(days=settings.FORGOT_PASSWORD_GUID_EXPIRATION) try: serializer = UserUIDSerializer(data=data) if serializer.is_valid(): serializer.save() try: language_cookie_value = request.COOKIES.get(settings.LANGUAGE_COOKIE_NAME) file_path = os.path.join(settings.EMAIL_TEMPLATE_FA_LOCATION) if language_cookie_value == "en": file_path = os.path.join(settings.EMAIL_TEMPLATE_EN_LOCATION) file_handler = codecs.open(file_path, encoding="utf-8") email_content = file_handler.read() str_with_username = string.replace(email_content, '[username]', account.username) absolute_url = request.build_absolute_uri(reverse('setpassword') + data['guid']) personalized_email = string.replace(str_with_username, '[link]', absolute_url) email = EmailMessage('Forgot Password Email', personalized_email, to=[receiver_email]) email.send() logger.info(self.msgs['finish_success'].format(account.log_guid)) return Response({ 'status': _('Success'), 'message': self.msgs['success'] }, status=status.HTTP_200_OK) except Exception, e: logger.exception(self.errs['smtp_fail'].format(e.message)) return Response({ 'status': _('Fail'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: logger.error(self.errs['UID_invalid'].format(account.log_guid, data['guid'], date)) return Response({ 'status': _('Bad request'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request): data = json.loads(request.body) guid = data.get('guid', None) logger.info("SetPasswordView.post is called. GUID: {0}".format(guid)) password_serializer = PasswordSerializer(data=data, partial=True) if not password_serializer.is_valid(): return Response({ 'status': _('Bad request'), 'message': self.msgs['password_mismatch'], 'errors': 'Validation error' }, status=status.HTTP_400_BAD_REQUEST) try: user_uid = UserUID.objects.get(guid=guid) except ObjectDoesNotExist: logger.exception(self.errs['GUID_invalid'].format(guid)) return Response({ 'status': _('Bad request'), 'message': self.msgs['activation_invalid'] }, status=status.HTTP_400_BAD_REQUEST) now_offset_aware = timezone.make_aware(datetime.datetime.utcnow(), timezone.get_current_timezone()) if user_uid.expiration_date < now_offset_aware: logger.error(self.errs['GUID_expired'].format(guid, user_uid.expiration_date, now_offset_aware)) return Response({ 'status': _('Bad request'), 'message': self.msgs['activation_invalid'] }, status=status.HTTP_400_BAD_REQUEST) try: account = User.objects.get(id=user_uid.user_id) except ObjectDoesNotExist: logger.exception(self.msgs['GUID_invalid'].format(guid)) return Response({ 'status': _('Fail'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) if account is not None: se_data = dict() se_data['password'] = password_serializer.validated_data['new_password'] se_data['confirm_password'] = password_serializer.validated_data['confirm_password'] se_data['email'] = account.email se_data['username'] = account.username se_data['log_guid'] = account.log_guid try: with transaction.atomic(): serializer = UserSerializer(account, data=se_data) if serializer.is_valid(): serializer.save() # We need to mark the forgotpassword GUID as expired uid_data = dict() uid_data['guid'] = guid uid_data['user'] = user_uid.user_id uid_data['expiration_date'] = datetime.datetime.utcnow() uidSerializer = UserUIDSerializer(user_uid, data=uid_data) if uidSerializer.is_valid(): uidSerializer.save() logger.info(self.msgs['finish_success'].format(guid)) return Response({ 'status': _('Success'), 'message': self.msgs['update_pass_success'] }, status=status.HTTP_200_OK) else: logger.error(self.errs['ser_not_valid'].format(guid, user_uid.user_id, uid_data['expiration_date'])) return Response({ 'status': _('Fail'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: logger.error(self.errs['server_error']) return Response({ 'status': _('Fail'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) except Exception as e: logger.exception(self.errs['exception'].format(guid, e.message)) return Response({ 'status': _('Bad request'), 'message': self.msgs['internal_server_error'] }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: logger.exception(self.errs['GUID_none'].format(guid)) return Response({ 'status': _('Bad request'), 'message': self.msgs['activation_invalid'] }, status=status.HTTP_400_BAD_REQUEST)