def send_password_form(request):
"""
POST /auth/send-password-form/ with CSRF token and email
will mail change password form link to requester
"""
form = ResetPasswordForm(request.data)
if form.is_valid():
requesting_user = form.user_cache
mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
'user': requesting_user.username,
'forum_name': settings.forum_name,
}
confirmation_token = make_password_change_token(requesting_user)
mail_user(
request,
requesting_user,
mail_subject,
'misago/emails/change_password_form_link',
{
'confirmation_token': confirmation_token,
},
)
return Response({
'username': form.user_cache.username,
'email': form.user_cache.email,
})
else:
return Response(
form.get_errors_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
def change_forgotten_password(request, user_id, token):
User = auth.get_user_model()
try:
user = User.objects.get(pk=user_id)
except User.DoesNotExist:
message = _("Form link is invalid. Please try again.")
return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST)
if not is_password_change_token_valid(user, token):
message = _("Form link is invalid. Please try again.")
return Response({'detail': message},
status=status.HTTP_400_BAD_REQUEST)
try:
form = ResetPasswordForm()
form.confirm_allowed(user)
except ValidationError:
message = _("Your link has expired. Please request new one.")
return Response({'detail': message},
status=status.HTTP_400_BAD_REQUEST)
if request.method == 'POST':
return process_forgotten_password_form(request, user)
else:
return Response({
'username': user.username,
'email': user.email
})
def request_reset(request):
form = ResetPasswordForm()
if request.method == "POST":
form = ResetPasswordForm(request.POST)
if form.is_valid():
requesting_user = form.user_cache
request.session["reset_password_link_sent_to"] = requesting_user.pk
mail_subject = _("Change %(user)s password " "on %(forum_title)s forums")
subject_formats = {"user": requesting_user.username, "forum_title": settings.forum_name}
mail_subject = mail_subject % subject_formats
confirmation_token = make_password_reset_token(requesting_user)
mail_user(
request,
requesting_user,
mail_subject,
"misago/emails/change_password_form_link",
{"confirmation_token": confirmation_token},
)
return redirect("misago:reset_password_link_sent")
return render(request, "misago/forgottenpassword/request.html", {"form": form})
def send_password_form(request):
form = ResetPasswordForm(request.data)
if form.is_valid():
requesting_user = form.user_cache
mail_subject = _("Change %(user)s password on %(forum_name)s forums")
subject_formats = {
'user': requesting_user.username,
'forum_name': settings.forum_name,
}
mail_subject = mail_subject % subject_formats
confirmation_token = make_password_change_token(requesting_user)
mail_user(request, requesting_user, mail_subject,
'misago/emails/change_password_form_link',
{'confirmation_token': confirmation_token})
return Response({
'username': form.user_cache.username,
'email': form.user_cache.email
})
else:
return Response(form.get_errors_dict(),
status=status.HTTP_400_BAD_REQUEST)
def send_link(request):
form = ResetPasswordForm(request.DATA)
if form.is_valid():
requesting_user = form.user_cache
mail_subject = _("Change %(user)s password "
"on %(forum_title)s forums")
subject_formats = {
'user': requesting_user.username,
'forum_title': settings.forum_name
}
mail_subject = mail_subject % subject_formats
confirmation_token = make_password_change_token(requesting_user)
mail_user(request, requesting_user, mail_subject,
'misago/emails/change_password_form_link',
{'confirmation_token': confirmation_token})
return Response({
'username': form.user_cache.username,
'email': form.user_cache.email
})
else:
return Response(form.get_errors_dict(),
status=status.HTTP_400_BAD_REQUEST)
def request_reset(request):
form = ResetPasswordForm()
if request.method == 'POST':
form = ResetPasswordForm(request.POST)
if form.is_valid():
requesting_user = form.user_cache
request.session['reset_password_link_sent_to'] = requesting_user.pk
mail_subject = _("Change %(user)s password "
"on %(forum_title)s forums")
subject_formats = {
'user': requesting_user.username,
'forum_title': settings.forum_name
}
mail_subject = mail_subject % subject_formats
confirmation_token = make_password_reset_token(requesting_user)
mail_user(request, requesting_user, mail_subject,
'misago/emails/change_password_form_link',
{'confirmation_token': confirmation_token})
return redirect('misago:reset_password_link_sent')
return render(request, 'misago/forgottenpassword/request.html',
{'form': form})
def change_forgotten_password(request, user_id, token):
User = auth.get_user_model()
invalid_message = _("Form link is invalid. Please try again.")
try:
user = User.objects.get(pk=user_id)
if request.is_authenticated() and request.user.id != user.id:
raise User.DoesNotExist()
except User.DoesNotExist:
return Response({'detail': invalid_message},
status=status.HTTP_400_BAD_REQUEST)
if not is_password_change_token_valid(user, token):
return Response({'detail': invalid_message},
status=status.HTTP_400_BAD_REQUEST)
try:
form = ResetPasswordForm()
form.confirm_allowed(user)
except ValidationError:
message = _("Your link has expired. Please request new one.")
return Response({'detail': message},
status=status.HTTP_400_BAD_REQUEST)
if request.method == 'POST':
return process_forgotten_password_form(request, user)
else:
return Response({
'username': user.username,
'email': user.email
})
def send_password_form(request):
"""
POST /auth/send-password-form/ with CSRF token and email
will mail change password form link to requester
"""
form = ResetPasswordForm(request.data)
if form.is_valid():
requesting_user = form.user_cache
mail_subject = _("Change %(user)s password on %(forum_name)s forums") % {
'user': requesting_user.username,
'forum_name': settings.forum_name,
}
confirmation_token = make_password_change_token(requesting_user)
mail_user(
request,
requesting_user,
mail_subject,
'misago/emails/change_password_form_link',
{
'confirmation_token': confirmation_token,
},
)
return Response({
'username': form.user_cache.username,
'email': form.user_cache.email,
})
else:
return Response(
form.get_errors_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
def decorator(request, *args, **kwargs):
if 'user_id' in kwargs:
User = get_user_model()
user = get_object_or_404(User.objects, pk=kwargs.pop('user_id'))
kwargs['user'] = user
if not is_password_change_token_valid(user, kwargs['token']):
message = _("Your link is invalid. Please try again.")
return Response({'detail': message},
status=status.HTTP_404_NOT_FOUND)
try:
form = ResetPasswordForm()
form.confirm_allowed(user)
except ValidationError:
message = _("Your link has expired. Please request new one.")
return Response({'detail': message},
status=status.HTTP_404_NOT_FOUND)
return f(request, *args, **kwargs)
def decorator(request, *args, **kwargs):
if 'user_id' in kwargs:
User = get_user_model()
user = get_object_or_404(User.objects, pk=kwargs.pop('user_id'))
kwargs['user'] = user
if not is_password_change_token_valid(user, kwargs['token']):
message = _("Your link is invalid. Please try again.")
return Response({'detail': message},
status=status.HTTP_404_NOT_FOUND)
try:
form = ResetPasswordForm()
form.confirm_allowed(user)
except ValidationError:
message = _("Your link has expired. Please request new one.")
return Response({'detail': message},
status=status.HTTP_404_NOT_FOUND)
return f(request, *args, **kwargs)
