def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = serializer.validated_data['token']
# find token
reset_password_token = ResetPasswordToken.objects.filter(
key=token).first()
# change users password (if we got to this code it means that the user is_active)
if reset_password_token.user.eligible_for_reset():
pre_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
try:
# validate the password against existing validators
validate_password(password,
user=reset_password_token.user,
password_validators=get_password_validators(
settings.AUTH_PASSWORD_VALIDATORS))
except ValidationError as e:
# raise a validation error for the serializer
raise exceptions.ValidationError({'password': e.messages})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(
user=reset_password_token.user).delete()
return Response({'status': 'OK'})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = serializer.validated_data['token']
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time()
# find token
reset_password_token = ResetPasswordToken.objects.filter(key=token).first()
if reset_password_token is None:
return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND)
# change users password
if reset_password_token.user.has_usable_password():
pre_password_reset.send(sender=self.__class__, user=reset_password_token.user)
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__, user=reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(user=reset_password_token.user).delete()
return Response({'status': 'OK'})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = serializer.validated_data['token']
response_dict = dict({"status_code": None, "message": None, "status": None})
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time()
# find token
reset_password_token = ResetPasswordToken.objects.filter(key=token).first()
if reset_password_token is None:
message = get_response_message("TOKEN_NOT_FOUND")
response_dict.update({"status_code": 404, 'status': 'notfound', "message": message})
return Response(response_dict, status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
message = get_response_message("TOKEN_EXPIRED")
response_dict.update({"status_code": 404, 'status': 'expired', "message": message})
return Response(response_dict, status=status.HTTP_404_NOT_FOUND)
# change users password (if we got to this code it means that the user is_active)
if reset_password_token.user.eligible_for_reset():
pre_password_reset.send(sender=self.__class__, user=reset_password_token.user)
try:
# validate the password against existing validators
validate_password(
password,
user=reset_password_token.user,
password_validators=get_password_validators(settings.AUTH_PASSWORD_VALIDATORS)
)
except ValidationError as e:
# raise a validation error for the serializer
raise exceptions.ValidationError({
'password': e.messages
})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__, user=reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(user=reset_password_token.user).delete()
# done
message = get_response_message("PASSWORD_CHANGED")
response_dict.update({"status_code": 200, "status": "OK", "message": message})
return Response(response_dict)
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = serializer.validated_data['token']
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time(
)
# find token
reset_password_token = ResetPasswordToken.objects.filter(
key=token).first()
if reset_password_token is None:
return Response({'status': 'notfound'},
status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(
hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
return Response({'status': 'expired'},
status=status.HTTP_404_NOT_FOUND)
# change users password
if reset_password_token.user.has_usable_password():
pre_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
try:
# validate the password against existing validators
validate_password(password,
user=reset_password_token.user,
password_validators=get_password_validators(
settings.AUTH_PASSWORD_VALIDATORS))
except ValidationError as e:
# raise a validation error for the serializer
raise exceptions.ValidationError({'password': e.messages})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(
user=reset_password_token.user).delete()
return Response({'status': 'OK'})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
confirm = serializer.validated_data['confirm']
token = serializer.validated_data['token']
if password == confirm:
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time()
# find token
reset_password_token = ResetPasswordToken.objects.filter(key=token).first()
if reset_password_token is None:
return Response({'Estado': 'No encontrado'}, status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
return Response({'Estado': 'Caducado'}, status=status.HTTP_404_NOT_FOUND)
# change users password (if we got to this code it means that the user is_active)
if reset_password_token.user.eligible_for_reset():
pre_password_reset.send(sender=self.__class__, user=reset_password_token.user)
try:
# validate the password against existing validators
validate_password(
password,
user=reset_password_token.user,
password_validators=get_password_validators(settings.AUTH_PASSWORD_VALIDATORS)
)
except ValidationError as e:
# raise a validation error for the serializer
raise exceptions.ValidationError({
'password': e.messages
})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__, user=reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(user=reset_password_token.user).delete()
return Response({'Estado': 'Contraseña modificada'})
else:
return Response({'Estado': 'Contraseñas diferentes'})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = filter_parameters_from_token(serializer.validated_data['token'])
# get token validation time
# find token
reset_password_token = ResetPasswordToken.objects.filter(key=token).first()
if reset_password_token is None:
return Response({'error': 'token not found'}, status=status.HTTP_404_NOT_FOUND)
if reset_password_token.expired:
return Response({'error': 'token expired'}, status=status.HTTP_400_BAD_REQUEST)
if reset_password_token.used:
return Response({'error': 'token used'}, status=status.HTTP_400_BAD_REQUEST)
password_reset_token_validation_time = get_password_reset_token_expiry_time(
is_long_token=reset_password_token.is_long_token
)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(
hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# mark token as expired
reset_password_token.expired = True
reset_password_token.used = True
reset_password_token.save()
return Response({'error': 'token expired'}, status=status.HTTP_400_BAD_REQUEST)
if not reset_password_token.user.is_active:
return Response({'error': 'inactive user'}, status=status.HTTP_400_BAD_REQUEST)
# change users password
if reset_password_token.user.has_usable_password():
pre_password_reset.send(sender=self.__class__, user=reset_password_token.user, request=request)
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__, user=reset_password_token.user, request=request)
# Mark token as used
ResetPasswordToken.objects.filter(user=reset_password_token.user).update(used=True)
return Response()
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['new_password']
token = serializer.validated_data['token']
password_reset_token_validation_time = get_password_reset_token_expiry_time()
reset_password_token = ResetPasswordToken.objects.filter(
key=token).first()
if reset_password_token is None:
return Response({'status': 'notfound'}, status=status.HTTP_404_NOT_FOUND)
expiry_date = reset_password_token.created_at + \
timedelta(hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
reset_password_token.delete()
return Response({'status': 'expired'}, status=status.HTTP_404_NOT_FOUND)
if reset_password_token.user.eligible_for_reset():
pre_password_reset.send(
sender=self.__class__, user=reset_password_token.user)
try:
validate_password(
password,
user=reset_password_token.user,
password_validators=get_password_validators(
settings.AUTH_PASSWORD_VALIDATORS)
)
except ValidationError as e:
raise exceptions.ValidationError({
'password': e.messages
})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(
sender=self.__class__, user=reset_password_token.user)
ResetPasswordToken.objects.filter(
user=reset_password_token.user).delete()
return Response({'status': 'OK'})
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = serializer.validated_data['token']
register = serializer.validated_data['register']
# get token validation time
password_reset_token_validation_time = get_password_reset_token_expiry_time(
register_token=register)
# find token
reset_password_token = ResetPasswordToken.objects.filter(
key=token).first()
if reset_password_token is None:
return Response({'status': 'notfound'},
status=status.HTTP_404_NOT_FOUND)
# check expiry date
expiry_date = reset_password_token.created_at + timedelta(
hours=password_reset_token_validation_time)
if timezone.now() > expiry_date:
# delete expired token
reset_password_token.delete()
return Response({'status': 'expired'},
status=status.HTTP_404_NOT_FOUND)
# change users password (if we got to this code it means that the user is_active)
if reset_password_token.user.eligible_for_reset(
register_token=register):
pre_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
try:
# validate the password against existing validators
validate_password(password,
user=reset_password_token.user,
password_validators=get_password_validators(
settings.AUTH_PASSWORD_VALIDATORS))
except ValidationError as e:
# raise a validation error for the serializer
raise exceptions.ValidationError({'password': e.messages})
reset_password_token.user.set_password(password)
reset_password_token.user.save()
post_password_reset.send(sender=self.__class__,
user=reset_password_token.user)
# Log the user in
refresh = RefreshToken.for_user(reset_password_token.user)
# Delete all password reset tokens for this user
ResetPasswordToken.objects.filter(
user=reset_password_token.user).delete()
return Response({
'refresh': str(refresh),
'access': str(refresh.access_token),
})
else:
#User is ineligible for password reset
return Response({'status': 'User ineligible for password reset'},
status=status.HTTP_403_FORBIDDEN)
def password_change_signals(self, user):
""" triggers pre_password_reset signal before, triggers post_password_reset after """
pre_password_reset.send(sender=self.__class__, user=user)
yield
post_password_reset.send(sender=self.__class__, user=user)
