def force_password_reset(email):
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
return
user.set_unusable_password()
user.save()
PortunusMailer.send_lockout_email(user)
def admin_request_password_reset(request):
portunus_uuid = request.data.get("portunus_uuid")
if not portunus_uuid:
return make_response(False)
try:
user = User.objects.get(portunus_uuid=portunus_uuid)
except User.DoesNotExist:
return make_response(False)
PortunusMailer.send_password_reset(user)
return make_response()
def send_new_user_email(request):
uuid = request.data.get("portunus_uuid")
if not uuid:
return make_response(False)
try:
user = User.objects.get(portunus_uuid=uuid)
except User.DoesNotExist:
# Send back success even if the account DNE to avoid leaking uuids.
return make_response()
PortunusMailer.send_account_creation_notice(user)
return make_response()
def request_password_reset(request):
email = request.data.get("email")
if not email:
return make_response(False)
try:
user = User.objects.get(email=email.lower())
except User.DoesNotExist:
# Send back success even if the account DNE to avoid leaking user emails.
return make_response()
PortunusMailer.send_password_reset(user)
return make_response()
def request_email_change(request):
user = request.user
password = request.data.get("password")
new_email = request.data.get("new_email")
response = check_password_for_auth_change(request, user, password)
if response is not None:
return response
try:
validate_email(new_email)
existing_user = User.objects.filter(email=request.data["new_email"]).first()
if existing_user:
return make_response(False, {"error": EMAIL_EXISTS})
except ValidationError:
return make_response(False, {"error": INVALID_EMAIL})
PortunusMailer.send_change_email_confirmation(user, new_email)
return make_response()
def request_password_reset(request):
email = request.data.get("email")
if not email:
return make_response(False)
try:
user = User.objects.get(email=email.lower())
except User.DoesNotExist:
# Send back success even if the account DNE to avoid leaking user emails.
extra_data = {
"success": False,
"email": email,
"error": "Matching user does not exist",
}
log_event("request_password_reset", request, extra_data=extra_data)
return make_response()
PortunusMailer.send_password_reset(user)
log_event("request_password_reset", request, extra_data={"success": True})
return make_response()
def create(self, validated_data):
user = User(**validated_data)
user.set_unusable_password()
user.save()
PortunusMailer.send_account_creation_notice(user)
return user