def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = serializer.validated_data['token'] # find token reset_password_token = ResetPasswordToken.objects.filter( key=token).first() # change users password (if we got to this code it means that the user is_active) if reset_password_token.user.eligible_for_reset(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) try: # validate the password against existing validators validate_password(password, user=reset_password_token.user, password_validators=get_password_validators( settings.AUTH_PASSWORD_VALIDATORS)) except ValidationError as e: # raise a validation error for the serializer raise exceptions.ValidationError({'password': e.messages}) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter( user=reset_password_token.user).delete() return Response({'status': 'OK'})
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = serializer.validated_data['token'] # get token validation time password_reset_token_validation_time = get_password_reset_token_expiry_time() # find token reset_password_token = ResetPasswordToken.objects.filter(key=token).first() if reset_password_token is None: return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND) # check expiry date expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # delete expired token reset_password_token.delete() return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND) # change users password if reset_password_token.user.has_usable_password(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter(user=reset_password_token.user).delete() return Response({'status': 'OK'})
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = serializer.validated_data['token'] response_dict = dict({"status_code": None, "message": None, "status": None}) # get token validation time password_reset_token_validation_time = get_password_reset_token_expiry_time() # find token reset_password_token = ResetPasswordToken.objects.filter(key=token).first() if reset_password_token is None: message = get_response_message("TOKEN_NOT_FOUND") response_dict.update({"status_code": 404, 'status': 'notfound', "message": message}) return Response(response_dict, status=status.HTTP_404_NOT_FOUND) # check expiry date expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # delete expired token reset_password_token.delete() message = get_response_message("TOKEN_EXPIRED") response_dict.update({"status_code": 404, 'status': 'expired', "message": message}) return Response(response_dict, status=status.HTTP_404_NOT_FOUND) # change users password (if we got to this code it means that the user is_active) if reset_password_token.user.eligible_for_reset(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) try: # validate the password against existing validators validate_password( password, user=reset_password_token.user, password_validators=get_password_validators(settings.AUTH_PASSWORD_VALIDATORS) ) except ValidationError as e: # raise a validation error for the serializer raise exceptions.ValidationError({ 'password': e.messages }) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter(user=reset_password_token.user).delete() # done message = get_response_message("PASSWORD_CHANGED") response_dict.update({"status_code": 200, "status": "OK", "message": message}) return Response(response_dict)
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = serializer.validated_data['token'] # get token validation time password_reset_token_validation_time = get_password_reset_token_expiry_time( ) # find token reset_password_token = ResetPasswordToken.objects.filter( key=token).first() if reset_password_token is None: return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND) # check expiry date expiry_date = reset_password_token.created_at + timedelta( hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # delete expired token reset_password_token.delete() return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND) # change users password if reset_password_token.user.has_usable_password(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) try: # validate the password against existing validators validate_password(password, user=reset_password_token.user, password_validators=get_password_validators( settings.AUTH_PASSWORD_VALIDATORS)) except ValidationError as e: # raise a validation error for the serializer raise exceptions.ValidationError({'password': e.messages}) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter( user=reset_password_token.user).delete() return Response({'status': 'OK'})
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] confirm = serializer.validated_data['confirm'] token = serializer.validated_data['token'] if password == confirm: # get token validation time password_reset_token_validation_time = get_password_reset_token_expiry_time() # find token reset_password_token = ResetPasswordToken.objects.filter(key=token).first() if reset_password_token is None: return Response({'Estado': 'No encontrado'}, status=status.HTTP_404_NOT_FOUND) # check expiry date expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # delete expired token reset_password_token.delete() return Response({'Estado': 'Caducado'}, status=status.HTTP_404_NOT_FOUND) # change users password (if we got to this code it means that the user is_active) if reset_password_token.user.eligible_for_reset(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) try: # validate the password against existing validators validate_password( password, user=reset_password_token.user, password_validators=get_password_validators(settings.AUTH_PASSWORD_VALIDATORS) ) except ValidationError as e: # raise a validation error for the serializer raise exceptions.ValidationError({ 'password': e.messages }) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter(user=reset_password_token.user).delete() return Response({'Estado': 'Contraseña modificada'}) else: return Response({'Estado': 'Contraseñas diferentes'})
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = filter_parameters_from_token(serializer.validated_data['token']) # get token validation time # find token reset_password_token = ResetPasswordToken.objects.filter(key=token).first() if reset_password_token is None: return Response({'error': 'token not found'}, status=status.HTTP_404_NOT_FOUND) if reset_password_token.expired: return Response({'error': 'token expired'}, status=status.HTTP_400_BAD_REQUEST) if reset_password_token.used: return Response({'error': 'token used'}, status=status.HTTP_400_BAD_REQUEST) password_reset_token_validation_time = get_password_reset_token_expiry_time( is_long_token=reset_password_token.is_long_token ) # check expiry date expiry_date = reset_password_token.created_at + timedelta( hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # mark token as expired reset_password_token.expired = True reset_password_token.used = True reset_password_token.save() return Response({'error': 'token expired'}, status=status.HTTP_400_BAD_REQUEST) if not reset_password_token.user.is_active: return Response({'error': 'inactive user'}, status=status.HTTP_400_BAD_REQUEST) # change users password if reset_password_token.user.has_usable_password(): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user, request=request) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user, request=request) # Mark token as used ResetPasswordToken.objects.filter(user=reset_password_token.user).update(used=True) return Response()
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['new_password'] token = serializer.validated_data['token'] password_reset_token_validation_time = get_password_reset_token_expiry_time() reset_password_token = ResetPasswordToken.objects.filter( key=token).first() if reset_password_token is None: return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND) expiry_date = reset_password_token.created_at + \ timedelta(hours=password_reset_token_validation_time) if timezone.now() > expiry_date: reset_password_token.delete() return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND) if reset_password_token.user.eligible_for_reset(): pre_password_reset.send( sender=self.__class__, user=reset_password_token.user) try: validate_password( password, user=reset_password_token.user, password_validators=get_password_validators( settings.AUTH_PASSWORD_VALIDATORS) ) except ValidationError as e: raise exceptions.ValidationError({ 'password': e.messages }) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send( sender=self.__class__, user=reset_password_token.user) ResetPasswordToken.objects.filter( user=reset_password_token.user).delete() return Response({'status': 'OK'})
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = serializer.validated_data['token'] register = serializer.validated_data['register'] # get token validation time password_reset_token_validation_time = get_password_reset_token_expiry_time( register_token=register) # find token reset_password_token = ResetPasswordToken.objects.filter( key=token).first() if reset_password_token is None: return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND) # check expiry date expiry_date = reset_password_token.created_at + timedelta( hours=password_reset_token_validation_time) if timezone.now() > expiry_date: # delete expired token reset_password_token.delete() return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND) # change users password (if we got to this code it means that the user is_active) if reset_password_token.user.eligible_for_reset( register_token=register): pre_password_reset.send(sender=self.__class__, user=reset_password_token.user) try: # validate the password against existing validators validate_password(password, user=reset_password_token.user, password_validators=get_password_validators( settings.AUTH_PASSWORD_VALIDATORS)) except ValidationError as e: # raise a validation error for the serializer raise exceptions.ValidationError({'password': e.messages}) reset_password_token.user.set_password(password) reset_password_token.user.save() post_password_reset.send(sender=self.__class__, user=reset_password_token.user) # Log the user in refresh = RefreshToken.for_user(reset_password_token.user) # Delete all password reset tokens for this user ResetPasswordToken.objects.filter( user=reset_password_token.user).delete() return Response({ 'refresh': str(refresh), 'access': str(refresh.access_token), }) else: #User is ineligible for password reset return Response({'status': 'User ineligible for password reset'}, status=status.HTTP_403_FORBIDDEN)
def password_change_signals(self, user): """ triggers pre_password_reset signal before, triggers post_password_reset after """ pre_password_reset.send(sender=self.__class__, user=user) yield post_password_reset.send(sender=self.__class__, user=user)