def _enforce_password_policy_compliance(request, user): try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, six.text_type(e)) except password_policy_compliance.NonCompliantPasswordException as e: send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(six.text_type(e)))
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login(user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, str(e)) except password_policy_compliance.NonCompliantPasswordException as e: AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from
def save( self, # pylint: disable=arguments-differ use_https=False, token_generator=default_token_generator, request=None, **_kwargs): """ Generates a one-use only link for resetting password and sends to the user. """ for user in self.users_cache: if self.is_account_recovery: send_password_reset_email_for_user(user, request) else: send_account_recovery_email_for_user( user, request, user.account_recovery.secondary_email)
def _enforce_password_policy_compliance(request, user): # lint-amnesty, pylint: disable=missing-function-docstring try: password_policy_compliance.enforce_compliance_on_login( user, request.POST.get('password')) except password_policy_compliance.NonCompliantPasswordWarning as e: # Allow login, but warn the user that they will be required to reset their password soon. PageLevelMessages.register_warning_message(request, HTML(str(e))) except password_policy_compliance.NonCompliantPasswordException as e: # Increment the lockout counter to safguard from further brute force requests # if user's password has been compromised. if LoginFailures.is_feature_enabled(): LoginFailures.increment_lockout_counter(user) AUDIT_LOG.info("Password reset initiated for email %s.", user.email) send_password_reset_email_for_user(user, request) # Prevent the login attempt. raise AuthFailedError(HTML(str(e)), error_code=e.__class__.__name__) # lint-amnesty, pylint: disable=raise-missing-from