def confirm_password(request, uidb64=None, token=None): assert uidb64 is not None and token is not None # checked by URLconf try: uid = urlsafe_base64_decode(uidb64) user = User.objects.get(pk=uid) except: user = None if user is not None: if request.method == 'POST': if default_token_generator.check_token(user, token): password1 = request.POST.get('password1') password2 = request.POST.get('password2') if password1 == password2 and len(password1) !=0: user.set_password(password1) user.save() messages.success(request,'Password Changed! Login to Continue') return redirect('fosssite:login_user') else: messages.success(request,'Both Passwords Must Match. Please try again!') return redirect('fosssite:confirm_password',uidb64=uidb64, token=token) else: messages.success(request,"The reset password link is no longer valid. Try again!") return redirect('fosssite:forgot_password') elif not default_token_generator.check_token(user, token): messages.success(request,"The reset password link is no longer valid. Try again!") return redirect('fosssite:forgot_password') else: return render(request, 'fosssite/confirm_password.html',{}) else: messages.success(request,"The reset password link is no longer valid. Try again!") return redirect('fosssite:forgot_password')
def password_reset_confirm(request, uidb36=None, token=None): """ Pulled from django contrib so that we can add user into the form so then we can show relevant messages about the user. """ assert uidb36 is not None and token is not None user = None try: uid_int = base36_to_int(uidb36) user = UserProfile.objects.get(id=uid_int) except (ValueError, UserProfile.DoesNotExist): pass if user is not None and default_token_generator.check_token(user, token): validlink = True if request.method == 'POST': form = forms.SetPasswordForm(user, request.POST) if form.is_valid(): form.save() log_cef('Password Changed', 5, request, username=user.username, signature='PASSWORDCHANGED', msg='User changed password') return redirect(reverse('django.contrib.auth.' 'views.password_reset_complete')) else: form = forms.SetPasswordForm(user) else: validlink = False form = None return jingo.render(request, 'users/pwreset_confirm.html', {'form': form, 'validlink': validlink})
def save(self, uidb36, token): password = self.cleaned_data.get('password') user = Hacker.objects.get(pk=base36_to_int(uidb36)) if default_token_generator.check_token(user, token): user.set_password(password) user.save() return user
def authenticate(self, *args, **kwargs): if kwargs: username = kwargs.pop("username", None) if username: username_or_email = Q(username__iexact=username) | Q(email__iexact=username) password = kwargs.pop("password", None) try: user = User.objects.get(username_or_email, **kwargs) except User.DoesNotExist: pass else: if user.check_password(password): return user else: if 'uidb36' not in kwargs: return kwargs["id"] = base36_to_int(kwargs.pop("uidb36")) token = kwargs.pop("token") try: user = User.objects.get(**kwargs) except User.DoesNotExist: pass else: if default_token_generator.check_token(user, token): return user
def account_activate_done(request, uidb64, token): if request.method == "GET": assert uidb64 is not None and token is not None try: user_id = force_text(urlsafe_base64_decode(uidb64)) the_user = TheUser.objects.get(id=user_id) except (TypeError, ValueError, OverflowError, ObjectDoesNotExist): the_user = None template_name = 'registration/account_activate_done.html' if the_user is not None and default_token_generator.check_token(the_user, token): if not the_user.is_active: valid_link = True the_user.is_active = True the_user.save(force_update=True) user_profile = UserProfile( the_user=the_user, user_image='image/user_avatar/avatar.jpg', intro='This user wrote nothing yet.', ) user_profile.save(force_insert=True) context = { 'title': 'Account Activated Successfully', 'valid_link': valid_link } return render(request, template_name, context) else: return HttpResponseRedirect(request.user.get_absolute_url()) else: # activation failed page valid_link = False context = { 'title': 'Account Activation Failed', 'valid_link': valid_link } return render(request, template_name, context)
def recupera_password_conferma(request, uidb64=None, token=None, template='base_recupero_password_conferma.html', contesto_extra=None): assert uidb64 is not None and token is not None # checked by URLconf try: # urlsafe_base64_decode() decodes to bytestring on Python 3 uid = force_text(urlsafe_base64_decode(uidb64)) utente = Utenza.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, Utenza.DoesNotExist): utente = None if utente is not None and default_token_generator.check_token(utente, token): link_valido = True titolo = 'Inserisci una nuova password' if request.method == 'POST': modulo = ModuloImpostaPassword(utente, request.POST) if modulo.is_valid(): modulo.save() return HttpResponseRedirect(reverse('recupero_password_completo')) else: modulo = ModuloImpostaPassword(utente) else: link_valido = False modulo = None titolo = 'Errore nell\'impostazione della nuova password' contesto = { 'modulo': modulo, 'titolo': titolo, 'link_valido': link_valido, "scadenza_token": django_settings.PASSWORD_RESET_TIMEOUT_DAYS * 24 } if contesto_extra is not None: contesto.update(contesto_extra) return TemplateResponse(request, template, contesto)
def confirm_reset(request, username, token): context = {} context['username'] = username context['token'] = token context['reset_message'] = 'Reset your password.' user = get_object_or_404(User, username=username) if not default_token_generator.check_token(user, token): raise Http404 if request.method == 'GET': form = ResetPasswordForm() context['form'] = form return render(request, 'confirm-reset.html', context) form = ResetPasswordForm(request.POST) context['form'] = form if not form.is_valid(): raise Http404 form.save(username) context['confirmed'] = 'Your password has been reset.' return render(request, 'login-register.html', context)
def registration_confirm(request, uidb36=None, token=None, template_name='registration_complete.html'): assert uidb36 is not None and token is not None # checked by URLconf try: uid = base36_to_int(uidb36) # uid = urlsafe_base64_decode(uidb64) user = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): user.is_active = True user.save() title = 'Email confirmation complete' message = 'The registration is complete. You may go ahead and log in now.' else: title = 'Email confirmation unsuccessful' message = "The email confirmation link was invalid, possibly because it has already been used. Please check that you haven't been validated already by trying to log in." login_url = resolve_url(settings.LOGIN_URL) context = { 'title': title, 'message': message, 'login_url': login_url} return TemplateResponse(request, template_name, context)
def get(self, request, uidb64, activation_key): if uidb64 is not None and activation_key is not None: uid = get_int(urlsafe_base64_decode(uidb64)) user = get_object_or_404(User, id=uid) ret = default_token_generator.check_token( user, activation_key ) if ret: user_profile = user.get_profile() user_profile.is_email_bind = True user_profile.guide_switch = True user_profile.save() # 开始登录 user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return render( request, self.template, { 'status': 'ok', 'msg': u'绑定接收邮箱成功', }, ) return render( request, self.template, { 'status': 'error', 'msg': u'无效的激活链接', } )
def mutate_and_get_payload(cls, input, request, info): errors = [] UserModel = User._meta.model try: # urlsafe_base64_decode() decodes to bytestring on Python 3 uid = force_text(urlsafe_base64_decode(input.get('uidb64'))) user = UserModel.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user and default_token_generator.check_token(user, input.get('token')): form = SetPasswordForm(user=user, data=input) if form.is_valid(): user = form.save(commit=False) user.save(request=request) # workarout to re authenticate the user # when as change the user on the DB it gets disconected user.backend = settings.DEFAULT_AUTHENTICATION_BACKENDS auth_login(request, user) else: errors = form_erros(form, errors) else: errors.append(Error( code='password_reset_incorrect_token', message=_('Password reset failed') )) return PasswordResetComplete(errors=errors)
def reset_confirm(request, uidb36=None, token=None): assert uidb36 is not None and token is not None validlink = False form = UserSetPasswordForm(None) try: uid_int = base36_to_int(uidb36) user = User.objects.get(id=uid_int) except (ValueError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): validlink = True if request.method == 'POST': form = UserSetPasswordForm(user, request.POST) if form.is_valid(): form.save() messages.success(request, _(u'You have successfully reseted password, please sign in.')) return redirect('app_auth_sign_in') if not validlink: raise Http404 return direct_to_template(request, 'auth/reset_confirm.html', {'form': form})
def reset_password(request, uidb64=None, token=None): if request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) assert uidb64 is not None and token is not None try: uid = force_text(urlsafe_base64_decode(uidb64)) user = MyUser.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): validlink = True if request.method == 'POST': form = ResetPasswordForm(user, request.POST) if form.is_valid(): form.save() return render(request, 'account/authentication/password_reset_complete.html') else: form = ResetPasswordForm(user) else: validlink = False form = None context = { 'validlink' : validlink, 'form' : form } return render(request, 'account/authentication/password_reset_confirm_form.html', context)
def post(self, request, uidb64=None, token=None, *arg, **kwargs): """ View that checks the hash in a password reset link and presents a form for entering a new password. """ UserModel = UserCred() form = self.form_class(request.POST) assert uidb64 is not None and token is not None # checked by URLconf try: if isinstance(uidb64, unicode): uidb64 = str(uidb64) uid = urlsafe_base64_decode(uidb64) user = UserCred.objects.using('users').get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): if form.is_valid(): new_password = form.cleaned_data['new_password2'] user.set_password(new_password) user.save() messages.success(request, 'Password has been reset.') return self.form_valid(form) else: messages.error(request, 'Password reset has not been successful.') return self.form_invalid(form) else: messages.error(request,'The reset password link is no longer valid.') return self.form_invalid(form)
def post(self, request, uidb64=None, token=None, *arg, **kwargs): try: uid = urlsafe_base64_decode(uidb64) user = CustomUser.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, CustomUser.DoesNotExist): user = None form = self.form_class(request.POST) if user is not None and default_token_generator.check_token(user, token): if form.is_valid(): new_password = form.cleaned_data['new_password2'] user.set_password(new_password) user.save() messages.success(request, 'Password has been reset.') return self.form_valid(form) else: messages.error(request, 'Password reset has not been successful.') form.add_error(None, 'Password reset has not been successful.') return self.form_invalid(form) else: messages.error(request, 'The reset password link is no longer valid.') form.add_error(None, 'The reset password link is no longer valid.') return self.form_invalid(form)
def post(self, request, uidb64=None, token=None): if request.POST.get('new_password1') != request.POST.get('new_password2'): raise ValidationError("Passwords don't match") """ View that checks the hash in a password reset link and presents a form for entering a new password. """ UserModel = get_user_model() assert uidb64 is not None and token is not None # checked by URLconf try: # urlsafe_base64_decode() decodes to bytestring on Python 3 uid = force_text(urlsafe_base64_decode(uidb64)) user = UserModel._default_manager.get(pk=uid) except (UserModel.DoesNotExist): user = None # si el link aún es válido #Hack to avoid csrf_protect if user is not None and default_token_generator.check_token(user, token): request.csrf_processing_done = True response = password_reset_confirm( request._request, uidb64=uidb64, token=token) if type(response) is HttpResponseRedirect: return Response({'msg': "Su contraseña ha sido establecida. Ahora puede seguir adelante e iniciar sesión."}) else: return Response({'msg': "El enlace de restablecimiento de contraseña era invalido, seguramente por haberse utilizado previamente. Por favor, solicite un nuevo restablecimiento de contraseña."})
def verify_email_view(request, uidb36, token): user = Hacker.objects.get(pk=base36_to_int(uidb36)) if default_token_generator.check_token(user, token): user.email_verified = True user.save() return HttpResponseRedirect(reverse_lazy('profile')) raise Http404
def put(self, request, **kwargs): token = request.data.get('token') password = request.data.get('password') matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: return Response(status=HTTP_404_NOT_FOUND) uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): return Response(status=HTTP_404_NOT_FOUND) user = self._get_user(uidb36) if user is None: return Response(status=HTTP_404_NOT_FOUND) if not default_token_generator.check_token(user, key): return Response(status=HTTP_404_NOT_FOUND) try: validate_password(password) except DjangoValidationError as e: return Response(dict(password=e.messages), status=HTTP_400_BAD_REQUEST) cache.set(backoff_cache_key(user.email, None), None) user.set_password(password) user.save() return self.get_response()
def password_reset_confirm(request, uidb36=None, token=None): """View that checks the hash in a password reset link and presents a form for entering a new password. Based on django.contrib.auth.views. """ try: uid_int = base36_to_int(uidb36) except ValueError: raise Http404 user = get_object_or_404(User, id=uid_int) context = {} if default_token_generator.check_token(user, token): context['validlink'] = True if request.method == 'POST': form = SetPasswordForm(user, request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(reverse('users.pw_reset_complete')) else: form = SetPasswordForm(None) else: context['validlink'] = False form = None context['form'] = form return jingo.render(request, 'users/pw_reset_confirm.html', context)
def check_token(token): """ :param token: :return: user """ # split the token in it's 3 components delimited by '-' parts = token.split("-") # get the length of the uid decoding the last component uid_len = int("-" + urlsafe_base64_decode(parts[2])) # get the uid by decoding the last uid_len chars of the second component uid = urlsafe_base64_decode(parts[1][uid_len:]) # get the original generated token by concatenating the first component # and the second component without it's last uid_len characters token = parts[0] + "-" + parts[1][:uid_len] # try to get the user with the uid user id try: user = User.objects.get(id=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): return None # if the token is valid for the given user return the user if default_token_generator.check_token(user, token): return user return None
def form_valid(self, form): uidb64 = self.kwargs['uidb64'] token = self.kwargs['token'] password1 = form.cleaned_data['password1'] password2 = form.cleaned_data['password2'] if password1 != password2: form.add_error(None, 'Passwords do not match!') return self.form_invalid(form) else: uid = urlsafe_base64_decode(uidb64) try: user = User.objects.get(pk=uid) except user.DoesNotExist: form.add_error(None, 'Invalid token') return self.form_invalid(form) if not default_token_generator.check_token(user, token): form.add_error(None, 'Invalid token') return self.form_invalid(form) new_password = form.cleaned_data['password2'] user.set_password(new_password) user.save() messages.success( self.request, 'Password has been reset for ' 'user: {0}'.format(user)) return super(PasswordConfirmView,self).form_valid(form)
def post(self, request, *args, **kwargs): uidb64 = request.data.get("user_id") token = request.data.get("token") password = request.data.get("password") if not (uidb64 and token and password): raise ValidationError( {"detail": "You have to provide user_id, token and password."} ) user = self.get_user(uidb64) if user is None: raise ValidationError({"detail": "User does not exist."}) if not ( has_perm(user, "users.can_change_password") or has_perm(user, "users.can_manage") ): self.permission_denied(request) if not default_token_generator.check_token(user, token): raise ValidationError({"detail": "Invalid token."}) try: validate_password(password, user=user) except DjangoValidationError as errors: raise ValidationError({"detail": " ".join(errors)}) user.set_password(password) user.save() return super().post(request, *args, **kwargs)
def post(self, request, uidb64=None, token=None, *arg, **kwargs): form = self.get_form() assert uidb64 is not None and token is not None try: uid = urlsafe_base64_decode(uidb64) user = User._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): if form.is_valid(): new_password = form.cleaned_data['new_password'] user.set_password(new_password) user.save() messages.success(request, _('Password reset successfully.')) return self.form_valid(form) else: messages.error(request, _('We were not able to reset your password.')) return self.form_invalid(form) else: messages.error(request, _('The reset password link is no longer valid.')) return self.form_invalid(form)
def reset_password_new_user(request, uidb36, token): """ Checks the link the user clicked and prompts for a new password :param request: the standard request given by Django :param uidb36: the id's hash :param token: token created dynamically """ try: uid_int = base36_to_int(uidb36) user = User.objects.get(pk=uid_int) except (ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and not user.has_usable_password() \ and default_token_generator.check_token(user, token): validlink = True if request.method == "POST": form = SetPasswordForm(user, request.POST) if form.is_valid(): user = form.save() user.is_active = True user.save() user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return HttpResponseRedirect(reverse('index')) else: form = SetPasswordForm(None) else: validlink = False form = None return render(request, 'registration/reset_password_complete.html', { 'form': form, 'validlink': validlink })
def confirm(request, username, token): user = get_object_or_404(User, username = username) pieces = token.split("AAA") token = pieces[0] authen = pieces[1] password = pieces[2] if not default_token_generator.check_token(user, token): raise Http404 user.is_active = True user.save() user = get_object_or_404(User, username = username) auth = authenticate(username = username, password = password) login(request, auth) if authen == "merchant": new_merchant = Merchant(username = username, belonging = user) new_merchant.save() return redirect('merchant_profile') elif authen == "customer": new_customer = Customer(username = username, belonging = user) new_customer.save() creditCard = CreditCard(belonging = new_customer) address = CustomerAddress(belonging = new_customer) creditCard.save() address.save() return redirect('customer_profile', showPart = 0)
def verify_account(request, uidb36=None, token=None): """ View for the link in the verification email sent to a new user when they create an account and ``ACCOUNTS_VERIFICATION_REQUIRED`` is set to ``True``. Activates the user and logs them in, redirecting to the URL they tried to access when signing up. """ user = None if uidb36 and token: try: user = User.objects.get(is_active=False, id=base36_to_int(uidb36)) except User.DoesNotExist: pass else: if default_token_generator.check_token(user, token): user.is_active = True user.save() user.backend = settings.AUTHENTICATION_BACKENDS[0] login(request, user) else: user = None url = request.GET.get("next", "/") if user is None: error(request, _("The link you clicked is no longer valid.")) url = "/" return redirect(url)
def confirm_registration(request, username, token): user = get_object_or_404(User, username=username) #Send 404 error if token is invalid if not default_token_generator.check_token(user, token): raise Http404 #Otherwise token was valid, activate the user. user.is_active = True user.save() email_body = """ Welcome to the Kappa Sigma Delta-Alpha. The admin has approved your registration. Please click on the link below to login. http://%s%s """ % (request.get_host(), reverse('login')) brother = Brother.objects.get(user=user) send_mail(subject="Your Request Has Been Approved", message=email_body, from_email="*****@*****.**", recipient_list=[brother.email]) return render(request, 'ksda/confirmed.html', {})
def password_reset_confirm(request, uidb64=None, token=None): if request.user.is_authenticated(): return HttpResponseRedirect(reverse("index")) context = {} UserModel = get_user_model() assert uidb64 is not None and token is not None try: uid = force_text(urlsafe_base64_decode(uidb64)) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): valid_link = True title = _("Enter new password") if request.method == "POST": form = SetPasswordForm(user, request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("players:password_reset_complete")) else: form = SetPasswordForm(user) else: valid_link = False title = _("Password reset failed") form = None context.update({"form": form, "title": title, "valid_link": valid_link}) context.update({"request": request}) return render(request, "players/password_reset/confirm.html", context)
def password_reset_confirm(request, uidb36=None, token=None): """ View that checks the hash in a password reset link and presents a form for entering a new password. """ assert uidb36 is not None and token is not None # checked by URLconf post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete') try: uid_int = base36_to_int(uidb36) user = User.objects.get(pk=uid_int) except (ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): validlink = True if request.method == 'POST': form = SetPasswordForm(user, request.POST) if form.is_valid(): form.save() return JsonResponse({'status': True, 'redirect': post_reset_redirect}) else: status = False else: form = SetPasswordForm(None) status = True else: raise Http404 context = {'form': form, 'validlink': validlink, 'uidb36': uidb36, 'token': token} if request.is_ajax(): return JsonResponse({'status': status, 'template': render_to_string( 'account/password_reset/confirm_form.html', context, context_instance=RequestContext(request))}) return TemplateResponse(request, 'account/password_reset/confirm_container.html', context)
def password_reset_confirm(request, uidb64=None, token=None): """ View that checks the hash in a password reset link and presents a form for entering a new password. """ assert uidb64 is not None and token is not None # checked by URLconf post_reset_redirect = reverse('web.password_reset_done') try: uid = urlsafe_base64_decode(uidb64).decode('utf-8') user = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): validlink = True if request.method == 'POST': form = forms.SetPasswordForm(user, request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(post_reset_redirect) else: form = forms.SetPasswordForm(None) else: validlink = False form = None ctx = {'form': form, 'validlink': validlink, } return render(request, 'pages/password_reset_confirm.html', ctx)
def validate(self, attrs): self._errors = {} # Get the UserModel UserModel = get_user_model() # Decode the uidb64 to uid to get User object try: uid = uid_decoder(attrs['uid']) self.user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): raise ValidationError({ 'non_field_errors': [ self.validate_error_messages['invalid_uid'] ] }) self.custom_validation(attrs) self.set_password_form = self.set_password_form_class(user=self.user, data=attrs) if not self.set_password_form.is_valid(): raise ValidationError(self.set_password_form.errors) if not default_token_generator.check_token(self.user, attrs['token']): raise ValidationError({ 'non_field_errors': [ self.validate_error_messages['invalid_token'] ] }) super(FixedPasswordResetConfirmSerializer, self).validate(attrs) return attrs
def post(self, request, uidb64=None, token=None, *args, **kwargs): userModel = get_user_model() form = self.form_class(request.POST) if uidb64 is None or token is None: form.add_error( field=None, error= u"O link usado para a troca de senha não é válido ou expirou, por favor tente enviar novamente." ) return self.form_invalid(form) try: uid = urlsafe_base64_decode(uidb64) user = userModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, userModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token( user, token): if form.is_valid(): new_password = form.cleaned_data['new_password'] new_password_confirm = form.cleaned_data[ 'new_password_confirm'] if new_password == new_password_confirm: user.set_password(new_password) user.save() messages.success(request, u"Senha trocada com sucesso") return self.form_valid(form) else: form.add_error(field=None, error=u"Senhas diferentes.") return self.form_invalid(form) else: form.add_error( field=None, error= u"Não foi possivel trocar a senha. Formulário inválido.") return self.form_invalid(form) else: form.add_error( field=None, error= u"O link usado para a troca de senha não é válido ou expirou, por favor tente enviar novamente." ) return self.form_invalid(form)
def post(self, request, uid=None, token=None): # Get the UserModel UserModel = get_user_model() # Decode the uidb64 to uid to get User object try: uid = uid_decoder(uid) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None # If we get the User object if user: serializer = self.serializer_class(data=request.DATA, user=user) if serializer.is_valid(): # Construct SetPasswordForm instance form = SetPasswordForm(user=user, data=serializer.data) if form.is_valid(): if default_token_generator.check_token(user, token): form.save() # Return the success message with OK HTTP status return Response( { "success": "Password has been reset with the new password." }, status=status.HTTP_200_OK) else: return Response( {"error": "Invalid password reset token."}, status=status.HTTP_400_BAD_REQUEST) else: return Response(form._errors, status=status.HTTP_400_BAD_REQUEST) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: return Response({"errors": "Couldn\'t find the user from uid."}, status=status.HTTP_400_BAD_REQUEST)
def custom_password_reset_confirm( request, uidb64=None, token=None, template_name='wagtailadmin/account/password_reset/confirm.html', post_reset_redirect='wagtailadmin_password_reset_complete'): """ View that checks the hash in a password reset link and presents a form for entering a new password. """ UserModel = get_user_model() assert uidb64 is not None and token is not None # checked by URLconf post_reset_redirect = resolve_url(post_reset_redirect) try: # urlsafe_base64_decode() decodes to bytestring on Python 3 uid = force_text(urlsafe_base64_decode(uidb64)) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): validlink = True title = _('Enter new password') if request.method == 'POST': form = CFGOVSetPasswordForm(user, request.POST) if form.is_valid(): form.save() user.temporarylockout_set.all().delete() return HttpResponseRedirect(post_reset_redirect) else: form = CFGOVSetPasswordForm(user) else: validlink = False form = None title = _('Password reset unsuccessful') context = { 'form': form, 'title': title, 'validlink': validlink, } return TemplateResponse(request, template_name, context)
def changePassword(request, uidb64, token): if request.method != "POST": return exit_with_error("Wrong method", 405) password = request.POST.get('new_password1', None) confirm = request.POST.get('new_password2', None) if password == None or confirm == None: return exit_with_error("900090 Wrong request", 400) if token == None or uidb64 == None: return exit_with_error("900090 Wrong request", 400) UserModel = get_user_model() try: uid = urlsafe_base64_decode(uidb64) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token(user, token): if password != confirm: return exit_with_error("900091 Password and confirm do not match", 400) # PWD validation matches = 0 if re.search('[a-z]+', password): matches += 1 if re.search('[A-Z]+', password): matches += 1 if re.search('[0-9]+', password): matches += 1 if re.search('[+=\[\]~!@#$%\^&*_-`|(){}:;<>,.?]+', password): matches += 1 if len(password) < 7 or matches < 3: return exit_with_error("900092 Password is not valid", 400) form = SetPasswordForm(user, request.POST) if form.is_valid(): form.save() return exit_with_error("Password changed", 204) else: return exit_with_error("900093 Form errors : ".join(form.erros), 400) else: return exit_with_error("Invalid token", 404)
def activate(request, uid64, token): try: uid = force_text(urlsafe_base64_decode(uid64)) current_user = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist, ValidationError): messages.error(request, '메일 인증에 실패했습니다.') return redirect('/') if default_token_generator.check_token(current_user, token): current_user.is_active = True current_user.save() messages.info(request, '메일 인증이 완료 되었습니다. 회원가입을 축하드립니다!') return redirect('/register/login/') messages.error(request, '메일 인증에 실패했습니다.') return redirect('/register/main/')
def user_password_reset_from_token(request, user_base36, reset_token): user_id = base36_to_int(user_base36) reset_user = get_user_manager().get(id=user_id) token_valid = password_reset_token_generator.check_token( reset_user, reset_token) if not token_valid: logger.warn("Invalid password reset token to user " + str(reset_user)) return AccountsError.INVALID_PASSWORD_RESET_TOKEN reset_user.set_unusable_password() reset_user.save() # Logout the user everywhere else (invalidate all sessions) # Log him in here in a new session # update_session_auth_hash(request, request.user) login(request, reset_user) return {}
def reset_password_view(request, uidb36, token): user = Hacker.objects.get(pk=base36_to_int(uidb36)) if default_token_generator.check_token(user, token): if request.method == 'POST': form = PasswordRecoveryForm(request.POST) if form.is_valid(): user = form.save(uidb36, token) password = form.cleaned_data.get('password') user = authenticate(username=user.username, password=password) if user is not None and user.is_active: login(request, user) return HttpResponseRedirect(reverse_lazy('home')) else: form = PasswordRecoveryForm() return render(request, 'accounts/set_password.html', { 'form': form, }) raise Http404
def get(self, request, uidb64, token): try: uid = urlsafe_base64_decode(uidb64) # print(uid) user = User.objects.get(pk=uid) # print(user) except (TypeError, ValueError, OverflowError, user.DoesNotExist): user = None if user is not None and default_token_generator.check_token( user, token): user.is_active = True user.save() return HttpResponse( "Thank you for your email confimation. Now you can login your account." ) else: return HttpResponse('Activation link is invalid!')
def active_account(request, uidb36, token): try: uid_int = base36_to_int(uidb36) except ValueError: raise Http404 user = get_object_or_404(User, id=uid_int) if user and default_token_generator.check_token(user, token): user.is_active = True user.save(update_fields=['is_active']) login(request, user, backend='django.contrib.auth.backends.ModelBackend') messages.success(request, 'Selamat, akun Anda sudah aktif') else: messages.warning(request, 'Maaf, ada masalah dengan aktivasi akun') return redirect("website:accounts:index")
def validate(self, attrs): self._errors = {} try: uid = force_text(uid_decoder(attrs['uid'])) self.user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): raise ValidationError({'uid': ['Invalid value']}) self.custom_validation(attrs) self.set_password_form = self.set_password_form_class(user=self.user, data=attrs) if not self.set_password_form.is_valid(): raise serializers.ValidationError(self.set_password_form.errors) if not default_token_generator.check_token(self.user, attrs['token']): raise ValidationError({'token': ['Invalid value']}) return attrs
def recover(request, uidb64=None, token=None): """ Login via an account recovery link. Modeled on django.contrib.auth.views.password_reset_confirm, but resets the password to an unusable password instead of prompting for a new password. """ UserModel = get_user_model() try: uid = force_text(urlsafe_base64_decode(uidb64)) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user and default_token_generator.check_token(user, token): login(request, user, "kuma.users.auth_backends.KumaAuthBackend") return redirect("users.recover_done") return render(request, "users/recover_failed.html")
def get(self, request, *args, **kwargs): uidb36 = kwargs.get('uidb36') token = kwargs.get('token') try: uid_int = base36_to_int(uidb36) except ValueError: raise Http404 user = get_object_or_404(get_user_model(), id=uid_int) if default_token_generator.check_token(user, token): user.is_active = True user.save() login(request, user=user) return redirect('forum:home')
def get(self, request, token, uid): username = force_text(urlsafe_base64_decode(uid)) user = User.objects.filter(username=username).first() verify_token = default_token_generator.check_token(user, token) msg = {"message": "email verified"} st = status.HTTP_200_OK if not verify_token: msg["message"] = "token invalid" st = status.HTTP_400_BAD_REQUEST else: user.is_verified = True user.save() return Response(msg, status=st)
def mutate(self, info, input): uid = input.get("uid") token = input.get("token") try: uid = decode_uid(uid) user = UserModel.objects.get(pk=uid) if not default_token_generator.check_token(user, token): error = "Activation code invalid. You might have waited too long. Try again with a new activation link." raise GraphQLError(error) user.is_active = True user.save() return ConfirmEmail(success=True) except UserModel.DoesNotExist: error = "Unknown user." raise GraphQLError(error)
def confirm_register(request, username, token): context = {} try: user_to_activate = User.objects.get(username=username) except ObjectDoesNotExist: context['user_error'] = 'Can not find user' return render(request, 'draw_something/registration_error.html', context) match = default_token_generator.check_token(user_to_activate, token) if match: user_to_activate.is_active = True user_to_activate.save() return redirect(reverse('home')) else: context['token_error'] = 'Token is invalid' return render(request, 'draw_something/registration_error.html', context)
def get(self, request, uid, token): """ Mainly ripped from django.contrib.auth.views.password_reset_confirm """ try: uid_int = base36_to_int(uid) user = User.objects.get(pk=uid_int) except (ValueError, User.DoesNotExist): user = None if user is not None and token_generator.check_token(user, token): # Hack because we're not getting the password user.backend = 'django.contrib.auth.backends.ModelBackend' login(request, user) return HttpResponseRedirect('/#/users/%s/change-password/' % user.pk) return HttpResponseRedirect('/')
def get_jwt_token(request): """API для получения jwt-токена""" serializer = ConfirmationCodeSerializer(data=request.data) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) email = serializer.data.get('email') confirmation_code = serializer.data.get('confirmation_code') user = get_object_or_404(User, email=email) if default_token_generator.check_token(user, confirmation_code): refresh = RefreshToken.for_user(user) return Response( {'access': str(refresh.access_token)}, status=status.HTTP_200_OK ) return Response( {'confirmation_code': 'Неверный код подтверждения'}, status=status.HTTP_400_BAD_REQUEST )
def auth_user(request, uidb36, token): try: uid_int = base36_to_int(uidb36) except ValueError: raise Http404 user = get_object_or_404(User, id=uid_int) if user and default_token_generator.check_token(user, token): login(request, user, backend='django.contrib.auth.backends.ModelBackend') if hasattr(user, 'survey'): return redirect("website:accounts:edit_survey") else: return redirect("website:accounts:survey") messages.warning(request, 'Maaf link tidak valid') return redirect('website:index')
def post(self, request, *args, **kwargs): if self.form.is_valid(): try: user = User.objects.get(id=self.request.GET.get('id')) except User.DoesNotExist: return self.invalid('unknownuser') if not default_token_generator.check_token( user, self.request.GET.get('token')): return self.invalid('invalid') user.set_password(self.form.cleaned_data['password']) user.save() messages.success(request, _('You can now login using your new password.')) user.log_action( 'pretix.control.auth.user.forgot_password.recovered') return redirect('control:auth.login') else: return self.get(request, *args, **kwargs)
def get(self, request, uidb64, token, *args, **kwargs): try: uid = urlsafe_base64_decode(uidb64).decode() user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None if user is not None and default_token_generator.check_token( user, token): user.is_active = True user.save() return self.render_to_response({ 'msg': 'Thank you for your email confirmation. Now you can login your account.' }) else: return HttpResponse('Activation link is invalid!') return self.render_to_response( {'msg': 'Activation link is invalid!'})
def signup_confirm(request, uidb64, token): User = get_user_model() try: uid = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None if user and token_generator.check_token(user, token): user.is_active = True user.save() messages.info(request, '이메일을 인증했습니다. 로그인 해주세요.') return redirect(settings.LOGIN_URL) else: messages.error(request, '잘못된 경로로 접근하셨습니다.') return redirect(settings.LOGINS_URL)
def validate(self, attrs): # Decode the uidb64 to uid to get User object try: uid = force_text(uid_decoder(attrs['uidb64'])) self.user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): raise ValidationError({'uidb64': _('Invalid value')}) # Construct SetPasswordForm instance self.set_password_form = self.set_password_form_class(user=self.user, data=attrs) if not self.set_password_form.is_valid(): raise serializers.ValidationError(self.set_password_form.errors) if not default_token_generator.check_token(self.user, attrs['token']): raise ValidationError({'token': _('Invalid value')}) return attrs
def get(self, request, uidb64=None, token=None, *args, **kwargs): klass = get_user_model() try: uid = urlsafe_base64_decode(uidb64) user = klass._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None if user is not None and default_token_generator.check_token( user, token): user.is_active = True user.save() template_name = self.get_template_name(request) context = self.get_context_data(request) return render(request, template_name, context) else: # message return redirect('home:top')
def activation_user(uidb64, token): try: uid = urlsafe_base64_decode(uidb64).decode() customer = User.objects.get(pk=uid) except (TypeError, ValueError, OverflowError): customer = None if customer is not None and default_token_generator.check_token( customer, token): customer.is_active = True customer.save() msg = { 'message': 'Thank you for your email confirmation. Now you can login your account.' } return Response(msg, status=status.HTTP_200_OK) else: msg = {'message': 'Activation link is invalid!'} return Response(msg, status=status.HTTP_400_BAD_REQUEST)
def perform_mutation(cls, _root, info, **data): user = info.context.user cls.clean_instance(info, user) token = data.pop("token") if not default_token_generator.check_token(user, token): raise ValidationError({ "token": ValidationError(INVALID_TOKEN, code=AccountErrorCode.INVALID) }) db_id = user.id user.delete() # After the instance is deleted, set its ID to the original database's # ID so that the success response contains ID of the deleted object. user.id = db_id return cls.success_response(user)
def get(self, request, *args, **kwargs): try: user = get_user_model().objects.get(id=kwargs['user_id']) except get_user_model().DoesNotExist: raise Http404 if user.is_active: raise Http404 if not default_token_generator.check_token(user,kwargs['token']): raise Http404 user.is_active = True user.save() print("Acitvating %s" % user.username) return super(CheckConfirmationView,self).get(self, request, *args, **kwargs)
def get(self, request, *args, **kwargs): uidb64 = kwargs.get('uidb64') token = kwargs.get('token') order = ConfirmEmailOrder.objects.filter(key=uidb64).filter(checked=False).first() if order and default_token_generator.check_token(order.user, token): response = order.invoke() if response == ConfirmEmailOrder.OK: return HttpResponseRedirect(redirect_to=reverse('login')) else: error = 'Error' if response == ConfirmEmailOrder.EMAIL_ERROR: error = 'Correo Repetido' if response == ConfirmEmailOrder.EXPIRED: error = "Too Late" return HttpResponse(status=400,content=error) else: return HttpResponse(status=404)
def changeemail(request, uidb64, token, newemail): try: # Query User using decoded UID uid = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=uid) except(TypeError, ValueError, OverflowError, User.DoesNotExist): user = None newemail = force_text(urlsafe_base64_decode(newemail)) # This will fail if the user has already used the link to changed their email, the token is invalid, the UID is invalid, or the user has requested to change to another email if user is not None and default_token_generator.check_token(user, token) and user.target_new_email == newemail: user.email = newemail user.target_new_email = None user.save() return redirect('emailchangesuccess') else: return redirect('emailchangefail')
def confirm_registration(request, username, token): new_user = get_object_or_404(User, username=username) # Send 404 error if token is invalid if not default_token_generator.check_token(new_user, token): raise Http404 # Otherwise token was valid, activate the user. new_user.is_active = True new_user.save() entry = Entry(age=0, created_by=new_user, update_time=datetime.now(), creation_time=datetime.now()) entry.save() return render(request, 'socialnetwork/confirmed.html', {})
def reset_password_universal(request, token=None): if token is None: if not request.user.is_authenticated: raise Http404 if request.method == 'POST': form = PasswordResetForm(request.POST) if form.is_valid(): user = User.objects.get(username=request.user) user.set_password(form.cleaned_data['password2']) user.save() logout(request) messages.success(request, 'Password Changed.') return redirect('home') else: form = PasswordResetForm() context = { 'form': form, 'title': 'Simple TV | Password Reset', 'header': 'Change Password', } return render(request, 'accounts/commonformindex.html', context) if token is not None: user_id = int(token[-1]) user_obj = User.objects.get(id=user_id) main_token = token[:-1] if default_token_generator.check_token(user_obj, main_token): if request.method == 'POST': form = PasswordResetForm(request.POST) if form.is_valid(): user = User.objects.get(username=user_obj.username) user.set_password(form.cleaned_data['password2']) user.save() messages.success(request, 'Password Reset Done.') return redirect('login_user') else: form = PasswordResetForm() context = { 'form': form, 'title': 'Simple TV | Password Reset', 'header': 'Reset Password', } return render(request, 'accounts/commonformindex.html', context) else: return HttpResponse('<h1>Invalid Token</h1>')