def change_forgotten_password(request, user_id, token): User = auth.get_user_model() try: user = User.objects.get(pk=user_id) except User.DoesNotExist: message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def change_forgotten_password(request, pk, token): User = auth.get_user_model() invalid_message = _("Form link is invalid. Please try again.") expired_message = _("Your link has expired. Please request new one.") try: try: user = User.objects.get(pk=pk) except User.DoesNotExist: raise PasswordChangeFailed(invalid_message) if request.user.is_authenticated() and request.user.id != user.id: raise PasswordChangeFailed(invalid_message) if not is_password_change_token_valid(user, token): raise PasswordChangeFailed(invalid_message) if user.requires_activation: raise PasswordChangeFailed(expired_message) if get_user_ban(user): raise PasswordChangeFailed(expired_message) except PasswordChangeFailed as e: return Response({'detail': e.args[0]}, status=status.HTTP_400_BAD_REQUEST) try: new_password = request.data.get('password', '').strip() validate_password(new_password) user.set_password(new_password) user.save() except ValidationError as e: return Response({'detail': e.messages[0]}, status=status.HTTP_400_BAD_REQUEST) return Response({'username': user.username})
def reset_password_form(request, pk, token): requesting_user = get_object_or_404(get_user_model(), pk=pk) try: if (request.user.is_authenticated and request.user.id != requesting_user.id): message = _("%(user)s, your link has expired. " "Please request new link and try again.") message = message % {'user': requesting_user.username} raise ResetError(message) if not is_password_change_token_valid(requesting_user, token): message = _("%(user)s, your link is invalid. " "Please try again or request new link.") message = message % {'user': requesting_user.username} raise ResetError(message) ban = get_user_ban(requesting_user) if ban: raise Banned(ban) except ResetError as e: return render(request, 'misago/forgottenpassword/error.html', { 'message': e.args[0], }, status=400) api_url = reverse('misago:api:change-forgotten-password', kwargs={ 'pk': pk, 'token': token, }) request.frontend_context['CHANGE_PASSWORD_API'] = api_url return render(request, 'misago/forgottenpassword/form.html')
def reset_password_form(request, user_id, token): User = get_user_model() requesting_user = get_object_or_404(User.objects, pk=user_id) try: if (request.user.is_authenticated() and request.user.id != requesting_user.id): message = _("%(user)s, your link has expired. " "Please request new link and try again.") message = message % {'user': requesting_user.username} raise ResetError(message) if not is_password_change_token_valid(requesting_user, token): message = _("%(user)s, your link is invalid. " "Please try again or request new link.") message = message % {'user': requesting_user.username} raise ResetError(message) ban = get_user_ban(requesting_user) if ban: raise Banned(ban) except ResetError as e: return render(request, 'misago/forgottenpassword/error.html', { 'message': e.args[0], }, status=400) api_url = reverse('misago:api:change_forgotten_password', kwargs={ 'user_id': user_id, 'token': token, }) request.frontend_context['CHANGE_PASSWORD_API_URL'] = api_url return render(request, 'misago/forgottenpassword/form.html')
def change_forgotten_password(request, user_id, token): User = auth.get_user_model() invalid_message = _("Form link is invalid. Please try again.") try: user = User.objects.get(pk=user_id) if request.is_authenticated() and request.user.id != user.id: raise User.DoesNotExist() except User.DoesNotExist: return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def change_forgotten_password(request, pk, token): """ POST /auth/change-password/user/token/ with CSRF and new password will change forgotten password """ invalid_message = _("Form link is invalid. Please try again.") expired_message = _("Your link has expired. Please request new one.") try: try: user = UserModel.objects.get(pk=pk, is_active=True) except UserModel.DoesNotExist: raise PasswordChangeFailed(invalid_message) if request.user.is_authenticated and request.user.id != user.id: raise PasswordChangeFailed(invalid_message) if not is_password_change_token_valid(user, token): raise PasswordChangeFailed(invalid_message) if user.requires_activation: raise PasswordChangeFailed(expired_message) if get_user_ban(user): raise PasswordChangeFailed(expired_message) except PasswordChangeFailed as e: return Response( { 'detail': e.args[0], }, status=status.HTTP_400_BAD_REQUEST, ) try: new_password = request.data.get('password', '') validate_password(new_password, user=user) user.set_password(new_password) user.save() except ValidationError as e: return Response( { 'detail': e.messages[0], }, status=status.HTTP_400_BAD_REQUEST, ) return Response({'username': user.username})
def change_forgotten_password(request, pk, token): """ POST /auth/change-password/user/token/ with CSRF and new password will change forgotten password """ invalid_message = _("Form link is invalid. Please try again.") expired_message = _("Your link has expired. Please request new one.") try: try: user = UserModel.objects.get(pk=pk, is_active=True) except UserModel.DoesNotExist: raise PasswordChangeFailed(invalid_message) if request.user.is_authenticated and request.user.id != user.id: raise PasswordChangeFailed(invalid_message) if not is_password_change_token_valid(user, token): raise PasswordChangeFailed(invalid_message) if user.requires_activation: raise PasswordChangeFailed(expired_message) if get_user_ban(user): raise PasswordChangeFailed(expired_message) except PasswordChangeFailed as e: return Response( { 'detail': e.args[0], }, status=status.HTTP_400_BAD_REQUEST, ) try: new_password = request.data.get('password', '') validate_password(new_password, user=user) user.set_password(new_password) user.save() except ValidationError as e: return Response( { 'detail': e.messages[0], }, status=status.HTTP_400_BAD_REQUEST, ) return Response({'username': user.username})
def decorator(request, *args, **kwargs): if 'user_id' in kwargs: User = get_user_model() user = get_object_or_404(User.objects, pk=kwargs.pop('user_id')) kwargs['user'] = user if not is_password_change_token_valid(user, kwargs['token']): message = _("Your link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) return f(request, *args, **kwargs)
def decorator(request, *args, **kwargs): if 'user_id' in kwargs: User = get_user_model() user = get_object_or_404(User.objects, pk=kwargs.pop('user_id')) kwargs['user'] = user if not is_password_change_token_valid(user, kwargs['token']): message = _("Your link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) return f(request, *args, **kwargs)
def change_forgotten_password(request, user_id, token): User = auth.get_user_model() invalid_message = _("Form link is invalid. Please try again.") expired_message = _("Your link has expired. Please request new one.") try: try: user = User.objects.get(pk=user_id) except User.DoesNotExist: raise PasswordChangeFailed(invalid_message) if request.user.is_authenticated() and request.user.id != user.id: raise PasswordChangeFailed(invalid_message) if not is_password_change_token_valid(user, token): raise PasswordChangeFailed(invalid_message) if user.requires_activation: raise PasswordChangeFailed(expired_message) if get_user_ban(user): raise PasswordChangeFailed(expired_message) except PasswordChangeFailed as e: return Response({ 'detail': e.args[0] }, status=status.HTTP_400_BAD_REQUEST) try: new_password = request.data.get('password', '').strip() validate_password(new_password) user.set_password(new_password) user.save() except ValidationError as e: return Response({ 'detail': e.messages[0] }, status=status.HTTP_400_BAD_REQUEST) return Response({ 'username': user.username })
def reset_password_form(request, pk, token): requesting_user = get_object_or_404(get_user_model(), pk=pk, is_active=True) try: if (request.user.is_authenticated and request.user.id != requesting_user.id): message = _( "%(user)s, your link has expired. Please request new link and try again." ) raise ResetError(message % {'user': requesting_user.username}) if not is_password_change_token_valid(requesting_user, token): message = _( "%(user)s, your link is invalid. Please try again or request new link." ) raise ResetError(message % {'user': requesting_user.username}) ban = get_user_ban(requesting_user) if ban: raise Banned(ban) except ResetError as e: return render(request, 'misago/forgottenpassword/error.html', { 'message': e.args[0], }, status=400) request.frontend_context['store'].update({ 'forgotten_password': { 'id': pk, 'token': token, }, }) return render(request, 'misago/forgottenpassword/form.html')
def validate_token(self, value): if not is_password_change_token_valid(self.instance, value): raise ValidationError( _("Form link is invalid or expired. Please try again.")) return value