class ConfirmResetPasswordSerializer(serializers.Serializer):
password = serializers.CharField(max_length=128,
write_only=True,
style={"input_type": "password"})
signature = serializers.CharField(max_length=71, write_only=True)
def __init__(self, *args, **kwargs):
super(ConfirmResetPasswordSerializer, self).__init__(*args, **kwargs)
self.password_service = PasswordService()
def validate_password(self, password):
try:
self.password_service.validate_password(password)
except InvalidPasswordError as e:
raise ValidationError(e) from e
return password
def save(self, **kwargs):
new_password = self.validated_data["password"]
signature = self.validated_data["signature"]
try:
self.password_service.reset_password(signature, new_password)
except InvalidResetPasswordSignatureError as e:
raise ValidationError({"signature": e.message}) from e
def create(self, validated_data):
assert False, "Do not use update directly"
def update(self, instance, validated_data):
assert False, "Do not use update directly"
class ChangePasswordSerializer(serializers.Serializer):
old_password = serializers.CharField(max_length=128,
write_only=True,
style={"input_type": "password"})
new_password = serializers.CharField(max_length=128,
write_only=True,
style={"input_type": "password"})
def __init__(self, *args, **kwargs):
super(ChangePasswordSerializer, self).__init__(*args, **kwargs)
self.request = self.context.get("request")
self.user = getattr(self.request, "user", None)
self.password_service = PasswordService()
def validate_old_password(self, old_password):
try:
self.password_service.check_password(self.user, old_password)
except WrongPasswordError as e:
raise serializers.ValidationError(e.message) from e
return old_password
def validate_new_password(self, new_password):
try:
self.password_service.validate_password(new_password,
user=self.user)
except InvalidPasswordError as e:
raise serializers.ValidationError(e.messages) from e
return new_password
def create(self, validated_data):
assert False, "Do not use update directly"
def update(self, instance, validated_data):
assert False, "Do not use update directly"
def save(self, **kwargs):
self.password_service.change_password(
self.user, self.validated_data["new_password"])
class RegistrationSerializer(serializers.ModelSerializer):
email = serializers.EmailField(write_only=True, max_length=128)
password = serializers.CharField(write_only=True, max_length=128)
first_name = serializers.CharField(required=True, max_length=30)
last_name = serializers.CharField(required=True, max_length=30)
family_uuid = serializers.UUIDField(write_only=True,
required=True,
allow_null=True)
family_name = serializers.CharField(write_only=True,
required=False,
allow_null=True)
class Meta:
model = UserAccount
fields = ("email", "first_name", "last_name", "password",
"family_uuid", "family_name")
def __init__(self, *args, **kwargs):
super(RegistrationSerializer, self).__init__(*args, **kwargs)
self.password_service = PasswordService()
def validate_email(self, email):
if UserAccount.objects.filter(email=email).exists():
raise ValidationError(
gettext("Could not create account with this email."))
return super().validate(email)
def validate_family_uuid(self, family_uuid):
if family_uuid is not None and not Family.objects.filter(
uuid=family_uuid).exists():
raise ValidationError(
gettext("Could not find family with that uuid"))
return family_uuid
def validate_password(self, new_password):
try:
self.password_service.validate_password(new_password)
except InvalidPasswordError as e:
raise serializers.ValidationError(e.messages) from e
return new_password
def save(self, **kwargs):
self.instance = UserAccount.objects.create_user(
self.validated_data.get("email"),
self.validated_data.get("password"))
self.instance.first_name = self.validated_data.get("first_name")
self.instance.last_name = self.validated_data.get("last_name")
family_uuid = self.validated_data.pop("family_uuid")
if family_uuid is None:
family = Family.create_family(
name=self.validated_data.get(
"family_name", f"{self.instance.get_full_name()} Family"),
creator=self.instance,
)
else:
family = Family.objects.get(pk=family_uuid)
self.instance.family = family
raw_password = self.validated_data.get("password")
self.instance.set_password(raw_password)
self.instance.save()
return self.instance
def test_validate_password(mocker):
mocker.patch("django.contrib.auth.password_validation.validate_password",
side_effect=ValidationError("exception"))
with pytest.raises(InvalidPasswordError):
PasswordService.validate_password("SOME_PASSWORD")