def process_verify_email_data(input_data, serializer_context=None): if serializer_context is None: serializer_context = {} if not registration_settings.REGISTER_EMAIL_VERIFICATION_ENABLED: raise Http404() serializer = VerifyEmailSerializer( data=input_data, context=serializer_context, ) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterEmailSigner(data) verify_signer_or_bad_request(signer) request = serializer_context.get('request') new_email = data['email'] if is_user_email_field_unique() and user_with_email_exists(new_email): raise BadRequest(_("This email is already registered.")) email_field_name = get_user_email_field_name() user = get_user_by_verification_id(data['user_id']) old_email = getattr(user, email_field_name) setattr(user, email_field_name, new_email) user.save() signals.user_changed_email.send( sender=None, user=user, new_email=new_email, old_email=old_email, request=request, )
def process_verify_email_data(input_data, serializer_context=None): if serializer_context is None: serializer_context = {} if not registration_settings.REGISTER_EMAIL_VERIFICATION_ENABLED: raise Http404() serializer = VerifyEmailSerializer( data=input_data, context=serializer_context, ) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterEmailSigner(data) verify_signer_or_bad_request(signer) request = serializer_context.get('request') email_field = get_user_setting('EMAIL_FIELD') user = get_user_by_verification_id(data['user_id']) old_email = user.email setattr(user, email_field, data['email']) user.save() signals.user_changed_email.send( sender=None, user=user, new_email=data['email'], old_email=old_email, request=request, )
def _calculate_salt(self, data): if registration_settings.RESET_PASSWORD_VERIFICATION_ONE_TIME_USE: user = get_user_by_verification_id( data['user_id'], require_verified=False) # Use current user password hash as a part of the salt. # If the password gets changed, then assume that the change # was caused by previous password reset and the signature # is not valid anymore because changed password hash implies # changed salt used when verifying the input data. salt = '{self.SALT_BASE}:{user.password}'.format( self=self, user=user) else: salt = self.SALT_BASE return salt
def process_verify_email_data(input_data): if not registration_settings.REGISTER_EMAIL_VERIFICATION_ENABLED: raise Http404() serializer = VerifyEmailSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterEmailSigner(data) verify_signer_or_bad_request(signer) email_field = get_user_setting('EMAIL_FIELD') user = get_user_by_verification_id(data['user_id']) setattr(user, email_field, data['email']) user.save()
def process_verify_registration_data(input_data): if not registration_settings.REGISTER_VERIFICATION_ENABLED: raise Http404() serializer = VerifyRegistrationSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data signer = RegisterSigner(data) verify_signer_or_bad_request(signer) verification_flag_field = get_user_setting('VERIFICATION_FLAG_FIELD') user = get_user_by_verification_id(data['user_id'], require_verified=False) setattr(user, verification_flag_field, True) user.save() return user
def _calculate_salt(self, data): if registration_settings.REGISTER_VERIFICATION_ONE_TIME_USE: user = get_user_by_verification_id(data['user_id'], require_verified=False) # Use current user verification flag as a part of the salt. # If the verification flag gets changed, then assume that # the change was caused by previous verification and the signature # is not valid anymore because changed user verification flag # implies changed salt used when verifying the input data. verification_flag_field = get_user_setting( 'VERIFICATION_FLAG_FIELD') verification_flag = getattr(user, verification_flag_field) salt = '{self.SALT_BASE}:{verification_flag}'.format( self=self, verification_flag=verification_flag) else: salt = self.SALT_BASE return salt
def process_reset_password_data(input_data, serializer_context=None): if serializer_context is None: serializer_context = {} if not registration_settings.RESET_PASSWORD_VERIFICATION_ENABLED: raise Http404() serializer = ResetPasswordSerializer(data=input_data, context=serializer_context) serializer.is_valid(raise_exception=True) data = serializer.validated_data.copy() password = data.pop('password') data.pop('password_confirm', None) signer = ResetPasswordSigner(data) verify_signer_or_bad_request(signer) user = get_user_by_verification_id(data['user_id'], require_verified=False) user.set_password(password) user.save()
def process_reset_password_data(input_data): if not registration_settings.RESET_PASSWORD_VERIFICATION_ENABLED: raise Http404() serializer = ResetPasswordSerializer(data=input_data) serializer.is_valid(raise_exception=True) data = serializer.validated_data.copy() password = data.pop('password') signer = ResetPasswordSigner(data) verify_signer_or_bad_request(signer) user = get_user_by_verification_id(data['user_id'], require_verified=False) try: validate_password(password, user=user) except ValidationError as exc: raise serializers.ValidationError(exc.messages[0]) user.set_password(password) user.save()
def validate_password_with_user_id(user_data: Dict[str, Any]) -> None: password = user_data['password'] user_id = user_data['user_id'] user = get_user_by_verification_id(user_id, require_verified=False) return _validate_user_password(password, user)