def validate(self, attrs): self.user_token_form = UserTokenForm( data={'uidb36': attrs['uid'], 'key': attrs['key']}) if not self.user_token_form.is_valid(): raise serializers.ValidationError(_("التوكن غير صالح")) if attrs['new_password1'] != attrs['new_password2']: raise serializers.ValidationError( _('The two password fields did not match.')) self.password = attrs['new_password1'] return attrs
class PasswordResetConfirmSerializer(serializers.Serializer): new_password1 = serializers.CharField(max_length=128) new_password2 = serializers.CharField(max_length=128) uid = serializers.CharField() key = serializers.CharField() def validate_new_password1(self, password): return get_adapter().clean_password(password) def validate(self, attrs): self.user_token_form = UserTokenForm(data={ 'uidb36': attrs['uid'], 'key': attrs['key'] }) if not self.user_token_form.is_valid(): raise serializers.ValidationError(_("Invalid Token")) if attrs['new_password1'] != attrs['new_password2']: raise serializers.ValidationError( _("The two password fields didn't match.")) self.password = attrs['new_password1'] return attrs def save(self): user = self.user_token_form.reset_user get_adapter().set_password(user, self.password) return user
class PasswordResetConfirmSerializer(serializers.Serializer): new_password1 = serializers.CharField(max_length=128) new_password2 = serializers.CharField(max_length=128) uid = serializers.CharField() key = serializers.CharField() def validate_new_password1(self, password): return get_adapter().clean_password(password) def validate(self, attrs): self.user_token_form = UserTokenForm(data={ 'uidb36': attrs['uid'], 'key': attrs['key'] }) if not self.user_token_form.is_valid(): raise serializers.ValidationError( i18n.t('lang.errorMessages.auth.invalidToken')) if attrs['new_password1'] != attrs['new_password2']: raise serializers.ValidationError( i18n.t('lang.errorMessages.auth.twoPasswordShouldMatch')) self.password = attrs['new_password1'] return attrs def save(self): user = self.user_token_form.reset_user get_adapter().set_password(user, self.password) return user
def validate(self, attrs): self.user_token_form = UserTokenForm(data={ 'uidb36': attrs['uid'], 'key': attrs['key'] }) if not self.user_token_form.is_valid(): raise serializers.ValidationError( i18n.t('lang.errorMessages.auth.invalidToken')) if attrs['new_password1'] != attrs['new_password2']: raise serializers.ValidationError( i18n.t('lang.errorMessages.auth.twoPasswordShouldMatch')) self.password = attrs['new_password1'] return attrs
def _get_user(self, attrs): """ Method extracts ``key`` from ``attrs`` and unpacks it to ``uid`` and ``token``. Tries to return ``User`` for provided ``uid`` and ``token``. Throws ``exceptions.ValidationError`` if ``User`` does not exist. """ msg = "The password reset token was invalid." uid, _, token = attrs['key'].partition('-') if not len(uid) or not len(token): raise exceptions.ValidationError(msg) user_token = UserTokenForm( data={ 'uidb36': uid, 'key': token } ) if not user_token.is_valid(): raise exceptions.ValidationError(msg) return user_token.reset_user
def post(self, request, *args, **kwargs): data = get_adapter().reset_password_confirmation_data(request) self.key = data.get('key', None) token_form = UserTokenForm(data=data) if not token_form.is_valid(): return Response(token_form.errors, HTTP_400_BAD_REQUEST) self.reset_user = token_form.reset_user form_kwargs = self.get_form_kwargs() fc = self.get_form_class() password_form = fc(data=data, **form_kwargs) if password_form.is_valid(): password_form.save() get_adapter().add_message(self.request, messages.SUCCESS, 'account/messages/password_changed.txt') signals.password_reset.send(sender=self.reset_user.__class__, request=self.request, user=self.reset_user) return_data = get_adapter().reset_password_confirmation_response_data(token_form.reset_user) return Response(return_data, HTTP_200_OK) return Response(password_form.errors, HTTP_400_BAD_REQUEST)
def post(self, request): serializer = ResetPasswordInputSerializer(data=request.data) serializer.is_valid(raise_exception=True) uidb36 = serializer.validated_data.get('uidb36') key = serializer.validated_data.get('key') token_form_input = {'uidb36': uidb36, 'key': key} password_form_map = {'password1': 'password', 'password2': 'password'} password_form_input = map_serializer_to_form(serializer.validated_data, password_form_map) with transaction.atomic(), clear_messages(request): token_form = UserTokenForm(data=token_form_input) form_valid_or_raise(token_form) user = token_form.reset_user email = EmailAddress.objects.filter(user=user, email=user.email, verified=True).first() if not email: raise PermissionDenied( _("This account is pending e-mail address verification.")) email = getattr(email, 'email', None) reset_form = ResetPasswordKeyForm(user=user, temp_key=key, data=password_form_input) form_valid_or_raise(reset_form, password_form_map) reset_form.save() signals.password_reset.send(sender=user.__class__, request=request, user=user) clear_tokens(user) token, profile = None, None if allauth_settings.LOGIN_ON_PASSWORD_RESET: token, profile = login_with_profile(request, user) response_serializer = UserTokenResponseSerializer({ 'token': token, 'profile': profile, 'email': email }) return Response(response_serializer.data)
def dispatch(self, request, uidb36, key, **kwargs): self.request = request self.key = key if self.key == INTERNAL_RESET_URL_KEY: self.key = self.request.session.get(INTERNAL_RESET_SESSION_KEY, "") # (Ab)using forms here to be able to handle errors in XHR #890 token_form = UserTokenForm(data={ "uidb36": uidb36, "key": self.key }) if token_form.is_valid(): self.reset_user = token_form.reset_user # In the event someone clicks on a password reset link # for one account while logged into another account, # logout of the currently logged in account. if (self.request.user.is_authenticated and self.request.user.pk != self.reset_user.pk): self.logout() self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key self.request.session['reset_user_id'] = self.reset_user.id form = SetPasswordForm() return render(request, 'account/password_set.html', {"form": form}) else: token_form = UserTokenForm(data={ "uidb36": uidb36, "key": self.key }) if token_form.is_valid(): # Store the key in the session and redirect to the # password reset form at a URL without the key. That # avoids the possibility of leaking the key in the # HTTP Referer header. self.request.session[INTERNAL_RESET_SESSION_KEY] = self.key redirect_url = self.request.path.replace( self.key, INTERNAL_RESET_URL_KEY) return redirect(redirect_url) self.reset_user = None response = self.render_to_response( self.get_context_data(token_fail=True)) return _ajax_response(self.request, response, form=token_form)