def get_password_reset_url(self, request, user): temp_key = default_token_generator.make_token(user) path = reverse( "account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key), ) return request.build_absolute_uri(path)
def get_serializer_context(self): user = self.request.user if not user.pk: return uid = user_pk_to_url_str(user) token = default_token_generator.make_token(user) password_reset_urls = app_settings.PASSWORD_RESET_URLS password_reset_url = password_reset_urls.get('default') domain = get_current_site(self.request).domain if getattr(self, 'swagger_fake_view', False): organization_pk, organization_slug = None, None # pragma: no cover else: organization_pk = self.organization.pk organization_slug = self.organization.slug org_radius_settings = self.organization.radius_settings if org_radius_settings.password_reset_url: password_reset_url = org_radius_settings.password_reset_url else: password_reset_url = password_reset_urls.get( str(organization_pk), password_reset_url) password_reset_url = password_reset_url.format( organization=organization_slug, uid=uid, token=token, site=domain) context = { 'request': self.request, 'password_reset_url': password_reset_url } return context
def get_password_reset_link(self): return reverse( "account_reset_password_from_key", kwargs={ 'uidb36': user_pk_to_url_str(self), 'key': default_token_generator.make_token(self) }, )
def _generate_uid_and_token(self, user): result = {} if 'allauth' in settings.INSTALLED_APPS: from allauth.account.forms import default_token_generator from allauth.account.utils import user_pk_to_url_str result['uid'] = user_pk_to_url_str(user) else: from django.utils.encoding import force_bytes from django.contrib.auth.tokens import default_token_generator from django.utils.http import urlsafe_base64_encode result['uid'] = urlsafe_base64_encode(force_bytes(user.pk)) result['token'] = default_token_generator.make_token(user) return result
def test_password_reset_flow(self): user = JobSeekerFactory() # Ask for password reset. url = reverse("account_reset_password") response = self.client.get(url) self.assertEqual(response.status_code, 200) post_data = {"email": user.email} response = self.client.post(url, data=post_data) args = urlencode({"email": user.email}) next_url = reverse("account_reset_password_done") self.assertRedirects(response, f"{next_url}?{args}") # Check sent email. self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] self.assertIn("Réinitialisation de votre mot de passe", email.subject) self.assertIn( "Si vous n'avez pas demandé la réinitialisation de votre mot de passe, vous pouvez ignorer ce message", email.body, ) self.assertEqual(email.from_email, settings.DEFAULT_FROM_EMAIL) self.assertEqual(len(email.to), 1) self.assertEqual(email.to[0], user.email) # Change forgotten password. uidb36 = user_pk_to_url_str(user) key = default_token_generator.make_token(user) password_change_url = reverse("account_reset_password_from_key", kwargs={ "uidb36": uidb36, "key": key }) response = self.client.get(password_change_url) password_change_url_with_hidden_key = response.url post_data = { "password1": DEFAULT_PASSWORD, "password2": DEFAULT_PASSWORD } response = self.client.post(password_change_url_with_hidden_key, data=post_data) self.assertRedirects(response, reverse("account_reset_password_from_key_done")) # User can log in with his new password. self.assertTrue( self.client.login(username=user.email, password=DEFAULT_PASSWORD)) self.client.logout()
def get_password_reset_url(self): temp_key = default_token_generator.make_token(self) path = reverse( "account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(self), key=temp_key), ) site = get_current_site(request=None) domain = site.domain scheme = "http" if settings.ADSERVER_HTTPS: scheme = "https" return "{scheme}://{domain}{path}".format(scheme=scheme, domain=domain, path=path)
def post(self, request, student): student = get_object_or_404( Student, teacher=request.user, user__username=student, ) user = student.user email = user_email(request.user) if not email: messages.error( request, "Can not send a password reset link since your account ({}) doesn't have an email address associated with it.".format(request.user.username) ) return redirect('teachers:teacher') temp_key = default_token_generator.make_token(user) path = reverse( 'account_reset_password_from_key', kwargs={'uidb36': user_pk_to_url_str(user), 'key': temp_key}, ) context = { 'current_site': get_current_site(request), 'user': user, 'password_reset_url': build_absolute_uri(request, path), 'request': request, 'username': user_username(user), 'timeout_days': settings.PASSWORD_RESET_TIMEOUT_DAYS, } get_adapter(request).send_mail( 'teachers/email/password_reset_key', email, context, ) messages.success( request, "Password reset link for user {user} has been sent to your email address ({email})".format( user=user, email=email) ) return redirect('teachers:teacher')
def test_api_password_reset(self): test_user = User.objects.create_user( username='******', password='******', email='*****@*****.**' ) self._create_org_user(organization=self.default_org, user=test_user) mail_count = len(mail.outbox) reset_payload = {'email': '*****@*****.**'} # wrong org password_reset_url = reverse( 'radius:rest_password_reset', args=['wrong-slug-name'] ) response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 404) password_reset_url = reverse( 'radius:rest_password_reset', args=[self.default_org.slug] ) # no payload response = self.client.post(password_reset_url, data={}) self.assertEqual(response.status_code, 400) # email does not exist in database reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 404) # email not registered with org User.objects.create_user( username='******', password='******', email='*****@*****.**' ) reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 400) # valid payload reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(len(mail.outbox), mail_count + 1) url_kwargs = { 'uid': user_pk_to_url_str(test_user), 'token': default_token_generator.make_token(test_user), } password_confirm_url = reverse( 'radius:rest_password_reset_confirm', args=[self.default_org.slug] ) # wrong token data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': url_kwargs['uid'], 'token': '-wrong-token-', } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 400) # wrong uid data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': '-wrong-uid-', 'token': url_kwargs['token'], } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 404) # wrong token and uid data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': '-wrong-uid-', 'token': '-wrong-token-', } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 404) # valid payload data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': url_kwargs['uid'], 'token': url_kwargs['token'], } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 200) self.assertIn( 'Password reset e-mail has been sent.', str(response.data['detail']) ) # user should not be able to login with old password login_payload = {'username': '******', 'password': '******'} login_url = reverse('radius:user_auth_token', args=[self.default_org.slug]) login_response = self.client.post(login_url, data=login_payload) self.assertEqual(login_response.status_code, 400) # user should be able to login with new password login_payload = {'username': '******', 'password': '******'} login_response = self.client.post(login_url, data=login_payload) self.assertEqual(login_response.status_code, 200)
def test_api_password_reset(self): test_user = User.objects.create_user(username='******', password='******', email='*****@*****.**') self._create_org_user(organization=self.default_org, user=test_user) mail_count = len(mail.outbox) reset_payload = {'email': '*****@*****.**'} # wrong org password_reset_url = reverse('radius:rest_password_reset', args=['wrong-slug-name']) response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 404) password_reset_url = reverse('radius:rest_password_reset', args=[self.default_org.slug]) # no payload response = self.client.post(password_reset_url, data={}) self.assertEqual(response.status_code, 400) # email does not exist in database reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 404) # email not registered with org User.objects.create_user(username='******', password='******', email='*****@*****.**') reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(response.status_code, 400) # valid payload reset_payload = {'email': '*****@*****.**'} response = self.client.post(password_reset_url, data=reset_payload) self.assertEqual(len(mail.outbox), mail_count + 1) email = mail.outbox.pop() self.assertIn( "<p> Please click on the button below to open a page where you can", ' '.join(email.alternatives[0][0].split()), ) self.assertRegex( ''.join(email.alternatives[0][0].splitlines()), '<a href=".*">.*Reset password.*<\/a>', ) self.assertNotIn('<img src=""', email.alternatives[0][0]) url_kwargs = { 'uid': user_pk_to_url_str(test_user), 'token': default_token_generator.make_token(test_user), } password_confirm_url = reverse('radius:rest_password_reset_confirm', args=[self.default_org.slug]) # wrong token data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': url_kwargs['uid'], 'token': '-wrong-token-', } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 400) # wrong uid data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': '-wrong-uid-', 'token': url_kwargs['token'], } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 404) # wrong token and uid data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': '-wrong-uid-', 'token': '-wrong-token-', } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 404) # valid payload data = { 'new_password1': 'test_new_password', 'new_password2': 'test_new_password', 'uid': url_kwargs['uid'], 'token': url_kwargs['token'], } confirm_response = self.client.post(password_confirm_url, data=data) self.assertEqual(confirm_response.status_code, 200) self.assertIn('Password reset e-mail has been sent.', str(response.data['detail'])) # user should not be able to login with old password login_payload = {'username': '******', 'password': '******'} login_url = reverse('radius:user_auth_token', args=[self.default_org.slug]) login_response = self.client.post(login_url, data=login_payload) self.assertEqual(login_response.status_code, 400) # user should be able to login with new password login_payload = { 'username': '******', 'password': '******' } login_response = self.client.post(login_url, data=login_payload) self.assertEqual(login_response.status_code, 200)