def post(self, request): email = request.data["email"] email_validator = EmailValidator() email_validator(email) # prevent timing attack - is this necessary? try: user = get_user_model().objects.get(email=email, email_verified=True) token = PasswordResetToken(user=user, token=secrets.token_hex()) token.save() uid = user.id token = token.token password_reset_start.send(sender=self.__class__, user=user) except get_user_model().DoesNotExist: password_reset_start_reject.send(sender=self.__class__, email=email) uid = -1 token = "" email = "*****@*****.**" send_email( email, "RACTF - Reset Your Password", "password_reset", url=settings.FRONTEND_URL + "password_reset?id={}&secret={}".format(uid, token), ) return FormattedResponse()
def post(self, request): request.user.totp_device.delete() request.user.save() remove_2fa.send(sender=self.__class__, user=request.user) send_email(request.user.email, "RACTF - 2FA Has Been Disabled", "2fa_removed") return FormattedResponse()
def create(self, validated_data): user = validated_data['user'] user.set_password(validated_data['password']) user.save() token = user.email_token send_email(user.email, 'RACTF - Verify your email', 'verify', url='verify?id={}&secret={}'.format(user.id, token)) register.send(sender=self.__class__, user=user) return user
def test_mails(app): from backend.mail import mail, send_email with mail.record_messages() as outbox: send_email( recipients='*****@*****.**', subject='Test Email', body='Welcome to supermarkt.org', ) assert len(outbox) == 1 email = outbox[0] assert email.subject == 'Test Email' assert email.body == 'Welcome to supermarkt.org' assert len(email.recipients) == 1 assert '*****@*****.**' in email.recipients assert email.sender == 'Supermarkt <*****@*****.**>'
def post(self, request): email = request.data['email'] email_validator = EmailValidator() email_validator(email) # prevent timing attack - is this necessary? try: user = get_user_model().objects.get(email=email) uid = user.id token = user.password_reset_token password_reset_start.send(sender=self.__class__, user=user) except get_user_model().DoesNotExist: password_reset_start_reject.send(sender=self.__class__, email=email) uid = -1 token = '' email = '*****@*****.**' send_email(email, 'RACTF - Reset Your Password', 'password_reset', url='password_reset?id={}&secret={}'.format(uid, token)) return FormattedResponse()
def post(self, request): serializer = self.serializer_class(data=request.data, context={"request": request}) if not serializer.is_valid(): return FormattedResponse( m="invalid_token_or_uid", d=serializer.errors, status=HTTP_400_BAD_REQUEST, ) user = serializer.validated_data["user"] if user.email_verified: return FormattedResponse( m="invalid_token_or_uid", d=serializer.errors, status=HTTP_400_BAD_REQUEST, ) send_email(user.email, 'RACTF - Verify your email', 'verify', url=settings.FRONTEND_URL + 'verify?id={}&secret={}'.format(user.id, user.email_token)) return FormattedResponse('email_resent')
def register_user(self, username, email, password, invite, **kwargs): if config.get('email_regex') and not re.compile(config.get('email_regex')).match(email) or \ not email.endswith(config.get('email_domain')): raise FormattedException(m='invalid_email', status_code=HTTP_400_BAD_REQUEST) register_end_time = config.get('register_end_time') if not (config.get('enable_registration') and time.time() >= config.get('register_start_time')) \ and (register_end_time < 0 or register_end_time > time.time()): register_reject.send(sender=self.__class__, username=username, email=email) raise FormattedException(m='registration_not_open', status_code=HTTP_403_FORBIDDEN) user = get_user_model()(username=username, email=email) if get_user_model().objects.filter( username=username) or get_user_model().objects.filter( email=email): raise FormattedException(m='email_or_username_in_use', status_code=HTTP_403_FORBIDDEN) if not get_user_model().objects.all().exists(): user.is_staff = True user.is_superuser = True password_validation.validate_password(password, user) user.set_password(password) if config.get("invite_required"): if InviteCode.objects.filter(code=invite): code = InviteCode.objects.get(code=invite) if code: if code.uses >= code.max_uses: raise FormattedException( m="invite_already_used", status_code=HTTP_403_FORBIDDEN) code.uses += 1 if code.uses >= code.max_uses: code.fully_used = True code.save() if code.auto_team: user.team = code.auto_team else: raise FormattedException(m="invalid_invite", status_code=HTTP_403_FORBIDDEN) token = user.email_token if not settings.MAIL["SEND"]: user.email_verified = True if not config.get("enable_teams"): user.save() user.team = Team.objects.create( owner=user, name=username, password=secrets.token_hex(32), ) user.save() send_email(user.email, 'RACTF - Verify your email', 'verify', url=settings.FRONTEND_URL + 'verify?id={}&secret={}'.format(user.id, token)) register.send(sender=self.__class__, user=user) return user