def password_reset(request):
template_name = 'accounts/password_reset.html'
context = {}
form = PasswordResetForm(request.POST or None)
if form.is_valid():
form.save()
context['success'] = True
context['form'] = form
return render(request, template_name, context)
def password_reset(request):
if request.method == 'POST':
form = PasswordResetForm(request, request.POST)
if form.is_valid():
form.save()
return redirect('accounts.password_reset_sent')
else:
form = PasswordResetForm(request)
return render(request, 'accounts/password_reset.j.html', {
'form': form
})
def password_reset(request):
form = PasswordResetForm(request.POST or None)
if form.is_valid():
opts = {
'use_https': request.is_secure(),
'token_generator': default_token_generator,
'from_email': settings.DEFAULT_FROM_EMAIL,
'email_template_name': 'accounts/password_reset_email.html',
'subject_template_name': 'accounts/password_reset_subject.txt',
'request': request
}
form.save(**opts)
messages.success(request, PASSWORD_RESET_MESSAGE)
return redirect(reverse('accounts:login'))
context = {'form': form}
return render(request, 'accounts/password_reset.html', context)
def reset(request, id, key):
# Make sure user exists and is active, reset key not expired and the provided key is valid
try:
u = User.objects.get(pk=id)
if u.is_active:
p = u.get_profile()
# Did the request expire?
if p.password_reset_date < timezone.now() - timedelta(days=1):
return render(
request, "accounts/message.html", {
'app': "accounts",
'connotation': "warning",
'message':
'This password reset request has been expired.'
})
# Is the key correct?
if p.password_reset_key != key:
# Avoid too much duplication and details so we show a unified error for incorrect reset key and user not found
raise User.DoesNotExist
else:
# Return a 'disabled account' error message
return render(
request, "accounts/message.html", {
'app':
"accounts",
'connotation':
"danger",
'message':
"This account has been suspended. This may be caused by either a violation of the Terms of Use or for verification purposes."
})
except User.DoesNotExist:
return render(
request, "accounts/message.html", {
'app': "accounts",
'connotation': "danger",
'message': 'Invalid password reset link.'
})
# Validate form and reset password
if request.method == 'POST':
form = PasswordResetForm(request.POST, instance=u)
if form.is_valid():
# For an unknown reason -yet- commenting out the following line has no effect. The password will still be saved.
# However, commenting out p.save() below prevent the profile fields from being updated!
form.save()
p.password_reset_key = ""
p.save()
u.backend = "django.contrib.auth.backends.ModelBackend"
login(request, u)
return render(
request, "accounts/message.html", {
'app':
"accounts",
'connotation':
"success",
'message':
'Your password has been reset successfully. <a href="/accounts/login/">Proceed to login</a>.'
})
else:
form = PasswordResetForm()
return render(request, "accounts/reset.html", {'form': form})
def test_form_helper_action_points_to_correct_url(self):
url = reverse('accounts:password_reset')
form = PasswordResetForm()
form.save()
self.assertEqual(form.helper.form_action, url)
def test_form_helper_method_is_post(self):
form = PasswordResetForm()
form.save()
self.assertEqual(form.helper.form_method, 'post')
def test_form_helper_exists(self):
form = PasswordResetForm()
form.save()
self.assertIsNotNone(form.helper)
def test_valid_form_sends_email_with_username(self, mock_send_mail):
form = PasswordResetForm(data={'email_or_username': USERNAME})
form.save()
self.assertTrue(mock_send_mail.called, True)
def test_save_on_empty_form_does_nothing(self, mock_send_mail):
form = PasswordResetForm()
form.save()
self.assertEqual(mock_send_mail.called, False)