def save(self, *args, **kwargs): request = self.context.get('request') current_site = get_current_site(request) email = self.validated_data["email"] user = UserModel.objects.get(email__iexact=email) token_generator = kwargs.get("token_generator", default_token_generator) temp_key = token_generator.make_token(user) path = "/reset-password/{}/{}".format(user_pk_to_url_str(user), temp_key) url = request.build_absolute_uri(path) context = { "current_site": current_site, "user": user, "password_reset_url": url, "request": request } get_adapter().send_mail('account/email/password_reset_key', email, context) return email
def post(self, request, **kwargs): email = request.data.get('email') try: email_address = CachedEmailAddress.cached.get(email=email) except CachedEmailAddress.DoesNotExist: # return 200 here because we don't want to expose information about which emails we know about return self.get_response() # email rate limiting send_email = False current_time = datetime.datetime.now() last_request_time = email_address.get_last_forgot_password_sent_time() if last_request_time is None: send_email = True else: time_delta = current_time - last_request_time if time_delta > RATE_LIMIT_DELTA: send_email = True if not send_email: return Response("Forgot password request limit exceeded. Please check your" + " inbox for an existing message or wait to retry.", status=status.HTTP_429_TOO_MANY_REQUESTS) email_address.set_last_forgot_password_sent_time(datetime.datetime.now()) # # taken from allauth.account.forms.ResetPasswordForm # # fetch user from database directly to avoid cache UserCls = get_user_model() try: user = UserCls.objects.get(pk=email_address.user_id) except UserCls.DoesNotExist: return self.get_response() temp_key = default_token_generator.make_token(user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user), key=temp_key) badgrapp = BadgrApp.objects.get_current(request=request) api_path = reverse('{version}_api_auth_forgot_password'.format(version=request.version)) reset_url = "{origin}{path}?token={token}&a={badgrapp}".format( origin=OriginSetting.HTTP, path=api_path, token=token, badgrapp=badgrapp.id ) email_context = { "site": get_current_site(request), "user": user, "password_reset_url": reset_url, } get_adapter().send_mail('account/email/password_reset_key', email, email_context) return self.get_response()
def get_email_confirmation_url(self, request, emailconfirmation, signup=False): url_name = "v1_api_user_email_confirm" temp_key = default_token_generator.make_token( emailconfirmation.email_address.user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str( emailconfirmation.email_address.user), key=temp_key) activate_url = OriginSetting.HTTP + reverse( url_name, kwargs={'confirm_id': emailconfirmation.key}) badgrapp = BadgrApp.objects.get_current(request=request) tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format( url=activate_url, token=token, badgrapp=badgrapp.id) # Add source and signup query params to the confimation url if request: source = None if hasattr(request, 'data'): source = request.data.get('source', None) elif hasattr(request, 'session'): source = request.session.get('source', None) if source: tokenized_activate_url = set_url_query_params( tokenized_activate_url, source=source) if signup: tokenized_activate_url = set_url_query_params( tokenized_activate_url, signup="true") return tokenized_activate_url
def save(self, request, **kwargs): # c/p from parent class, only needed to change the URL in the email email = self.cleaned_data["email"] token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() current_site = Site.objects.get_current() # send the password reset email path = reverse("artist_dashboard:reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri(request, path, protocol=app_settings.DEFAULT_HTTP_PROTOCOL) context = {"site": current_site, "user": user, "password_reset_url": url} if app_settings.AUTHENTICATION_METHOD \ != app_settings.AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter().send_mail('account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def save(self, request, **kwargs): current_site = get_current_site(request) email = self.validated_data['email'] token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri( request, path) context = {"current_site": current_site, "user": user, "password_reset_url": url, "request": request} if app_settings.AUTHENTICATION_METHOD \ != AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter(request).send_mail( 'account/email/password_reset_key', email, context)
def handle(self, *args, **options): users = [] for email in options['emails']: user_match = User.objects.filter(email=email) if user_match and len(user_match) == 1: users.append(user_match[0]) else: continue messages = [] for user in users: token = default_token_generator.make_token(user) login_path = reverse('token_login', kwargs={'uidb36': user_pk_to_url_str(user), 'token': token}) current_site = Site.objects.get_current() site_config = SiteConfig.objects.get(site=current_site) login_url = 'https://{}{}'.format(current_site.domain, login_path) subject = ('Your {} data: Download or share with ' 'Open Humans!'.format(current_site.name)) if site_config.invite_email_subject: subject = site_config.invite_email_subject context = {'login_url': login_url, 'site': current_site } content = render_to_string('datareturn/email/invite.txt', context) send_mail(subject, content, settings.DEFAULT_FROM_EMAIL, [user.email])
def get_serializer_context(self): user = self.request.user if not user.pk: return uid = user_pk_to_url_str(user) token = default_token_generator.make_token(user) password_reset_urls = app_settings.PASSWORD_RESET_URLS password_reset_url = password_reset_urls.get('default') domain = get_current_site(self.request).domain if getattr(self, 'swagger_fake_view', False): organization_pk, organization_slug = None, None # pragma: no cover else: organization_pk = self.organization.pk organization_slug = self.organization.slug org_radius_settings = self.organization.radius_settings if org_radius_settings.password_reset_url: password_reset_url = org_radius_settings.password_reset_url else: password_reset_url = password_reset_urls.get( str(organization_pk), password_reset_url) password_reset_url = password_reset_url.format( organization=organization_slug, uid=uid, token=token, site=domain) context = { 'request': self.request, 'password_reset_url': password_reset_url } return context
def save(self, request, **kwargs): email = self.cleaned_data["email"] last_name = self.data.get('last_name') token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() # send the password reset email path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri(request, path) context = { "last_name": last_name, "password_reset_url": url, } if app_settings.AUTHENTICATION_METHOD \ != 'email': context['username'] = user_username(user) get_adapter(request).send_mail('account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def __init__(self, *args, **kwargs): self.uidb = "zz" super(MemberResetPasswordKeyForm, self).__init__(*args, **kwargs) if self.user: from allauth.account.utils import user_pk_to_url_str self.uidb = user_pk_to_url_str(self.user)
def test_login_on_confirm(self): user = self._create_user() email = EmailAddress.objects.create(user=user, email='*****@*****.**', verified=False, primary=True) key = EmailConfirmationHMAC(email).key receiver_mock = Mock() # we've logged if signal was called user_logged_in.connect(receiver_mock) # fake post-signup account_user stash session = self.client.session session['account_user'] = user_pk_to_url_str(user) session.save() resp = self.client.post(reverse('account_confirm_email', args=[key])) email = EmailAddress.objects.get(pk=email.pk) self.assertTrue(email.verified) receiver_mock.assert_called_once_with( sender=get_user_model(), request=resp.wsgi_request, response=resp, user=get_user_model().objects.get(username='******'), signal=user_logged_in, ) user_logged_in.disconnect(receiver_mock)
def get_password_confirmation_url(self, request, user, token=None): """Constructs the password confirmation (reset) url. """ token_key = ( self.default_token_generator.make_token(user) if token is None else token ) if self.is_api: # TODO: ASK MARK WHAT THIS SHOULD BE?!? path = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format( key=token_key, uid=rest_encode_user_pk(user) ) else: path = reverse( "account_reset_password_from_key", kwargs={ "key": token_key, "uidb36": user_pk_to_url_str(user) }, ) if self.is_api and "HTTP_ORIGIN" in request.META: # request originates from a client on a different domain... url = urljoin(request.META['HTTP_ORIGIN'], path) else: url = build_absolute_uri(request, path) return url
def save(self, request, **kwargs): current_site = get_current_site(request) email = self.cleaned_data["email"] token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() # send the password reset email path = reverse("customer:account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri( request, path) context = {"current_site": current_site, "user": user, "password_reset_url": url, "request": request} if AUTHENTICATION_METHOD \ != AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter(request).send_mail( 'account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def test_pk_to_url_string_identifies_UUID_as_stringlike(self): '''Test pk to url string identifies UUID as a string.''' user = self.UUIDUser(is_active=True, email='*****@*****.**', username='******') self.assertEquals(user_pk_to_url_str(user), str(user.pk))
def password_reset(request): ''' A modified version of password_reset view from account.views. Can be removed once we get emails in the user table unique. ''' form_class=PasswordResetForm if 'POST' == request.method: form = form_class(request.POST) else: form = form_class() if form.is_valid(): #user = UserModel.objects.get(email=form.cleaned_data['email']) username = form.cleaned_data['username'] email = form.cleaned_data['email'] hostname = Site.objects.get_current().domain user = User.objects.get(username__in=expanded_username_list(username.lower()), email=email) temp_key = default_token_generator.make_token(user) path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri(request, path, protocol=DEFAULT_HTTP_PROTOCOL) args = {'domain': hostname, 'url': url, 'user': user} if email_template(user.email, 'account/mail/password_reset', **args): #return message(request, 'Check the mail please') return render_to_response(request, 'auth/password_reset_request_done.html') else: msg = ('Unfortunately we could not send you email ' 'in current time. Please, try later') return message_view(request, msg) return {'form': form}
def save(self, request, **kwargs): if 'allauth' not in settings.INSTALLED_APPS: return super().save(request, **kwargs) # for allauth current_site = get_current_site(request) email = self.cleaned_data['email'] token_generator = kwargs.get('token_generator', default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() # send the password reset email path = reverse( 'password_reset_confirm', args=[user_pk_to_url_str(user), temp_key], ) url = build_absolute_uri(request, path) context = { 'current_site': current_site, 'user': user, 'password_reset_url': url, 'request': request, } if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter(request).send_mail('account/email/password_reset_key', email, context) return self.cleaned_data['email']
def get_password_reset_url(self, request, user): temp_key = default_token_generator.make_token(user) path = reverse( "account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key), ) return request.build_absolute_uri(path)
def save(self, request, **kwargs): email = self.cleaned_data["email"] token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() current_site = get_current_site(request) # send the password reset email path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri( request, path, protocol=app_settings.DEFAULT_HTTP_PROTOCOL) context = {"site": current_site, "user": user, "password_reset_url": url, "request": request} if app_settings.AUTHENTICATION_METHOD \ != AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter().send_mail('account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def password_reset_kwargs(user): from allauth.account.forms import EmailAwarePasswordResetTokenGenerator from allauth.account.utils import user_pk_to_url_str default_token_generator = EmailAwarePasswordResetTokenGenerator() return dict(uidb36=user_pk_to_url_str(user), key=default_token_generator.make_token(user))
def _generate_uid_and_token(self, user): result = {} if 'allauth' in settings.INSTALLED_APPS: from allauth.account.forms import default_token_generator from allauth.account.utils import user_pk_to_url_str result['uid'] = user_pk_to_url_str(user) else: from django.utils.encoding import force_bytes from django.contrib.auth.tokens import default_token_generator from django.utils.http import urlsafe_base64_encode result['uid'] = urlsafe_base64_encode(force_bytes(user.pk)) result['token'] = default_token_generator.make_token(user) return result
def get_user_tokens(self): users_with_data = [] for data_file in DataFile.objects.all(): if data_file.user not in users_with_data: users_with_data.append(data_file.user) users_and_tokens = [] for user in users_with_data: token = default_token_generator.make_token(user) login_path = reverse('token_login', kwargs={'uidb36': user_pk_to_url_str(user), 'token': token}) login_url = self.request.build_absolute_uri(login_path) users_and_tokens.append([user, login_url]) return users_and_tokens
def get_email_confirmation_url(self, request, emailconfirmation): url_name = "v1_api_user_email_confirm" temp_key = default_token_generator.make_token( emailconfirmation.email_address.user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str( emailconfirmation.email_address.user), key=temp_key) activate_url = OriginSetting.HTTP + reverse( url_name, kwargs={'confirm_id': emailconfirmation.key}) badgrapp = BadgrApp.objects.get_current(request=request) tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format( url=activate_url, token=token, badgrapp=badgrapp.id) return tokenized_activate_url
def get_email_confirmation_url(self, request, emailconfirmation): url_name = "v1_api_user_email_confirm" temp_key = default_token_generator.make_token(emailconfirmation.email_address.user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(emailconfirmation.email_address.user), key=temp_key) activate_url = OriginSetting.HTTP + reverse(url_name, kwargs={'confirm_id': emailconfirmation.key}) badgrapp = BadgrApp.objects.get_current(request=request) tokenized_activate_url = "{url}?token={token}&a={badgrapp}".format( url=activate_url, token=token, badgrapp=badgrapp.id ) return tokenized_activate_url
def test_password_reset_flow(self): user = JobSeekerFactory() # Ask for password reset. url = reverse("account_reset_password") response = self.client.get(url) self.assertEqual(response.status_code, 200) post_data = {"email": user.email} response = self.client.post(url, data=post_data) args = urlencode({"email": user.email}) next_url = reverse("account_reset_password_done") self.assertRedirects(response, f"{next_url}?{args}") # Check sent email. self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] self.assertIn("Réinitialisation de votre mot de passe", email.subject) self.assertIn( "Si vous n'avez pas demandé la réinitialisation de votre mot de passe, vous pouvez ignorer ce message", email.body, ) self.assertEqual(email.from_email, settings.DEFAULT_FROM_EMAIL) self.assertEqual(len(email.to), 1) self.assertEqual(email.to[0], user.email) # Change forgotten password. uidb36 = user_pk_to_url_str(user) key = default_token_generator.make_token(user) password_change_url = reverse("account_reset_password_from_key", kwargs={ "uidb36": uidb36, "key": key }) response = self.client.get(password_change_url) password_change_url_with_hidden_key = response.url post_data = { "password1": DEFAULT_PASSWORD, "password2": DEFAULT_PASSWORD } response = self.client.post(password_change_url_with_hidden_key, data=post_data) self.assertRedirects(response, reverse("account_reset_password_from_key_done")) # User can log in with his new password. self.assertTrue( self.client.login(username=user.email, password=DEFAULT_PASSWORD)) self.client.logout()
def save(self): request = self.context.get('request') user = self.validated_data['user'] token_generator = PasswordResetTokenGenerator() temp_key = token_generator.make_token(user) current_site = get_current_site() url = request.build_absolute_uri('/accounts/password/reset/key/%s-%s' % (user_pk_to_url_str(user), temp_key)) context = { "site": current_site, "user": user, "password_reset_url": url } get_adapter().send_mail('account/email/password_reset_key', user.email, context)
def get_password_reset_url(self): temp_key = default_token_generator.make_token(self) path = reverse( "account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(self), key=temp_key), ) site = get_current_site(request=None) domain = site.domain scheme = "http" if settings.ADSERVER_HTTPS: scheme = "https" return "{scheme}://{domain}{path}".format(scheme=scheme, domain=domain, path=path)
def get(self, *args, **kwargs): try: self.object = self.get_object() except Http404: self.object = None return self.render_to_response(self.get_context_data()) # If user has already confirmed if self.object.email_address.verified: return render(self.request, 'account/email_already_confirmed.html', {'email': self.object.email_address.email}) # If user is currently authenticated but open confirmation email of someone else, # ask authenticated user to logout first if self.request.user.is_authenticated and self.request.user != self.object.email_address.user: activate_url = reverse('account_confirm_email', args=[self.object.key]) return redirect('%s?flag=confirm_on_authenticated&next=%s' % (reverse('account_logout'), activate_url)) # Confirm email on GET self.object.confirm(self.request) self.object.email_address.set_as_primary() from allauth.account.utils import user_pk_to_url_str # Allauth prevent login on email confirmation if confirmation link was opened from another browser session. get_adapter(self.request).stash_user( self.request, user_pk_to_url_str(self.object.email_address.user)) self.login_on_confirm(self.object) user = self.object.email_address.user email = self.object.email_address.email existing_emails = EmailAddress.objects.filter(user=user).exclude( email__iexact=email) if existing_emails: # Assume that if there's existing email, it means user just change email (not signing up). # Delete old emails EmailAddress.objects.filter(user=user).exclude( primary=True).delete() messages.success(self.request, _('Email is changed')) return redirect('users:settings_profile') return redirect(settings.LOGIN_REDIRECT_URL)
def handle(self, *args, **options): tester_emails = sys.stdin.read().splitlines() profiles = ( profiles_models.Profile.objects.select_related("user").filter( user__password="", user__is_active=True).annotate(canary_bucket=(models.F("pk") % 10))) is_tester = models.Q(user__email__in=tester_emails) is_emea = models.Q(country__in=EMEA_COUNTRIES) is_canary = models.Q(canary_bucket=0) phase = options["phase"] if phase == "phase1": profiles = profiles.filter(is_tester) elif phase == "phase2": profiles = profiles.filter(~is_tester, is_emea, is_canary) elif phase == "phase3": profiles = profiles.filter(~is_tester, is_emea, ~is_canary) elif phase == "phase4": profiles = profiles.filter(~is_tester, ~is_emea) token_generator = forms.EmailAwarePasswordResetTokenGenerator() common_context = { "protocol": settings.ACCOUNT_DEFAULT_HTTP_PROTOCOL, "domain": shortcuts.get_current_site(request=None).domain, } messages = [] for profile in profiles: user = profile.user context = { "profile": profile, "uidb36": account_utils.user_pk_to_url_str(user), "key": token_generator.make_token(user), **common_context, } message = mail.EmailMultiAlternatives( subject="Announcing the EA Hub 2.0", body=loader.render_to_string("emails/reactivate.txt", context), from_email="Michael from LEAN <*****@*****.**>", to=[email_utils.formataddr((profile.name, user.email))], ) message.attach_alternative( loader.render_to_string("emails/reactivate.html", context), "text/html") messages.append(message) mail.get_connection().send_messages(messages)
def post(self, request, **kwargs): email = request.data.get('email') try: email_address = CachedEmailAddress.cached.get(email=email) except CachedEmailAddress.DoesNotExist: # return 200 here because we don't want to expose information about which emails we know about return self.get_response() # # taken from allauth.account.forms.ResetPasswordForm # # fetch user from database directly to avoid cache UserCls = get_user_model() try: user = UserCls.objects.get(pk=email_address.user_id) except UserCls.DoesNotExist: return self.get_response() temp_key = default_token_generator.make_token(user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user), key=temp_key) badgrapp = BadgrApp.objects.get_current(request=request) api_path = reverse('{version}_api_auth_forgot_password'.format( version=request.version)) reset_url = "{origin}{path}?token={token}&a={badgrapp}".format( origin=OriginSetting.HTTP, path=api_path, token=token, badgrapp=badgrapp.id) email_context = { "site": get_current_site(request), "user": user, "password_reset_url": reset_url, } get_adapter().send_mail('account/email/password_reset_key', email, email_context) return self.get_response()
def get(self, *args, **kwargs): try: self.object = self.get_object() except Http404: self.object = None return self.render_to_response(self.get_context_data()) # If user has already confirmed if self.object.email_address.verified: return render(self.request, 'account/email_confirmed.html', {'email': self.object.email_address.email}) # If user is currently authenticated but open confirmation email of someone else, # ask authenticated user to logout first if self.request.user.is_authenticated() and self.request.user != self.object.email_address.user: activate_url = reverse('account_confirm_email', args=[self.object.key]) return redirect('%s?next=%s' % (reverse('account_logout'), activate_url)) # Confirm email on GET self.object.confirm(self.request) self.object.email_address.set_as_primary() from allauth.account.utils import user_pk_to_url_str # Allauth prevent login on email confirmation if confirmation link was opened from another browser session. get_adapter(self.request).stash_user(self.request, user_pk_to_url_str(self.object.email_address.user)) self.login_on_confirm(self.object) user = self.object.email_address.user email = self.object.email_address.email existing_emails = EmailAddress.objects.filter(user=user).exclude(email__iexact=email) if existing_emails: # Assume that if there's existing email, it means user just change email (not signup). # Delete old emails EmailAddress.objects.filter(user=user).exclude(primary=True).delete() messages.success(self.request, u'Email is changed') return redirect('users:update_account') return redirect(settings.LOGIN_REDIRECT_URL)
def post(self, request, student): student = get_object_or_404( Student, teacher=request.user, user__username=student, ) user = student.user email = user_email(request.user) if not email: messages.error( request, "Can not send a password reset link since your account ({}) doesn't have an email address associated with it.".format(request.user.username) ) return redirect('teachers:teacher') temp_key = default_token_generator.make_token(user) path = reverse( 'account_reset_password_from_key', kwargs={'uidb36': user_pk_to_url_str(user), 'key': temp_key}, ) context = { 'current_site': get_current_site(request), 'user': user, 'password_reset_url': build_absolute_uri(request, path), 'request': request, 'username': user_username(user), 'timeout_days': settings.PASSWORD_RESET_TIMEOUT_DAYS, } get_adapter(request).send_mail( 'teachers/email/password_reset_key', email, context, ) messages.success( request, "Password reset link for user {user} has been sent to your email address ({email})".format( user=user, email=email) ) return redirect('teachers:teacher')
def send_reset_email(self, request): token_generator = EmailAwarePasswordResetTokenGenerator() temp_key = token_generator.make_token(self) link = request.build_absolute_uri( reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(self), key=temp_key))) context = { "current_site": get_current_site, "user": request.user, "password_reset_url": link, "request": request } message = render_to_string("account/email/new_associate_message.txt", context) send_mail("Welcome to Effortless Electric", message, "from_email", [self.email], fail_silently=True)
def save(self, request, **kwargs): from django.contrib.sites.shortcuts import get_current_site current_site = get_current_site(request) email = self.cleaned_data["email"] from django.contrib.auth.tokens import default_token_generator token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() # send the password reset email from django.urls import reverse path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) from allauth.utils import build_absolute_uri url = build_absolute_uri(request, path) context = { "current_site": current_site, "user": user, "password_reset_url": url, "request": request } from allauth.account import app_settings if app_settings.AUTHENTICATION_METHOD \ != app_settings.AuthenticationMethod.EMAIL: context['username'] = user_username(user) from allauth.account.adapter import get_adapter get_adapter(request).send_mail('account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def send_reset_link(self, user): site = get_current_site(request=None) email = user.email token_generator = default_token_generator temp_key = token_generator.make_token(user) # send the password reset email path = reverse("account_reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) # Build the url. # url = build_absolute_uri( # request, path) use_https = False url = '{protocol}://{domain}{path}'.format( protocol='https' if use_https else 'http', domain=site.domain, path=path ) context = { "site": site, "current_site": site, "user": user, "password_reset_url": url, "request": None, "username": user.email } print('Sending to user #"{}"...'.format(user.pk)) subject = render_to_string('users/emails/password_reset_key_subject.txt', context=context).strip() message = render_to_string('users/emails/password_reset_key_message.txt', context=context) recipient_list = [email] send_mail(subject=subject, message=message, from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=recipient_list) print('...Email sent to "{}"'.format(email))
def test_login_on_confirm_uuid_user(self, mocked_gum, mock_perform_login): user = UUIDUser(is_active=True, email='*****@*****.**', username='******') # fake post-signup account_user stash session = self.client.session session['account_user'] = user_pk_to_url_str(user) session.save() # fake email and email confirmation to avoid swappable model hell email = Mock(verified=False, user=user) key = 'mockkey' confirmation = Mock(autospec=EmailConfirmationHMAC, key=key) confirmation.email_address = email confirmation.from_key.return_value = confirmation mock_perform_login.return_value = HttpResponseRedirect(redirect_to='/') with patch('allauth.account.views.EmailConfirmationHMAC', confirmation): self.client.post(reverse('account_confirm_email', args=[key])) assert mock_perform_login.called
def save(self, request, **kwargs): current_site = get_current_site(request) email = self.cleaned_data['email'] token_generator = kwargs.get('token_generator', default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() # send the password reset email path = reverse( 'password_reset_confirm', args=[user_pk_to_url_str(user), temp_key], ) if getattr(settings, 'REST_AUTH_PW_RESET_USE_SITES_DOMAIN', False) is True: url = build_absolute_uri(None, path) else: url = build_absolute_uri(request, path) context = { 'current_site': current_site, 'user': user, 'password_reset_url': url, 'request': request, } if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter(request).send_mail('account/email/password_reset_key', email, context) return self.cleaned_data['email']
def save(self, request, **kwargs): # context = super(CustomResetPasswordForm, self).save(request, **kwargs) # print(context, '------------') email = self.cleaned_data["email"] token_generator = kwargs.get("token_generator", default_token_generator) for user in self.users: temp_key = token_generator.make_token(user) # save it to the password reset model # password_reset = PasswordReset(user=user, temp_key=temp_key) # password_reset.save() current_site = get_current_site(request) # send the password reset email path = reverse("first_page:reset_password_from_key", kwargs=dict(uidb36=user_pk_to_url_str(user), key=temp_key)) url = build_absolute_uri( request, path, protocol=app_settings.DEFAULT_HTTP_PROTOCOL) context = {"site": current_site, "user": user, "password_reset_url": url, "request": request} if app_settings.AUTHENTICATION_METHOD \ != app_settings.AuthenticationMethod.EMAIL: context['username'] = user_username(user) get_adapter().send_mail('account/email/password_reset_key', email, context) return self.cleaned_data["email"]
def post(self, request, **kwargs): email = request.data.get('email') try: email_address = CachedEmailAddress.cached.get(email=email) except CachedEmailAddress.DoesNotExist: # return 200 here because we don't want to expose information about which emails we know about return self.get_response() # email rate limiting send_email = False current_time = datetime.datetime.now() last_request_time = email_address.get_last_forgot_password_sent_time() if last_request_time is None: send_email = True else: time_delta = current_time - last_request_time if time_delta > RATE_LIMIT_DELTA: send_email = True if not send_email: return Response("Forgot password request limit exceeded. Please check your" + " inbox for an existing message or wait to retry.", status=status.HTTP_429_TOO_MANY_REQUESTS) email_address.set_last_forgot_password_sent_time(datetime.datetime.now()) # # taken from allauth.account.forms.ResetPasswordForm # # fetch user from database directly to avoid cache UserCls = get_user_model() try: user = UserCls.objects.get(pk=email_address.user_id) except UserCls.DoesNotExist: return self.get_response() temp_key = default_token_generator.make_token(user) token = "{uidb36}-{key}".format(uidb36=user_pk_to_url_str(user), key=temp_key) badgrapp = BadgrApp.objects.get_current(request=request) api_path = reverse('{version}_api_auth_forgot_password'.format(version=request.version)) reset_url = "{origin}{path}?token={token}&a={badgrapp}".format( origin=OriginSetting.HTTP, path=api_path, token=token, badgrapp=badgrapp.id ) email_context = { "site": get_current_site(request), "user": user, "password_reset_url": reset_url, 'badgr_app': badgrapp } get_adapter().send_mail('account/email/password_reset_key', email, email_context) return self.get_response()