def reset_password_page(self, request): print('reset_password_page') if request.method == 'POST': form = PasswordResetForm(request.POST) print(form) # check whether it's valid: if form.is_valid(): password = form.data.get("new_password") key = form.data.get("key") user = User.objects.get(reset_password_key=key) user.set_password(password) user.reset_password_key = "" user.save() user.remove_token() # process the data in form.cleaned_data as required # ... # redirect to a new URL: return render(request, 'users/password_reset_success.html') # if a GET (or any other method) we'll create a blank form else: key = request.GET.get('key') form = PasswordResetForm(initial={ 'key': key, }) # return Response({'form': form}, 'users/password_reset_page.html') return render(request, 'users/password_reset_page.html', {'form': form})
def recover_password(request): """Endpoint for requesting user's password recovery.""" data = request.body if data: try: data = json.loads(data) user = User.objects.get(username=data.get("username",False)) if user: form = PasswordResetForm({'email': user.email}) if form.is_valid(): opts = { 'use_https': request.is_secure(), 'token_generator': default_token_generator, 'from_email': None, 'email_template_name': 'password_reset_email.html', 'subject_template_name': 'password_reset_subject.txt', 'request': request, 'html_email_template_name': None, } form.save(**opts) return HttpResponse(json.dumps({"detail": "ok"}), status=status.HTTP_200_OK, content_type="application/json") except Exception as e: pass return HttpResponse(status=status.HTTP_400_BAD_REQUEST)
def forgotten_password(request): """ Allow the user's password to be reset """ if request.method == "POST": # send email with password reset in lForm = PasswordResetForm(request.POST) if lForm.is_valid(): lPasswordReset = PasswordReset() lPasswordReset.generateKey() lPasswordReset.username = lForm.cleaned_data['username'] lPasswordReset.ip = request.META['REMOTE_ADDR'] lPasswordReset.useragent = request.META['HTTP_USER_AGENT'] lPasswordReset.save() try: lUser = User.objects.filter( username__iexact=lPasswordReset.username)[0] except: # try looking by email address try: lUser = User.objects.filter( email__iexact=lPasswordReset.username).order_by( '-last_login')[0] except: # don't send email if account not found return HttpResponseRedirect( '/accounts/forgottenpassword/sent/') if lUser.is_active == False: # don't send email if user is inactive return HttpResponseRedirect( '/accounts/forgottenpassword/sent/') notification(lUser, lPasswordReset, 'users', 'password_reset', 'request', request.user, browser_details(request), pDestination=lUser.email) return HttpResponseRedirect('/accounts/forgottenpassword/sent/') else: # show password reset form lForm = PasswordResetForm() return render_auth(request, "users/resetpassword/forgotten_password.html", {'form': lForm})
def view_reset_password(request, passwordreset_template): from users.forms import PasswordResetForm if request.method == 'POST': form = PasswordResetForm(post_data(request)) if not form.is_valid(): return response(passwordreset_template,locals(),request) email = form.cleaned_data.get('email') from users.models import UserProfile userprofile = UserProfile.objects.get(email=email) new_password = userprofile.reset_password() from utils.emailer import passwordreset_mailer passwordreset_mailer(userprofile, new_password) from users.messages import PASSWORD_RESET_EMAIL_SUCCESS _add_successmsg(request, PASSWORD_RESET_EMAIL_SUCCESS % email) return response(passwordreset_template,locals(),request) form = PasswordResetForm() return response(passwordreset_template,locals(),request)
def forgot_password(request, mobile=False): """Password reset form. This view sends an email with a reset link. """ if request.method == "POST": form = PasswordResetForm(request.POST) valid = form.is_valid() if valid: form.save(use_https=request.is_secure(), token_generator=default_token_generator, email_template_name='users/email/pw_reset.ltxt') if mobile: if valid: return HttpResponseRedirect( reverse('users.mobile_pw_reset_sent')) else: if not valid: return { 'status': 'error', 'errors': dict(form.errors.iteritems()) } else: return {'status': 'success'} else: form = PasswordResetForm() if mobile: return jingo.render(request, 'users/mobile/pw_reset_form.html', {'form': form})
def password_reset(request): """Password reset form. Based on django.contrib.auth.views. This view sends the email. """ if request.method == "POST": form = PasswordResetForm(request.POST) if form.is_valid(): form.save(use_https=request.is_secure(), token_generator=default_token_generator, email_template_name='users/email/pw_reset.ltxt') # Don't leak existence of email addresses. return HttpResponseRedirect(reverse('users.pw_reset_sent')) else: form = PasswordResetForm() return render(request, 'users/pw_reset_form.html', {'form': form})
def post(request): form = PasswordResetForm(request.POST) email = request.POST['email'] if form.is_valid(): if request.POST['pwd1'] != request.POST['pwd2']: return render( request, "password_reset.html", { "email": email, "reset_form": form, "msg": "password were different between two enters" }) user = UserProfile.objects.get(email=email) user.password = make_password(request.POST['pwd2']) user.save() return render(request, "login.html", {"msg": "reset success, please login."}) else: return render(request, "password_reset.html", { "email": email, "reset_form": form })
def password_reset(request): if request.method == 'POST': form = PasswordResetForm(request.POST) if form.is_valid(): email = form.cleaned_data['email'] try: user = User.objects.get(email=email) except User.DoesNotExist: user = None if user: expires = timezone.now() + timezone.timedelta(minutes=5) token = jwt.encode({ 'username': user.username, 'exp': expires }, settings.SECRET_KEY, algorithm='HS256') url = request.build_absolute_uri( reverse_lazy('users:new-password', args=(token, ))) subject = '[Auth App] Please reset your password.' from_mail = '*****@*****.**' to_mail = user.email text_content = 'content' html_content = render_to_string('emails/password_reset.html', {'url': url}) send_mail(subject, text_content, from_mail, [to_mail], html_message=html_content) messages.success(request, ( 'Check your email for a link to reset your password. ' 'If it does not appear within a few minutes, check your spam folder.' )) return redirect('users:password-reset') else: form = PasswordResetForm() return render(request, 'users/reset_password.html', {'form': form})
def password_reset(request, template): """Password reset form. Based on django.contrib.auth.views. This view sends the email. """ if request.method == "POST": form = PasswordResetForm(request.POST) was_valid = form.is_valid() if was_valid: # TODO: Since we're using Jingo in a way that doesn't # override the Django template loader, the pw_reset.ltxt # email template must be a Django template and not a Jinja # template. # # After we switch all the rendering everywhere, we can # probably change this back. Until then, I'm pretty sure # this won't get translated. try_send_email_with_form( form.save, form, 'email', use_https=request.is_secure(), token_generator=default_token_generator, text_template='users/email/pw_reset.ltxt', html_template='users/email/pw_reset.html', subject_template_name='users/email/pw_reset_subject.ltxt') # Form may now be invalid if email failed to send. # PasswordResetForm is invalid iff there is no user with the entered # email address. # The condition below ensures we don't leak existence of email address # _unless_ sending an email fails. if form.is_valid() or not was_valid: # Don't leak existence of email addresses. return HttpResponseRedirect(reverse('users.pw_reset_sent')) else: form = PasswordResetForm() return render(request, template, {'form': form})
def forgot_password(request, mobile=False): """Password reset form. This view sends an email with a reset link. """ if request.method == "POST": form = PasswordResetForm(request.POST) valid = form.is_valid() if valid: form.save(use_https=request.is_secure(), token_generator=default_token_generator, email_template_name='users/email/pw_reset.ltxt') if mobile: if valid: return HttpResponseRedirect(reverse('users.mobile_pw_reset_sent')) else: if not valid: return {'status': 'error', 'errors': dict(form.errors.iteritems())} else: return {'status': 'success'} else: form = PasswordResetForm() if mobile: return jingo.render(request, 'users/mobile/pw_reset_form.html', {'form': form})
def get(request, code): form = PasswordResetForm() records = EmailVerify.objects.filter(code=code, verify_type="forget") if len(records) == 0: return render(request, "register.html", {"msg": "Wrong validation code"}) elif (timezone.now() - records[0].send_time).total_seconds() > 1800: records[0].delete() return render(request, "register.html", {"msg": "validation code out of date"}) email = records[0].email records[0].delete() return render(request, "password_reset.html", { "email": email, "reset_form": form })
def reset_password(request): form = PasswordResetForm() status = request.GET.get('status') if request.method == 'POST': form = PasswordResetForm(request.POST) elif request.user.has_perm('auth.change_user'): # Prefill user email try: user = User.objects.get(id=request.GET.get('id')) form = PasswordResetForm({'email': user.email}) except User.DoesNotExist: pass if not status == 'invalid_token': status = None if form.is_valid(): form.save() status = 'success' return render(request, 'users/reset_password.html', { 'form': form, 'status': status })
def password_reset(request): """Password reset form. Based on django.contrib.auth.views. This view sends the email. """ if request.method == "POST": form = PasswordResetForm(request.POST) if form.is_valid(): form.save(use_https=request.is_secure(), token_generator=default_token_generator, email_template_name='users/email/pw_reset.ltxt') # Don't leak existence of email addresses. return HttpResponseRedirect(reverse('users.pw_reset_sent')) else: form = PasswordResetForm() return jingo.render(request, 'users/pw_reset_form.html', {'form': form})
def reset_password(request): form = PasswordResetForm() status = request.GET.get('status') if request.method == 'POST': form = PasswordResetForm(request.POST) elif request.user.has_perm('auth.change_user'): # Prefill user email try: user = User.objects.get(id=request.GET.get('id')) form = PasswordResetForm({'email': user.email}) except User.DoesNotExist: pass if not status == 'invalid_token': status = None if form.is_valid(): form.save() status = 'success' return render(request, 'users/reset_password.html', {'form': form, 'status': status})
def password_reset(request, template): """Password reset form. Based on django.contrib.auth.views. This view sends the email. """ if request.method == "POST": form = PasswordResetForm(request.POST) was_valid = form.is_valid() if was_valid: # TODO: Since we're using Jingo in a way that doesn't # override the Django template loader, the pw_reset.ltxt # email template must be a Django template and not a Jinja # template. # # After we switch all the rendering everywhere, we can # probably change this back. Until then, I'm pretty sure # this won't get translated. try_send_email_with_form( form.save, form, 'email', use_https=request.is_secure(), token_generator=default_token_generator, email_template_name='users/email/pw_reset.ltxt', subject_template_name='users/email/pw_reset_subject.ltxt') # Form may now be invalid if email failed to send. # PasswordResetForm is invalid iff there is no user with the entered # email address. # The condition below ensures we don't leak existence of email address # _unless_ sending an email fails. if form.is_valid() or not was_valid: # Don't leak existence of email addresses. return HttpResponseRedirect(reverse('users.pw_reset_sent')) else: form = PasswordResetForm() return render(request, template, {'form': form})