def validate(self, attrs):
self.user_token_form = UserTokenForm(
data={'uidb36': attrs['uid'], 'key': attrs['key']})
if not self.user_token_form.is_valid():
raise serializers.ValidationError(_("التوكن غير صالح"))
if attrs['new_password1'] != attrs['new_password2']:
raise serializers.ValidationError(
_('The two password fields did not match.'))
self.password = attrs['new_password1']
return attrs
class PasswordResetConfirmSerializer(serializers.Serializer):
new_password1 = serializers.CharField(max_length=128)
new_password2 = serializers.CharField(max_length=128)
uid = serializers.CharField()
key = serializers.CharField()
def validate_new_password1(self, password):
return get_adapter().clean_password(password)
def validate(self, attrs):
self.user_token_form = UserTokenForm(data={
'uidb36': attrs['uid'],
'key': attrs['key']
})
if not self.user_token_form.is_valid():
raise serializers.ValidationError(_("Invalid Token"))
if attrs['new_password1'] != attrs['new_password2']:
raise serializers.ValidationError(
_("The two password fields didn't match."))
self.password = attrs['new_password1']
return attrs
def save(self):
user = self.user_token_form.reset_user
get_adapter().set_password(user, self.password)
return user
class PasswordResetConfirmSerializer(serializers.Serializer):
new_password1 = serializers.CharField(max_length=128)
new_password2 = serializers.CharField(max_length=128)
uid = serializers.CharField()
key = serializers.CharField()
def validate_new_password1(self, password):
return get_adapter().clean_password(password)
def validate(self, attrs):
self.user_token_form = UserTokenForm(data={
'uidb36': attrs['uid'],
'key': attrs['key']
})
if not self.user_token_form.is_valid():
raise serializers.ValidationError(
i18n.t('lang.errorMessages.auth.invalidToken'))
if attrs['new_password1'] != attrs['new_password2']:
raise serializers.ValidationError(
i18n.t('lang.errorMessages.auth.twoPasswordShouldMatch'))
self.password = attrs['new_password1']
return attrs
def save(self):
user = self.user_token_form.reset_user
get_adapter().set_password(user, self.password)
return user
def validate(self, attrs):
self.user_token_form = UserTokenForm(data={
'uidb36': attrs['uid'],
'key': attrs['key']
})
if not self.user_token_form.is_valid():
raise serializers.ValidationError(
i18n.t('lang.errorMessages.auth.invalidToken'))
if attrs['new_password1'] != attrs['new_password2']:
raise serializers.ValidationError(
i18n.t('lang.errorMessages.auth.twoPasswordShouldMatch'))
self.password = attrs['new_password1']
return attrs
def _get_user(self, attrs):
"""
Method extracts ``key`` from ``attrs`` and unpacks it to ``uid`` and ``token``.
Tries to return ``User`` for provided ``uid`` and ``token``.
Throws ``exceptions.ValidationError`` if ``User`` does not exist.
"""
msg = "The password reset token was invalid."
uid, _, token = attrs['key'].partition('-')
if not len(uid) or not len(token):
raise exceptions.ValidationError(msg)
user_token = UserTokenForm(
data={
'uidb36': uid,
'key': token
}
)
if not user_token.is_valid():
raise exceptions.ValidationError(msg)
return user_token.reset_user
def post(self, request, *args, **kwargs):
data = get_adapter().reset_password_confirmation_data(request)
self.key = data.get('key', None)
token_form = UserTokenForm(data=data)
if not token_form.is_valid():
return Response(token_form.errors, HTTP_400_BAD_REQUEST)
self.reset_user = token_form.reset_user
form_kwargs = self.get_form_kwargs()
fc = self.get_form_class()
password_form = fc(data=data, **form_kwargs)
if password_form.is_valid():
password_form.save()
get_adapter().add_message(self.request,
messages.SUCCESS,
'account/messages/password_changed.txt')
signals.password_reset.send(sender=self.reset_user.__class__,
request=self.request,
user=self.reset_user)
return_data = get_adapter().reset_password_confirmation_response_data(token_form.reset_user)
return Response(return_data, HTTP_200_OK)
return Response(password_form.errors, HTTP_400_BAD_REQUEST)
def post(self, request):
serializer = ResetPasswordInputSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
uidb36 = serializer.validated_data.get('uidb36')
key = serializer.validated_data.get('key')
token_form_input = {'uidb36': uidb36, 'key': key}
password_form_map = {'password1': 'password', 'password2': 'password'}
password_form_input = map_serializer_to_form(serializer.validated_data,
password_form_map)
with transaction.atomic(), clear_messages(request):
token_form = UserTokenForm(data=token_form_input)
form_valid_or_raise(token_form)
user = token_form.reset_user
email = EmailAddress.objects.filter(user=user,
email=user.email,
verified=True).first()
if not email:
raise PermissionDenied(
_("This account is pending e-mail address verification."))
email = getattr(email, 'email', None)
reset_form = ResetPasswordKeyForm(user=user,
temp_key=key,
data=password_form_input)
form_valid_or_raise(reset_form, password_form_map)
reset_form.save()
signals.password_reset.send(sender=user.__class__,
request=request,
user=user)
clear_tokens(user)
token, profile = None, None
if allauth_settings.LOGIN_ON_PASSWORD_RESET:
token, profile = login_with_profile(request, user)
response_serializer = UserTokenResponseSerializer({
'token': token,
'profile': profile,
'email': email
})
return Response(response_serializer.data)
def dispatch(self, request, uidb36, key, **kwargs):
self.request = request
self.key = key
if self.key == INTERNAL_RESET_URL_KEY:
self.key = self.request.session.get(INTERNAL_RESET_SESSION_KEY, "")
# (Ab)using forms here to be able to handle errors in XHR #890
token_form = UserTokenForm(data={
"uidb36": uidb36,
"key": self.key
})
if token_form.is_valid():
self.reset_user = token_form.reset_user
# In the event someone clicks on a password reset link
# for one account while logged into another account,
# logout of the currently logged in account.
if (self.request.user.is_authenticated
and self.request.user.pk != self.reset_user.pk):
self.logout()
self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key
self.request.session['reset_user_id'] = self.reset_user.id
form = SetPasswordForm()
return render(request, 'account/password_set.html',
{"form": form})
else:
token_form = UserTokenForm(data={
"uidb36": uidb36,
"key": self.key
})
if token_form.is_valid():
# Store the key in the session and redirect to the
# password reset form at a URL without the key. That
# avoids the possibility of leaking the key in the
# HTTP Referer header.
self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key
redirect_url = self.request.path.replace(
self.key, INTERNAL_RESET_URL_KEY)
return redirect(redirect_url)
self.reset_user = None
response = self.render_to_response(
self.get_context_data(token_fail=True))
return _ajax_response(self.request, response, form=token_form)