def test_reset_form_get_users(self):
"""Check that a user with an unknown password hash can reset their password"""
user = User.objects.create_user("testuser", email="*****@*****.**")
# Using Django's password reset form, no user will be returned
form = PasswordResetForm()
dj_users = form.get_users("*****@*****.**")
self.assertEqual(len(list(dj_users)), 0)
# But using our form, a user will be returned
form = FsPasswordResetForm()
fs_users = form.get_users("*****@*****.**")
self.assertEqual(list(fs_users)[0].get_username(), user.get_username())
def test_reset_form_get_users(self):
"""Check that a user with an unknown password hash can reset their password"""
user = User.objects.create_user("testuser", email="*****@*****.**")
# Using Django's password reset form, no user will be returned
form = PasswordResetForm()
dj_users = form.get_users("*****@*****.**")
self.assertEqual(len(list(dj_users)), 0)
# But using our form, a user will be returned
form = FsPasswordResetForm()
fs_users = form.get_users("*****@*****.**")
self.assertEqual(list(fs_users)[0].get_username(), user.get_username())
def forget_password(request,*args,**kwargs):
if request.method == "POST":
form = PasswordResetForm(request.POST)
if form.is_valid():
user=form.get_users(form.cleaned_data['email'])
if user is not None:
user.reset_password_code=make_password(user.username,'reset_password',hasher='pbkdf2_sha256')
subject='password reset'
message='please open the link below to activate your account\n'\
+SITE_URL+'people/'+user.username+'/reset_password_code/'+tokens
user.email_user(subject,message,EMAIL_SENDER)
user.save()
return redirect('/people/reset_password_done/')
else:
username=None
context={'title':'activation','message':'your account has been activated or activation code is out of date'}
redirect('/people/%s/' %username,context)
# return HttpResponseRedirect(post_reset_redirect)
else:
form = PasswordResetForm()
context = {
'form': form,
'title':'Password reset',
}
return render(request, 'people/reset_password.html',context)
def post(self, request, *args, **kwargs):
serializer_context = {'request': request}
serializer = self.serializer_class(data=request.data,
context=serializer_context)
context = {
'success': False,
'request': request,
}
if serializer.is_valid():
form = PasswordResetForm(data=serializer.data)
form.is_valid()
users = form.get_users(serializer.data['email'])
users = list(users)
if not users:
context['serializer'] = serializer
context['error_message'] = _('No matching user found.')
return Response(context, status=status.HTTP_400_BAD_REQUEST)
form.save(
email_template_name=
'localcosmos_server/registration/password_reset_email.html')
context['success'] = True
else:
context['serializer'] = serializer
return Response(context, status=status.HTTP_400_BAD_REQUEST)
context['serializer'] = serializer
return Response(context)
def obj_create(self, bundle, **kwargs):
required = ['username', ]
check_required_params(bundle, required)
username = bundle.data['username']
# find if username or email address
user = User.objects.filter(Q(username=username) |
Q(email__iexact=username)).first()
if user is not None:
prf = PasswordResetForm({'email': user.email})
if prf.is_valid():
prf.get_users(user.email)
prf.save(request=bundle.request,
from_email=settings.SERVER_EMAIL,
use_https=bundle.request.is_secure())
return bundle
def forgot(request):
form = PasswordResetForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
try:
# If there are active user(s) that match email
next(form.get_users(email))
form.save(request=request)
response_data = {'result': 'success', 'guest': True}
status_code = status.HTTP_200_OK
except StopIteration:
response_data = {'errors': ["Email cannot be found"]}
status_code = status.HTTP_400_BAD_REQUEST
else:
response_data = {'errors': ["Email is invalid"]}
status_code = status.HTTP_400_BAD_REQUEST
return Response(data=response_data, status=status_code)
def forgot(request):
form = PasswordResetForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
try:
# If there are active user(s) that match email
next(form.get_users(email))
form.save(request=request)
response_data = {'result': 'success',
'guest': True}
status_code = status.HTTP_200_OK
except StopIteration:
response_data = {'errors': ["Email cannot be found"]}
status_code = status.HTTP_400_BAD_REQUEST
else:
response_data = {'errors': ["Email is invalid"]}
status_code = status.HTTP_400_BAD_REQUEST
return Response(data=response_data, status=status_code)
def request_password_reset(request):
if request.method != "POST":
return JsonResponse({"status": 405}, status=405)
data = None
if request.content_type.startswith('application/json'):
data = json.load(request)
else:
data = request.POST
form = PasswordResetForm(data)
if not form.is_valid():
return JsonResponse(form.errors, status=400)
users = list(form.get_users(form.cleaned_data["email"]))
if not users:
return JsonResponse(
{
"email":
"No active account is associated with given email address."
},
status=400)
subject = "Password Reset"
for user in users:
template_context = _email_context(request, user)
message = render_to_string("accounts/reset_password_email.txt",
template_context)
html_message = render_to_string("accounts/reset_password_email.html",
template_context)
recipient_list = [user.email]
send_mail(subject,
message,
settings.EMAIL_HOST_USER,
recipient_list,
html_message=html_message)
return JsonResponse({"status": 200})
