def save(self, *args, **kwargs):
request = self.context.get('request')
current_site = get_current_site(request)
email = self.validated_data["email"]
user = UserModel.objects.get(email__iexact=email)
token_generator = kwargs.get("token_generator",
default_token_generator)
temp_key = token_generator.make_token(user)
path = "/reset-password/{}/{}".format(user_pk_to_url_str(user),
temp_key)
url = request.build_absolute_uri(path)
context = {
"current_site": current_site,
"user": user,
"password_reset_url": url,
"request": request
}
get_adapter().send_mail('account/email/password_reset_key', email,
context)
return email
def post(self, request, **kwargs):
email = request.data.get('email')
try:
email_address = CachedEmailAddress.cached.get(email=email)
except CachedEmailAddress.DoesNotExist:
# return 200 here because we don't want to expose information about which emails we know about
return self.get_response()
# email rate limiting
send_email = False
current_time = datetime.datetime.now()
last_request_time = email_address.get_last_forgot_password_sent_time()
if last_request_time is None:
send_email = True
else:
time_delta = current_time - last_request_time
if time_delta > RATE_LIMIT_DELTA:
send_email = True
if not send_email:
return Response("Forgot password request limit exceeded. Please check your"
+ " inbox for an existing message or wait to retry.",
status=status.HTTP_429_TOO_MANY_REQUESTS)
email_address.set_last_forgot_password_sent_time(datetime.datetime.now())
#
# taken from allauth.account.forms.ResetPasswordForm
#
# fetch user from database directly to avoid cache
UserCls = get_user_model()
try:
user = UserCls.objects.get(pk=email_address.user_id)
except UserCls.DoesNotExist:
return self.get_response()
temp_key = default_token_generator.make_token(user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user),
key=temp_key)
badgrapp = BadgrApp.objects.get_current(request=request)
api_path = reverse('{version}_api_auth_forgot_password'.format(version=request.version))
reset_url = "{origin}{path}?token={token}&a={badgrapp}".format(
origin=OriginSetting.HTTP,
path=api_path,
token=token,
badgrapp=badgrapp.id
)
email_context = {
"site": get_current_site(request),
"user": user,
"password_reset_url": reset_url,
}
get_adapter().send_mail('account/email/password_reset_key', email, email_context)
return self.get_response()
def get_email_confirmation_url(self,
request,
emailconfirmation,
signup=False):
url_name = "v1_api_user_email_confirm"
temp_key = default_token_generator.make_token(
emailconfirmation.email_address.user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(
emailconfirmation.email_address.user),
key=temp_key)
activate_url = OriginSetting.HTTP + reverse(
url_name, kwargs={'confirm_id': emailconfirmation.key})
badgrapp = BadgrApp.objects.get_current(request=request)
tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format(
url=activate_url, token=token, badgrapp=badgrapp.id)
# Add source and signup query params to the confimation url
if request:
source = None
if hasattr(request, 'data'):
source = request.data.get('source', None)
elif hasattr(request, 'session'):
source = request.session.get('source', None)
if source:
tokenized_activate_url = set_url_query_params(
tokenized_activate_url, source=source)
if signup:
tokenized_activate_url = set_url_query_params(
tokenized_activate_url, signup="true")
return tokenized_activate_url
def save(self, request, **kwargs):
# c/p from parent class, only needed to change the URL in the email
email = self.cleaned_data["email"]
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
current_site = Site.objects.get_current()
# send the password reset email
path = reverse("artist_dashboard:reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(request, path,
protocol=app_settings.DEFAULT_HTTP_PROTOCOL)
context = {"site": current_site,
"user": user,
"password_reset_url": url}
if app_settings.AUTHENTICATION_METHOD \
!= app_settings.AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter().send_mail('account/email/password_reset_key',
email,
context)
return self.cleaned_data["email"]
def save(self, request, **kwargs):
current_site = get_current_site(request)
email = self.validated_data['email']
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(
request, path)
context = {"current_site": current_site,
"user": user,
"password_reset_url": url,
"request": request}
if app_settings.AUTHENTICATION_METHOD \
!= AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter(request).send_mail(
'account/email/password_reset_key',
email,
context)
def handle(self, *args, **options):
users = []
for email in options['emails']:
user_match = User.objects.filter(email=email)
if user_match and len(user_match) == 1:
users.append(user_match[0])
else:
continue
messages = []
for user in users:
token = default_token_generator.make_token(user)
login_path = reverse('token_login',
kwargs={'uidb36': user_pk_to_url_str(user),
'token': token})
current_site = Site.objects.get_current()
site_config = SiteConfig.objects.get(site=current_site)
login_url = 'https://{}{}'.format(current_site.domain, login_path)
subject = ('Your {} data: Download or share with '
'Open Humans!'.format(current_site.name))
if site_config.invite_email_subject:
subject = site_config.invite_email_subject
context = {'login_url': login_url, 'site': current_site }
content = render_to_string('datareturn/email/invite.txt', context)
send_mail(subject, content, settings.DEFAULT_FROM_EMAIL, [user.email])
def get_serializer_context(self):
user = self.request.user
if not user.pk:
return
uid = user_pk_to_url_str(user)
token = default_token_generator.make_token(user)
password_reset_urls = app_settings.PASSWORD_RESET_URLS
password_reset_url = password_reset_urls.get('default')
domain = get_current_site(self.request).domain
if getattr(self, 'swagger_fake_view', False):
organization_pk, organization_slug = None, None # pragma: no cover
else:
organization_pk = self.organization.pk
organization_slug = self.organization.slug
org_radius_settings = self.organization.radius_settings
if org_radius_settings.password_reset_url:
password_reset_url = org_radius_settings.password_reset_url
else:
password_reset_url = password_reset_urls.get(
str(organization_pk), password_reset_url)
password_reset_url = password_reset_url.format(
organization=organization_slug, uid=uid, token=token, site=domain)
context = {
'request': self.request,
'password_reset_url': password_reset_url
}
return context
def save(self, request, **kwargs):
email = self.cleaned_data["email"]
last_name = self.data.get('last_name')
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(request, path)
context = {
"last_name": last_name,
"password_reset_url": url,
}
if app_settings.AUTHENTICATION_METHOD \
!= 'email':
context['username'] = user_username(user)
get_adapter(request).send_mail('account/email/password_reset_key',
email, context)
return self.cleaned_data["email"]
def __init__(self, *args, **kwargs):
self.uidb = "zz"
super(MemberResetPasswordKeyForm, self).__init__(*args, **kwargs)
if self.user:
from allauth.account.utils import user_pk_to_url_str
self.uidb = user_pk_to_url_str(self.user)
def test_login_on_confirm(self):
user = self._create_user()
email = EmailAddress.objects.create(user=user,
email='*****@*****.**',
verified=False,
primary=True)
key = EmailConfirmationHMAC(email).key
receiver_mock = Mock() # we've logged if signal was called
user_logged_in.connect(receiver_mock)
# fake post-signup account_user stash
session = self.client.session
session['account_user'] = user_pk_to_url_str(user)
session.save()
resp = self.client.post(reverse('account_confirm_email', args=[key]))
email = EmailAddress.objects.get(pk=email.pk)
self.assertTrue(email.verified)
receiver_mock.assert_called_once_with(
sender=get_user_model(),
request=resp.wsgi_request,
response=resp,
user=get_user_model().objects.get(username='******'),
signal=user_logged_in,
)
user_logged_in.disconnect(receiver_mock)
def get_password_confirmation_url(self, request, user, token=None):
"""Constructs the password confirmation (reset) url.
"""
token_key = (
self.default_token_generator.make_token(user)
if token is None else token
)
if self.is_api:
# TODO: ASK MARK WHAT THIS SHOULD BE?!?
path = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format(
key=token_key, uid=rest_encode_user_pk(user)
)
else:
path = reverse(
"account_reset_password_from_key",
kwargs={
"key": token_key, "uidb36": user_pk_to_url_str(user)
},
)
if self.is_api and "HTTP_ORIGIN" in request.META:
# request originates from a client on a different domain...
url = urljoin(request.META['HTTP_ORIGIN'], path)
else:
url = build_absolute_uri(request, path)
return url
def save(self, request, **kwargs):
current_site = get_current_site(request)
email = self.cleaned_data["email"]
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
path = reverse("customer:account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(
request, path)
context = {"current_site": current_site,
"user": user,
"password_reset_url": url,
"request": request}
if AUTHENTICATION_METHOD \
!= AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter(request).send_mail(
'account/email/password_reset_key',
email,
context)
return self.cleaned_data["email"]
def test_pk_to_url_string_identifies_UUID_as_stringlike(self):
'''Test pk to url string identifies UUID as a string.'''
user = self.UUIDUser(is_active=True,
email='*****@*****.**',
username='******')
self.assertEquals(user_pk_to_url_str(user), str(user.pk))
def password_reset(request):
''' A modified version of password_reset view from account.views.
Can be removed once we get emails in the user table unique.
'''
form_class=PasswordResetForm
if 'POST' == request.method:
form = form_class(request.POST)
else:
form = form_class()
if form.is_valid():
#user = UserModel.objects.get(email=form.cleaned_data['email'])
username = form.cleaned_data['username']
email = form.cleaned_data['email']
hostname = Site.objects.get_current().domain
user = User.objects.get(username__in=expanded_username_list(username.lower()), email=email)
temp_key = default_token_generator.make_token(user)
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(request, path, protocol=DEFAULT_HTTP_PROTOCOL)
args = {'domain': hostname, 'url': url, 'user': user}
if email_template(user.email, 'account/mail/password_reset', **args):
#return message(request, 'Check the mail please')
return render_to_response(request, 'auth/password_reset_request_done.html')
else:
msg = ('Unfortunately we could not send you email '
'in current time. Please, try later')
return message_view(request, msg)
return {'form': form}
def save(self, request, **kwargs):
if 'allauth' not in settings.INSTALLED_APPS:
return super().save(request, **kwargs)
# for allauth
current_site = get_current_site(request)
email = self.cleaned_data['email']
token_generator = kwargs.get('token_generator',
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
path = reverse(
'password_reset_confirm',
args=[user_pk_to_url_str(user), temp_key],
)
url = build_absolute_uri(request, path)
context = {
'current_site': current_site,
'user': user,
'password_reset_url': url,
'request': request,
}
if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter(request).send_mail('account/email/password_reset_key',
email, context)
return self.cleaned_data['email']
def get_password_reset_url(self, request, user):
temp_key = default_token_generator.make_token(user)
path = reverse(
"account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key),
)
return request.build_absolute_uri(path)
def save(self, request, **kwargs):
email = self.cleaned_data["email"]
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
current_site = get_current_site(request)
# send the password reset email
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(
request, path,
protocol=app_settings.DEFAULT_HTTP_PROTOCOL)
context = {"site": current_site,
"user": user,
"password_reset_url": url,
"request": request}
if app_settings.AUTHENTICATION_METHOD \
!= AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter().send_mail('account/email/password_reset_key',
email,
context)
return self.cleaned_data["email"]
def password_reset_kwargs(user):
from allauth.account.forms import EmailAwarePasswordResetTokenGenerator
from allauth.account.utils import user_pk_to_url_str
default_token_generator = EmailAwarePasswordResetTokenGenerator()
return dict(uidb36=user_pk_to_url_str(user),
key=default_token_generator.make_token(user))
def _generate_uid_and_token(self, user):
result = {}
if 'allauth' in settings.INSTALLED_APPS:
from allauth.account.forms import default_token_generator
from allauth.account.utils import user_pk_to_url_str
result['uid'] = user_pk_to_url_str(user)
else:
from django.utils.encoding import force_bytes
from django.contrib.auth.tokens import default_token_generator
from django.utils.http import urlsafe_base64_encode
result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
result['token'] = default_token_generator.make_token(user)
return result
def get_user_tokens(self):
users_with_data = []
for data_file in DataFile.objects.all():
if data_file.user not in users_with_data:
users_with_data.append(data_file.user)
users_and_tokens = []
for user in users_with_data:
token = default_token_generator.make_token(user)
login_path = reverse('token_login',
kwargs={'uidb36': user_pk_to_url_str(user),
'token': token})
login_url = self.request.build_absolute_uri(login_path)
users_and_tokens.append([user, login_url])
return users_and_tokens
def get_email_confirmation_url(self, request, emailconfirmation):
url_name = "v1_api_user_email_confirm"
temp_key = default_token_generator.make_token(
emailconfirmation.email_address.user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(
emailconfirmation.email_address.user),
key=temp_key)
activate_url = OriginSetting.HTTP + reverse(
url_name, kwargs={'confirm_id': emailconfirmation.key})
badgrapp = BadgrApp.objects.get_current(request=request)
tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format(
url=activate_url, token=token, badgrapp=badgrapp.id)
return tokenized_activate_url
def get_email_confirmation_url(self, request, emailconfirmation):
url_name = "v1_api_user_email_confirm"
temp_key = default_token_generator.make_token(emailconfirmation.email_address.user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(emailconfirmation.email_address.user),
key=temp_key)
activate_url = OriginSetting.HTTP + reverse(url_name, kwargs={'confirm_id': emailconfirmation.key})
badgrapp = BadgrApp.objects.get_current(request=request)
tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format(
url=activate_url,
token=token,
badgrapp=badgrapp.id
)
return tokenized_activate_url
def test_password_reset_flow(self):
user = JobSeekerFactory()
# Ask for password reset.
url = reverse("account_reset_password")
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
post_data = {"email": user.email}
response = self.client.post(url, data=post_data)
args = urlencode({"email": user.email})
next_url = reverse("account_reset_password_done")
self.assertRedirects(response, f"{next_url}?{args}")
# Check sent email.
self.assertEqual(len(mail.outbox), 1)
email = mail.outbox[0]
self.assertIn("Réinitialisation de votre mot de passe", email.subject)
self.assertIn(
"Si vous n'avez pas demandé la réinitialisation de votre mot de passe, vous pouvez ignorer ce message",
email.body,
)
self.assertEqual(email.from_email, settings.DEFAULT_FROM_EMAIL)
self.assertEqual(len(email.to), 1)
self.assertEqual(email.to[0], user.email)
# Change forgotten password.
uidb36 = user_pk_to_url_str(user)
key = default_token_generator.make_token(user)
password_change_url = reverse("account_reset_password_from_key",
kwargs={
"uidb36": uidb36,
"key": key
})
response = self.client.get(password_change_url)
password_change_url_with_hidden_key = response.url
post_data = {
"password1": DEFAULT_PASSWORD,
"password2": DEFAULT_PASSWORD
}
response = self.client.post(password_change_url_with_hidden_key,
data=post_data)
self.assertRedirects(response,
reverse("account_reset_password_from_key_done"))
# User can log in with his new password.
self.assertTrue(
self.client.login(username=user.email, password=DEFAULT_PASSWORD))
self.client.logout()
def save(self):
request = self.context.get('request')
user = self.validated_data['user']
token_generator = PasswordResetTokenGenerator()
temp_key = token_generator.make_token(user)
current_site = get_current_site()
url = request.build_absolute_uri('/accounts/password/reset/key/%s-%s' %
(user_pk_to_url_str(user), temp_key))
context = {
"site": current_site,
"user": user,
"password_reset_url": url
}
get_adapter().send_mail('account/email/password_reset_key', user.email,
context)
def get_password_reset_url(self):
temp_key = default_token_generator.make_token(self)
path = reverse(
"account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(self), key=temp_key),
)
site = get_current_site(request=None)
domain = site.domain
scheme = "http"
if settings.ADSERVER_HTTPS:
scheme = "https"
return "{scheme}://{domain}{path}".format(scheme=scheme,
domain=domain,
path=path)
def get(self, *args, **kwargs):
try:
self.object = self.get_object()
except Http404:
self.object = None
return self.render_to_response(self.get_context_data())
# If user has already confirmed
if self.object.email_address.verified:
return render(self.request, 'account/email_already_confirmed.html',
{'email': self.object.email_address.email})
# If user is currently authenticated but open confirmation email of someone else,
# ask authenticated user to logout first
if self.request.user.is_authenticated and self.request.user != self.object.email_address.user:
activate_url = reverse('account_confirm_email',
args=[self.object.key])
return redirect('%s?flag=confirm_on_authenticated&next=%s' %
(reverse('account_logout'), activate_url))
# Confirm email on GET
self.object.confirm(self.request)
self.object.email_address.set_as_primary()
from allauth.account.utils import user_pk_to_url_str
# Allauth prevent login on email confirmation if confirmation link was opened from another browser session.
get_adapter(self.request).stash_user(
self.request, user_pk_to_url_str(self.object.email_address.user))
self.login_on_confirm(self.object)
user = self.object.email_address.user
email = self.object.email_address.email
existing_emails = EmailAddress.objects.filter(user=user).exclude(
email__iexact=email)
if existing_emails: # Assume that if there's existing email, it means user just change email (not signing up).
# Delete old emails
EmailAddress.objects.filter(user=user).exclude(
primary=True).delete()
messages.success(self.request, _('Email is changed'))
return redirect('users:settings_profile')
return redirect(settings.LOGIN_REDIRECT_URL)
def handle(self, *args, **options):
tester_emails = sys.stdin.read().splitlines()
profiles = (
profiles_models.Profile.objects.select_related("user").filter(
user__password="",
user__is_active=True).annotate(canary_bucket=(models.F("pk") %
10)))
is_tester = models.Q(user__email__in=tester_emails)
is_emea = models.Q(country__in=EMEA_COUNTRIES)
is_canary = models.Q(canary_bucket=0)
phase = options["phase"]
if phase == "phase1":
profiles = profiles.filter(is_tester)
elif phase == "phase2":
profiles = profiles.filter(~is_tester, is_emea, is_canary)
elif phase == "phase3":
profiles = profiles.filter(~is_tester, is_emea, ~is_canary)
elif phase == "phase4":
profiles = profiles.filter(~is_tester, ~is_emea)
token_generator = forms.EmailAwarePasswordResetTokenGenerator()
common_context = {
"protocol": settings.ACCOUNT_DEFAULT_HTTP_PROTOCOL,
"domain": shortcuts.get_current_site(request=None).domain,
}
messages = []
for profile in profiles:
user = profile.user
context = {
"profile": profile,
"uidb36": account_utils.user_pk_to_url_str(user),
"key": token_generator.make_token(user),
**common_context,
}
message = mail.EmailMultiAlternatives(
subject="Announcing the EA Hub 2.0",
body=loader.render_to_string("emails/reactivate.txt", context),
from_email="Michael from LEAN <*****@*****.**>",
to=[email_utils.formataddr((profile.name, user.email))],
)
message.attach_alternative(
loader.render_to_string("emails/reactivate.html", context),
"text/html")
messages.append(message)
mail.get_connection().send_messages(messages)
def post(self, request, **kwargs):
email = request.data.get('email')
try:
email_address = CachedEmailAddress.cached.get(email=email)
except CachedEmailAddress.DoesNotExist:
# return 200 here because we don't want to expose information about which emails we know about
return self.get_response()
#
# taken from allauth.account.forms.ResetPasswordForm
#
# fetch user from database directly to avoid cache
UserCls = get_user_model()
try:
user = UserCls.objects.get(pk=email_address.user_id)
except UserCls.DoesNotExist:
return self.get_response()
temp_key = default_token_generator.make_token(user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user),
key=temp_key)
badgrapp = BadgrApp.objects.get_current(request=request)
api_path = reverse('{version}_api_auth_forgot_password'.format(
version=request.version))
reset_url = "{origin}{path}?token={token}&a={badgrapp}".format(
origin=OriginSetting.HTTP,
path=api_path,
token=token,
badgrapp=badgrapp.id)
email_context = {
"site": get_current_site(request),
"user": user,
"password_reset_url": reset_url,
}
get_adapter().send_mail('account/email/password_reset_key', email,
email_context)
return self.get_response()
def get(self, *args, **kwargs):
try:
self.object = self.get_object()
except Http404:
self.object = None
return self.render_to_response(self.get_context_data())
# If user has already confirmed
if self.object.email_address.verified:
return render(self.request, 'account/email_confirmed.html', {'email': self.object.email_address.email})
# If user is currently authenticated but open confirmation email of someone else,
# ask authenticated user to logout first
if self.request.user.is_authenticated() and self.request.user != self.object.email_address.user:
activate_url = reverse('account_confirm_email', args=[self.object.key])
return redirect('%s?next=%s' % (reverse('account_logout'), activate_url))
# Confirm email on GET
self.object.confirm(self.request)
self.object.email_address.set_as_primary()
from allauth.account.utils import user_pk_to_url_str
# Allauth prevent login on email confirmation if confirmation link was opened from another browser session.
get_adapter(self.request).stash_user(self.request, user_pk_to_url_str(self.object.email_address.user))
self.login_on_confirm(self.object)
user = self.object.email_address.user
email = self.object.email_address.email
existing_emails = EmailAddress.objects.filter(user=user).exclude(email__iexact=email)
if existing_emails: # Assume that if there's existing email, it means user just change email (not signup).
# Delete old emails
EmailAddress.objects.filter(user=user).exclude(primary=True).delete()
messages.success(self.request, u'Email is changed')
return redirect('users:update_account')
return redirect(settings.LOGIN_REDIRECT_URL)
def post(self, request, student):
student = get_object_or_404(
Student,
teacher=request.user,
user__username=student,
)
user = student.user
email = user_email(request.user)
if not email:
messages.error(
request,
"Can not send a password reset link since your account ({}) doesn't have an email address associated with it.".format(request.user.username)
)
return redirect('teachers:teacher')
temp_key = default_token_generator.make_token(user)
path = reverse(
'account_reset_password_from_key',
kwargs={'uidb36': user_pk_to_url_str(user), 'key': temp_key},
)
context = {
'current_site': get_current_site(request),
'user': user,
'password_reset_url': build_absolute_uri(request, path),
'request': request,
'username': user_username(user),
'timeout_days': settings.PASSWORD_RESET_TIMEOUT_DAYS,
}
get_adapter(request).send_mail(
'teachers/email/password_reset_key',
email,
context,
)
messages.success(
request,
"Password reset link for user {user} has been sent to your email address ({email})".format(
user=user, email=email)
)
return redirect('teachers:teacher')
def send_reset_email(self, request):
token_generator = EmailAwarePasswordResetTokenGenerator()
temp_key = token_generator.make_token(self)
link = request.build_absolute_uri(
reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(self),
key=temp_key)))
context = {
"current_site": get_current_site,
"user": request.user,
"password_reset_url": link,
"request": request
}
message = render_to_string("account/email/new_associate_message.txt",
context)
send_mail("Welcome to Effortless Electric",
message,
"from_email", [self.email],
fail_silently=True)
def save(self, request, **kwargs):
from django.contrib.sites.shortcuts import get_current_site
current_site = get_current_site(request)
email = self.cleaned_data["email"]
from django.contrib.auth.tokens import default_token_generator
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
from django.urls import reverse
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
from allauth.utils import build_absolute_uri
url = build_absolute_uri(request, path)
context = {
"current_site": current_site,
"user": user,
"password_reset_url": url,
"request": request
}
from allauth.account import app_settings
if app_settings.AUTHENTICATION_METHOD \
!= app_settings.AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
from allauth.account.adapter import get_adapter
get_adapter(request).send_mail('account/email/password_reset_key',
email, context)
return self.cleaned_data["email"]
def send_reset_link(self, user):
site = get_current_site(request=None)
email = user.email
token_generator = default_token_generator
temp_key = token_generator.make_token(user)
# send the password reset email
path = reverse("account_reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
# Build the url.
# url = build_absolute_uri(
# request, path)
use_https = False
url = '{protocol}://{domain}{path}'.format(
protocol='https' if use_https else 'http',
domain=site.domain,
path=path
)
context = {
"site": site,
"current_site": site,
"user": user,
"password_reset_url": url,
"request": None,
"username": user.email
}
print('Sending to user #"{}"...'.format(user.pk))
subject = render_to_string('users/emails/password_reset_key_subject.txt', context=context).strip()
message = render_to_string('users/emails/password_reset_key_message.txt', context=context)
recipient_list = [email]
send_mail(subject=subject, message=message, from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=recipient_list)
print('...Email sent to "{}"'.format(email))
def test_login_on_confirm_uuid_user(self, mocked_gum, mock_perform_login):
user = UUIDUser(is_active=True,
email='*****@*****.**',
username='******')
# fake post-signup account_user stash
session = self.client.session
session['account_user'] = user_pk_to_url_str(user)
session.save()
# fake email and email confirmation to avoid swappable model hell
email = Mock(verified=False, user=user)
key = 'mockkey'
confirmation = Mock(autospec=EmailConfirmationHMAC, key=key)
confirmation.email_address = email
confirmation.from_key.return_value = confirmation
mock_perform_login.return_value = HttpResponseRedirect(redirect_to='/')
with patch('allauth.account.views.EmailConfirmationHMAC',
confirmation):
self.client.post(reverse('account_confirm_email', args=[key]))
assert mock_perform_login.called
def save(self, request, **kwargs):
current_site = get_current_site(request)
email = self.cleaned_data['email']
token_generator = kwargs.get('token_generator',
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
# send the password reset email
path = reverse(
'password_reset_confirm',
args=[user_pk_to_url_str(user), temp_key],
)
if getattr(settings, 'REST_AUTH_PW_RESET_USE_SITES_DOMAIN',
False) is True:
url = build_absolute_uri(None, path)
else:
url = build_absolute_uri(request, path)
context = {
'current_site': current_site,
'user': user,
'password_reset_url': url,
'request': request,
}
if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter(request).send_mail('account/email/password_reset_key',
email, context)
return self.cleaned_data['email']
def save(self, request, **kwargs):
# context = super(CustomResetPasswordForm, self).save(request, **kwargs)
# print(context, '------------')
email = self.cleaned_data["email"]
token_generator = kwargs.get("token_generator",
default_token_generator)
for user in self.users:
temp_key = token_generator.make_token(user)
# save it to the password reset model
# password_reset = PasswordReset(user=user, temp_key=temp_key)
# password_reset.save()
current_site = get_current_site(request)
# send the password reset email
path = reverse("first_page:reset_password_from_key",
kwargs=dict(uidb36=user_pk_to_url_str(user),
key=temp_key))
url = build_absolute_uri(
request, path,
protocol=app_settings.DEFAULT_HTTP_PROTOCOL)
context = {"site": current_site,
"user": user,
"password_reset_url": url,
"request": request}
if app_settings.AUTHENTICATION_METHOD \
!= app_settings.AuthenticationMethod.EMAIL:
context['username'] = user_username(user)
get_adapter().send_mail('account/email/password_reset_key',
email,
context)
return self.cleaned_data["email"]
def post(self, request, **kwargs):
email = request.data.get('email')
try:
email_address = CachedEmailAddress.cached.get(email=email)
except CachedEmailAddress.DoesNotExist:
# return 200 here because we don't want to expose information about which emails we know about
return self.get_response()
# email rate limiting
send_email = False
current_time = datetime.datetime.now()
last_request_time = email_address.get_last_forgot_password_sent_time()
if last_request_time is None:
send_email = True
else:
time_delta = current_time - last_request_time
if time_delta > RATE_LIMIT_DELTA:
send_email = True
if not send_email:
return Response("Forgot password request limit exceeded. Please check your"
+ " inbox for an existing message or wait to retry.",
status=status.HTTP_429_TOO_MANY_REQUESTS)
email_address.set_last_forgot_password_sent_time(datetime.datetime.now())
#
# taken from allauth.account.forms.ResetPasswordForm
#
# fetch user from database directly to avoid cache
UserCls = get_user_model()
try:
user = UserCls.objects.get(pk=email_address.user_id)
except UserCls.DoesNotExist:
return self.get_response()
temp_key = default_token_generator.make_token(user)
token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user),
key=temp_key)
badgrapp = BadgrApp.objects.get_current(request=request)
api_path = reverse('{version}_api_auth_forgot_password'.format(version=request.version))
reset_url = "{origin}{path}?token={token}&a={badgrapp}".format(
origin=OriginSetting.HTTP,
path=api_path,
token=token,
badgrapp=badgrapp.id
)
email_context = {
"site": get_current_site(request),
"user": user,
"password_reset_url": reset_url,
'badgr_app': badgrapp
}
get_adapter().send_mail('account/email/password_reset_key', email, email_context)
return self.get_response()
