def testReset4(self):
"""check reset password with wrong code"""
code = get_code()
c_obj = ResetCode(user=User.objects.get(username='******'),
code=get_hash(code))
c_obj.save()
res = self.c.post(
reverse('reset_password_page', args=['username']), {
'username': '******',
'code': code + "1",
'password1': 'password1',
'password2': 'password1',
})
self.assertEqual(res.json()['status'], 404)
def resetPasswordView(request, slug):
try:
user = User.objects.get(username=slug)
except:
return HttpResponse("404 Not Found")
if request.method == "POST":
code = request.POST.get('code')
password1 = request.POST.get('password1')
password2 = request.POST.get('password2')
if code != "" and password1 != "" and password1 == password2 and len(
password1) > 7:
try:
code_obj = ResetCode.objects.get(user=user)
if get_hash(code) == code_obj.code:
user.set_password(password1)
user.save()
code_obj.delete()
subject = "Success! Password Changed | TourDay"
message = f"Hi {user.username},\nSuccess! Your Password has been changed!\n\nIf you didn't changed your password, then your account is at risk. Contact TourDay Team as soon as possible.\n\nThanks,\nTourDay Team"
async_send_mail(subject, message, EMAIL_HOST_USER,
user.email)
user = authenticate(username=slug, password=password1)
if user is not None:
login(request, user)
# Password changed
return JsonResponse({'status': 200})
else:
raise ValueError
else:
raise ValueError
except:
return JsonResponse({'status': 404}) # bad request
else:
return JsonResponse({'status': 400}) # bad request
return render(request, '_auth/reset_password.html', {'slug': slug})
def forgetPasswordView(request):
if request.method == "POST":
username_email = request.POST.get('username_email')
try:
user = User.objects.get(
Q(username=username_email) | Q(email=username_email))
if ResetCode.objects.filter(user=user).count() != 0:
code_obj = ResetCode.objects.get(user=user)
else:
code_obj = ResetCode()
code_obj.user = user
code = get_code()
code_obj.code = get_hash(code)
code_obj.save()
subject = "Reset Password | TourDay"
message = f"Hi {user.username},\nYou recently requested to reset your password for your TourDay account.\n\nCODE: {code}\n\nGoto https://tourday.team/reset-password/{user.username} and use this code to reset your password.\n\nIf you didn't request a password reset, please ignore this email.\n\nThanks,\nTourDay Team"
async_send_mail(subject, message, EMAIL_HOST_USER, user.email)
return JsonResponse({"status": 200, "slug": user.username})
except:
return JsonResponse({
"status": 404,
})
return render(request, "_auth/forget_password.html")