def recover_confirm(request, user_id, hash): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: context = {} tpl = "sentry/account/recover/failure.html" else: tpl = "sentry/account/recover/confirm.html" if request.method == "POST": form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): user.set_password(form.cleaned_data["password"]) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate(username=user.username, password=form.cleaned_data["password"]) login_user(request, user) password_hash.delete() return login_redirect(request) else: form = ChangePasswordRecoverForm() context = {"form": form} return render_to_response(tpl, context, request)
def recover_confirm(request, user_id, hash): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: context = {} tpl = 'sentry/account/recover/failure.html' else: tpl = 'sentry/account/recover/confirm.html' if request.method == 'POST': form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): with transaction.atomic(): user.set_password(form.cleaned_data['password']) user.refresh_session_nonce(request) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate( username=user.username, password=form.cleaned_data['password'], ) login_user(request, user) password_hash.delete() capture_security_activity( account=user, type='password-changed', actor=request.user, ip_address=request.META['REMOTE_ADDR'], send_email=True, ) return login_redirect(request) else: form = ChangePasswordRecoverForm() context = { 'form': form, } return render_to_response(tpl, context, request)
def recover_confirm(request, user_id, hash, mode='recover'): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: tpl = get_template('failure', mode) return render_to_response(tpl, {}, request) if request.method == 'POST': form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): with transaction.atomic(): user.set_password(form.cleaned_data['password']) user.refresh_session_nonce(request) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate( username=user.username, password=form.cleaned_data['password'], ) # Only log the user in if there is no two-factor on the # account. if not Authenticator.objects.user_has_2fa(user): login_user(request, user) password_hash.delete() capture_security_activity( account=user, type='password-changed', actor=request.user, ip_address=request.META['REMOTE_ADDR'], send_email=True, ) return login_redirect(request) else: form = ChangePasswordRecoverForm() tpl = get_template('confirm', mode) context = {'form': form} return render_to_response(tpl, context, request)
def recover_confirm(request, user_id, hash, mode='recover'): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: tpl = get_template('failure', mode) return render_to_response(tpl, {}, request) if request.method == 'POST': form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): with transaction.atomic(): user.set_password(form.cleaned_data['password']) user.refresh_session_nonce(request) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate( username=user.username, password=form.cleaned_data['password'], ) login_user(request, user) password_hash.delete() capture_security_activity( account=user, type='password-changed', actor=request.user, ip_address=request.META['REMOTE_ADDR'], send_email=True, ) return login_redirect(request) else: form = ChangePasswordRecoverForm() tpl = get_template('confirm', mode) context = {'form': form} return render_to_response(tpl, context, request)
def recover_confirm(request, user_id, hash, mode="recover"): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: return render_to_response(get_template(mode, "failure"), {}, request) if request.method == "POST": form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): with transaction.atomic(): user.set_password(form.cleaned_data["password"]) user.refresh_session_nonce(request) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate(username=user.username, password=form.cleaned_data["password"]) # Only log the user in if there is no two-factor on the # account. if not Authenticator.objects.user_has_2fa(user): login_user(request, user) password_hash.delete() capture_security_activity( account=user, type="password-changed", actor=request.user, ip_address=request.META["REMOTE_ADDR"], send_email=True, ) return login_redirect(request) else: form = ChangePasswordRecoverForm() return render_to_response(get_template(mode, "confirm"), {"form": form}, request)
def recover_confirm(request, user_id, hash): try: password_hash = LostPasswordHash.objects.get(user=user_id, hash=hash) if not password_hash.is_valid(): password_hash.delete() raise LostPasswordHash.DoesNotExist user = password_hash.user except LostPasswordHash.DoesNotExist: context = {} tpl = 'sentry/account/recover/failure.html' else: tpl = 'sentry/account/recover/confirm.html' if request.method == 'POST': form = ChangePasswordRecoverForm(request.POST) if form.is_valid(): user.set_password(form.cleaned_data['password']) user.refresh_session_nonce(request) user.save() # Ugly way of doing this, but Django requires the backend be set user = authenticate( username=user.username, password=form.cleaned_data['password'], ) login_user(request, user) password_hash.delete() return login_redirect(request) else: form = ChangePasswordRecoverForm() context = { 'form': form, } return render_to_response(tpl, context, request)