def password_reset(request):
template_name = 'accounts/password_reset.html'
context = {}
form = PasswordResetForm(request.POST or None)
if form.is_valid():
form.save()
context['success'] = True
context['form'] = form
return render(request, template_name, context)
def password_reset(request):
if request.method == 'POST':
form = PasswordResetForm(request, request.POST)
if form.is_valid():
form.save()
return redirect('accounts.password_reset_sent')
else:
form = PasswordResetForm(request)
return render(request, 'accounts/password_reset.j.html', {
'form': form
})
def forgot_password(request):
if request.method == 'POST':
form = PasswordResetForm(request.POST)
if form.is_valid():
client = request.session['client']
try:
client.send_reset_password_link(form.cleaned_data['email'],
form.cleaned_data['first_name'])
return HttpResponseRedirect(reverse('forgot_success'))
except ValidationError as e:
form.add_error(None, e)
else:
form = PasswordResetForm()
return render(request, 'registration/forgot_password.html', {'form': form})
def reset_password_do_reset_password_page(request):
form = PasswordResetForm(request.POST or None)
if form.is_valid():
token = form.cleaned_data['token']
pass1 = form.cleaned_data['pass1']
# pass2 = form.cleaned_data['pass2']
password_forgot_obj = get_object_or_404(PasswordForgot, token=token)
User.objects.filter(id=password_forgot_obj.user_id).update(password=make_password(pass1))
PasswordForgot.objects.filter(token=token).delete()
messages.info(request, 'You have successfully reset your password, can login now.')
return HttpResponseRedirect(reverse('accounts.views.signin'))
return render(request, 'accounts/reset_password_do_reset_password_page.html', {
'form': form,
})
def password_reset(request):
form = PasswordResetForm(request.POST or None)
if form.is_valid():
opts = {
'use_https': request.is_secure(),
'token_generator': default_token_generator,
'from_email': settings.DEFAULT_FROM_EMAIL,
'email_template_name': 'accounts/password_reset_email.html',
'subject_template_name': 'accounts/password_reset_subject.txt',
'request': request
}
form.save(**opts)
messages.success(request, PASSWORD_RESET_MESSAGE)
return redirect(reverse('accounts:login'))
context = {'form': form}
return render(request, 'accounts/password_reset.html', context)
def password_reset_confirm(request, activation_key):
user = get_object_or_404(User, activation_key=activation_key)
form = PasswordResetForm(request.POST or None)
if form.is_valid():
password = form.cleaned_data['password1']
user.set_password(password)
user.activation_key = None
user.is_active = True
user.save()
msg = _('Your new password was saved successfully. You can now login '
'on your account.')
messages.success(request, msg)
return redirect('login')
return {
'form': form,
}
def password_reset_confirm(request, activation_key):
user = get_object_or_404(User, activation_key=activation_key)
form = PasswordResetForm(request.POST or None)
if form.is_valid():
password = form.cleaned_data['password1']
user.set_password(password)
user.activation_key = None
user.is_active = True
user.save()
msg = _('Your new password was saved successfully. You can now login '
'on your account.')
messages.success(request, msg)
return redirect('login')
return {
'form': form,
}
def changePassword(request):
user = request.user
context = {}
form = PasswordChangeForm(user)
if request.method == 'POST':
form = PasswordResetForm(request)
if form.is_valid():
form.save()
logout(request)
messages.info(request, 'Password was updated')
return HttpResponseRedirect(reverse('user_login'))
context['form'] = form
return render(request, 'password_reset.html', context)
def change_password(request):
if request.method == "POST":
password_reset_form = PasswordResetForm(request.POST)
if password_reset_form.is_valid():
if request.user.has_usable_password():
if request.user.check_password(password_reset_form.cleaned_data['old_password']):
request.user.set_password(password_reset_form.cleaned_data['new_password'])
request.user.save()
login(request, request.user)
return redirect('accounts:profile')
else:
password_reset_form.add_error('old_password', 'Incorrect Old Password')
else:
request.user.set_password(password_reset_form.cleaned_data['new_password'])
request.user.save()
login(request, request.user)
return redirect('accounts:profile')
else:
password_reset_form = PasswordResetForm()
return render(request, 'accounts/change_password.html', {'form': password_reset_form})
def test_get_active_users_works_with_username(self):
form = PasswordResetForm()
self.assertIn(self.user, form.get_active_users(USERNAME))
def reset(request, id, key):
# Make sure user exists and is active, reset key not expired and the provided key is valid
try:
u = User.objects.get(pk=id)
if u.is_active:
p = u.get_profile()
# Did the request expire?
if p.password_reset_date < timezone.now() - timedelta(days=1):
return render(
request, "accounts/message.html", {
'app': "accounts",
'connotation': "warning",
'message':
'This password reset request has been expired.'
})
# Is the key correct?
if p.password_reset_key != key:
# Avoid too much duplication and details so we show a unified error for incorrect reset key and user not found
raise User.DoesNotExist
else:
# Return a 'disabled account' error message
return render(
request, "accounts/message.html", {
'app':
"accounts",
'connotation':
"danger",
'message':
"This account has been suspended. This may be caused by either a violation of the Terms of Use or for verification purposes."
})
except User.DoesNotExist:
return render(
request, "accounts/message.html", {
'app': "accounts",
'connotation': "danger",
'message': 'Invalid password reset link.'
})
# Validate form and reset password
if request.method == 'POST':
form = PasswordResetForm(request.POST, instance=u)
if form.is_valid():
# For an unknown reason -yet- commenting out the following line has no effect. The password will still be saved.
# However, commenting out p.save() below prevent the profile fields from being updated!
form.save()
p.password_reset_key = ""
p.save()
u.backend = "django.contrib.auth.backends.ModelBackend"
login(request, u)
return render(
request, "accounts/message.html", {
'app':
"accounts",
'connotation':
"success",
'message':
'Your password has been reset successfully. <a href="/accounts/login/">Proceed to login</a>.'
})
else:
form = PasswordResetForm()
return render(request, "accounts/reset.html", {'form': form})
def test_form_helper_action_points_to_correct_url(self):
url = reverse('accounts:password_reset')
form = PasswordResetForm()
form.save()
self.assertEqual(form.helper.form_action, url)
def test_form_helper_method_is_post(self):
form = PasswordResetForm()
form.save()
self.assertEqual(form.helper.form_method, 'post')
def test_form_helper_exists(self):
form = PasswordResetForm()
form.save()
self.assertIsNotNone(form.helper)
def test_valid_form_sends_email_with_username(self, mock_send_mail):
form = PasswordResetForm(data={'email_or_username': USERNAME})
form.save()
self.assertTrue(mock_send_mail.called, True)
def test_save_on_empty_form_does_nothing(self, mock_send_mail):
form = PasswordResetForm()
form.save()
self.assertEqual(mock_send_mail.called, False)
def test_clean(self):
form = PasswordResetForm({'password1': 'toto', 'password2': 'toto'})
self.assertTrue(form.is_valid())
def test_clean(self):
form = PasswordResetForm({'password1': 'toto',
'password2': 'toto'})
self.assertTrue(form.is_valid())
def test_different_password(self):
form = PasswordResetForm({'password1': 'toto',
'password2': 'tata'})
self.assertFalse(form.is_valid())
def test_different_password(self):
form = PasswordResetForm({'password1': 'toto', 'password2': 'tata'})
self.assertFalse(form.is_valid())
def test_get_active_users_works_with_email(self):
form = PasswordResetForm()
self.assertIn(self.user, form.get_active_users(EMAIL))
