def process_verify_email_data(input_data):
if not registration_settings.REGISTER_EMAIL_VERIFICATION_ENABLED:
raise Http404()
serializer = VerifyEmailSerializer(data=input_data)
serializer.is_valid(raise_exception=True)
data = serializer.validated_data
signer = RegisterEmailSigner(data)
verify_signer_or_bad_request(signer)
email_field = get_user_setting('EMAIL_FIELD')
user = get_user_by_id(data['user_id'])
setattr(user, email_field, data['email'])
user.save()
def _calculate_salt(self, data):
if registration_settings.RESET_PASSWORD_VERIFICATION_ONE_TIME_USE:
user_id = data['user_id']
user = get_user_by_id(user_id)
# Use current user password hash as a part of the salt.
# If the password gets changed, then assume that the change
# was caused by previous password reset and the signature
# is not valid anymore because changed password hash implies
# changed salt used when verifying the input data.
salt = '{self.SALT_BASE}:{user.password}'.format(self=self,
user=user)
else:
salt = self.SALT_BASE
return salt
def process_verify_registration_data(input_data):
if not registration_settings.REGISTER_VERIFICATION_ENABLED:
raise Http404()
serializer = VerifyRegistrationSerializer(data=input_data)
serializer.is_valid(raise_exception=True)
data = serializer.validated_data
signer = RegisterSigner(data)
verify_signer_or_bad_request(signer)
verification_flag_field = get_user_setting('VERIFICATION_FLAG_FIELD')
user = get_user_by_id(data['user_id'], require_verified=False)
setattr(user, verification_flag_field, True)
user.save()
def process_reset_password_data(input_data):
serializer = ResetPasswordSerializer(data=input_data)
serializer.is_valid(raise_exception=True)
data = serializer.validated_data.copy()
password = data.pop('password')
signer = ResetPasswordSigner(data)
verify_signer_or_bad_request(signer)
user = get_user_by_id(data['user_id'])
try:
validate_password(password, user=user)
except ValidationError as exc:
raise serializers.ValidationError(exc.messages[0])
user.set_password(password)
user.save()
def _calculate_salt(self, data):
if registration_settings.REGISTER_VERIFICATION_ONE_TIME_USE:
user_id = data['user_id']
user = get_user_by_id(user_id, require_verified=False)
# Use current user verification flag as a part of the salt.
# If the verification flag gets changed, then assume that
# the change was caused by previous verification and the signature
# is not valid anymore because changed user verification flag
# implies changed salt used when verifying the input data.
verification_flag_field = get_user_setting(
'VERIFICATION_FLAG_FIELD')
verification_flag = getattr(user, verification_flag_field)
salt = '{self.SALT_BASE}:{verification_flag}'.format(
self=self, verification_flag=verification_flag)
else:
salt = self.SALT_BASE
return salt
def process_reset_password_data(input_data):
if not registration_settings.RESET_PASSWORD_VERIFICATION_ENABLED:
raise Http404()
serializer = ResetPasswordSerializer(data=input_data)
serializer.is_valid(raise_exception=True)
data = serializer.validated_data.copy()
password = data.pop('password')
signer = ResetPasswordSigner(data)
verify_signer_or_bad_request(signer)
user = get_user_by_id(data['user_id'], require_verified=False)
try:
validate_password(password, user=user)
except ValidationError as exc:
raise serializers.ValidationError(exc.messages[0])
user.set_password(password)
user.save()
