def password_upsell(request): # safety check - users who already have passwords can't use this flow if request.user.has_usable_password() and request.method == 'GET': msg = _('Password Already Set') messages.info(request, msg) return HttpResponseRedirect(reverse_lazy('dashboard')) form = SetPWForm() if request.method == 'POST': form = SetPWForm(data=request.POST) if form.is_valid(): pw = form.cleaned_data['password'] user = request.user user.set_password(pw) user.save() msg = _('Password Set') messages.success(request, msg) # (Re)login the user, since setting password logs them out user = authenticate(email=user.email, password=pw) login(request, user) return HttpResponseRedirect(reverse_lazy('dashboard')) return {'form': form}
def password_upsell(request): # safety check - users who already have passwords can't use this flow if request.user.has_usable_password() and request.method == 'GET': msg = _('Password Already Set') messages.info(request, msg) return HttpResponseRedirect(reverse_lazy('dashboard')) form = SetPWForm() if request.method == 'POST': form = SetPWForm(data=request.POST) if form.is_valid(): pw = form.cleaned_data['password'] user = request.user user.set_password(pw) user.save() msg = _('Password Set') messages.success(request, msg) # (Re)login the user, since setting password logs them out user = authenticate(email=user.email, password=pw) login(request, user) return HttpResponseRedirect(reverse_lazy('dashboard')) return { 'form': form, 'is_input_page': True, }
def reset_pw(request, verif_code): ''' Page you arrive on after clicking a link to (re)set your password ''' sent_email = get_object_or_404(SentEmail, verif_code=verif_code) if now() - sent_email.sent_at > timedelta(hours=72): msg = _('Sorry, that link has expired. Please try again.') messages.warning(request, msg) return HttpResponseRedirect(reverse_lazy('forgot_password')) if sent_email.verified_at and (now() - sent_email.verified_at > timedelta(minutes=60)): msg = _('Sorry, that was already used. Please try again.') messages.warning(request, msg) return HttpResponseRedirect(reverse_lazy('forgot_password')) else: form = SetPWForm() if request.method == 'POST': form = SetPWForm(data=request.POST) if form.is_valid(): sent_email.verify_user_email(request) password = form.cleaned_data['password'] auth_user = sent_email.auth_user auth_user.set_password(password) auth_user.save() msg = _('Your password has been set.') messages.success(request, msg) # login user user_to_login = authenticate(email=auth_user.email, password=password) login(request, user_to_login) # Log the login LoggedLogin.record_login(request) # All done return HttpResponseRedirect(reverse_lazy('dashboard')) return { # 'user': sent_email.auth_user, 'form': form, 'verif_code': verif_code, 'is_input_page': True, }
def set_new_password(request): if request.user.is_authenticated(): msg = _( '''You're already logged in. You must <a href="/logout/">logout</a> before you can reset your password.''' ) messages.error(request, msg, extra_tags='safe') return HttpResponseRedirect(reverse_lazy('home')) # none of these things *should* ever happen, hence the cryptic error message (to figure out how that's possible) email_auth_token_id = request.session.get('email_auth_token_id') if not email_auth_token_id: msg = _('Token cookie not found. Please generate a new link.') messages.warning(request, msg) return HttpResponseRedirect(reverse_lazy('request_new_password')) ea_token = get_object_or_None(EmailAuthToken, id=email_auth_token_id) if not ea_token: msg = _('Token not found. Please generate a new link.') messages.warning(request, msg) return HttpResponseRedirect(reverse_lazy('request_new_password')) if ea_token.key_deleted_at: msg = _('Token deleted. Please generate a new link.') messages.warning(request, msg) return HttpResponseRedirect( reverse_lazy('request_new_password') + '?e=' + ea_token.auth_user.email) if not ea_token.key_used_at: msg = _('Site error. Please generate a new link.') messages.warning(request, msg) return HttpResponseRedirect( reverse_lazy('request_new_password') + '?e=' + ea_token.auth_user.email) if now() - ea_token.key_used_at > timedelta(minutes=15): msg = _('Time limit expired. Please generate a new link.') messages.warning(request, msg) return HttpResponseRedirect( reverse_lazy('request_new_password') + '?e=' + ea_token.auth_user.email) else: # We're good to go! form = SetPWForm() if request.method == 'POST': form = SetPWForm(data=request.POST) if form.is_valid(): new_pw = form.cleaned_data['newpassword'] user = ea_token.auth_user user.set_password(new_pw) user.save() # login user user_to_login = authenticate(username=user.username, password=new_pw) login(request, user_to_login) LoggedLogin.record_login(request) # delete the token from the session del request.session['email_auth_token_id'] merchant = user.get_merchant() if merchant: api_cred = merchant.get_api_credential() if api_cred: try: if api_cred.get_balance() > SATOSHIS_PER_BTC: merchant.disable_all_credentials() # TODO: poor UX, but let's wait until we actually have people doing this msg = _( 'Your API credentials were unlinked from your CoinSafe account for safety, please link your wallet again in order to sell bitcoin to customers.' ) messages.success(request, msg) except Exception as e: # TODO: log these somewhere when people start using this feature print 'Error was: %s' % e # Mark this + all other tokens for that user as expired ea_token.expire_outstanding_tokens() msg = _('Password succesfully updated.') messages.success(request, msg) return HttpResponseRedirect(reverse_lazy('customer_dashboard')) return {'form': form}