def process_verify_email_data(input_data): if not registration_settings.REGISTER_EMAIL_VERIFICATION_ENABLED: raise Http404() serializer = VerifyEmailSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterEmailSigner(data) verify_signer_or_bad_request(signer) email_field = get_user_setting('EMAIL_FIELD') user = get_user_by_id(data['user_id']) setattr(user, email_field, data['email']) user.save()
def _calculate_salt(self, data): if registration_settings.RESET_PASSWORD_VERIFICATION_ONE_TIME_USE: user_id = data['user_id'] user = get_user_by_id(user_id) # Use current user password hash as a part of the salt. # If the password gets changed, then assume that the change # was caused by previous password reset and the signature # is not valid anymore because changed password hash implies # changed salt used when verifying the input data. salt = '{self.SALT_BASE}:{user.password}'.format(self=self, user=user) else: salt = self.SALT_BASE return salt
def process_verify_registration_data(input_data): if not registration_settings.REGISTER_VERIFICATION_ENABLED: raise Http404() serializer = VerifyRegistrationSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterSigner(data) verify_signer_or_bad_request(signer) verification_flag_field = get_user_setting('VERIFICATION_FLAG_FIELD') user = get_user_by_id(data['user_id'], require_verified=False) setattr(user, verification_flag_field, True) user.save()
def process_reset_password_data(input_data): serializer = ResetPasswordSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data.copy() password = data.pop('password') signer = ResetPasswordSigner(data) verify_signer_or_bad_request(signer) user = get_user_by_id(data['user_id']) try: validate_password(password, user=user) except ValidationError as exc: raise serializers.ValidationError(exc.messages[0]) user.set_password(password) user.save()
def _calculate_salt(self, data): if registration_settings.REGISTER_VERIFICATION_ONE_TIME_USE: user_id = data['user_id'] user = get_user_by_id(user_id, require_verified=False) # Use current user verification flag as a part of the salt. # If the verification flag gets changed, then assume that # the change was caused by previous verification and the signature # is not valid anymore because changed user verification flag # implies changed salt used when verifying the input data. verification_flag_field = get_user_setting( 'VERIFICATION_FLAG_FIELD') verification_flag = getattr(user, verification_flag_field) salt = '{self.SALT_BASE}:{verification_flag}'.format( self=self, verification_flag=verification_flag) else: salt = self.SALT_BASE return salt
def process_reset_password_data(input_data): if not registration_settings.RESET_PASSWORD_VERIFICATION_ENABLED: raise Http404() serializer = ResetPasswordSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data.copy() password = data.pop('password') signer = ResetPasswordSigner(data) verify_signer_or_bad_request(signer) user = get_user_by_id(data['user_id'], require_verified=False) try: validate_password(password, user=user) except ValidationError as exc: raise serializers.ValidationError(exc.messages[0]) user.set_password(password) user.save()