def test_check_token_with_nonexistent_token_and_user(self): user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) self.assertIs(p0.check_token(None, tk1), False) self.assertIs(p0.check_token(user, None), False)
def create_or_login(request): if not request.method == "POST": return HttpResponseRedirect(reverse(list)) form = EmailForm(request.POST) if not form.is_valid(): return render(request, "members/login.html", {"form": form}) data = form.cleaned_data member = get_object_or_None(Member, email=data["email"]) if not member: member = Member(email=data["email"]) member.save() member_url = reverse(edit, kwargs={"key": member.key}) token_gen = PasswordResetTokenGenerator() token = token_gen.make_token(member) try: send_mail( "Your Nick Reid Directory Profile", "Follow this link to update your profile: %s?token=%s" % (member_url, token), "*****@*****.**", [member.email], fail_silently=False, ) except: messages.error(request, "There was an error sending email to %s", member.email) messages.success(request, "An email has been sent to %s." % (member.email)) return HttpResponseRedirect(reverse(list))
def send_token_message(host, user, template, subject, new_user=False, extra_context=None): """ Send an email to the the user with a new token """ token_generator = PasswordResetTokenGenerator() t = loader.get_template(template) c = { 'email': user.email, 'host': host, 'user_token': int_to_base36(user.id), 'user': user, 'key_token': token_generator.make_token(user), 'new_user' : new_user, } if extra_context: # If we have extra_content we need for the template for key in extra_context: c[key] = extra_context[key] # send the user an email with the template filled out # the actual link can be created using: # {% url signup_login_by_email user_token key_token %} send_mail(subject, t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def test_reset_password(self): response = self.client.get(reverse('auth_password_reset')) self.assertEquals(response.status_code, 200) self.assertIn('Reset your password', response.content) response = self.client.post(reverse('auth_password_reset'), {'email': self.user.email}, follow=True) self.assertEquals(response.status_code, 200) self.assertIn('email with a link to reset your password', response.content) pt = PasswordResetTokenGenerator() token = pt.make_token(self.user) uid = base64.b64encode(str(self.user.id)).strip('=') response = self.client.get(reverse('auth_password_reset_confirm', args=(uid, token)), follow=True) self.assertEquals(response.status_code, 200) self.assertIn('Enter your new password below', response.content) data = { 'new_password1': 'newpassword', 'new_password2': 'newpassword' } response = self.client.post(reverse('auth_password_reset_confirm', args=(uid, token)), data, follow=True) self.assertEquals(response.status_code, 200) self.assertIn('Your password has been reset!', response.content) result = self.client.login(username=self.user.username, password='******') self.assertTrue(result) #reset password self.user.set_password('supersecret')
def test_timeout(self): """ The token is valid after n days, but no greater. """ # Uses a mocked version of PasswordResetTokenGenerator so we can change # the value of 'today' class Mocked(PasswordResetTokenGenerator): def __init__(self, today): self._today_val = today def _today(self): return self._today_val user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) p1 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS)) self.assertTrue(p1.check_token(user, tk1)) p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1)) self.assertFalse(p2.check_token(user, tk1))
def test_django12_hash(self): """ Ensure we can use the hashes generated by Django 1.2 """ # Hard code in the Django 1.2 algorithm (not the result, as it is time # dependent) def _make_token(user): from django.utils.hashcompat import sha_constructor from django.utils.http import int_to_base36 timestamp = (date.today() - date(2001, 1, 1)).days ts_b36 = int_to_base36(timestamp) hash = sha_constructor( settings.SECRET_KEY + unicode(user.id) + user.password + user.last_login.strftime("%Y-%m-%d %H:%M:%S") + unicode(timestamp) ).hexdigest()[::2] return "%s-%s" % (ts_b36, hash) user = User.objects.create_user("tokentestuser", "*****@*****.**", "testpw") p0 = PasswordResetTokenGenerator() tk1 = _make_token(user) self.assertTrue(p0.check_token(user, tk1))
def _get_confirm_url(self, user): token_maker = PasswordResetTokenGenerator() token = token_maker.make_token(user) uid = urlsafe_base64_encode(force_bytes(user.pk)) #same thing django does to generate uid confirm_url = reverse('auth_password_reset_confirm', kwargs={'token':token, 'uidb64':uid}) return confirm_url
def test_make_token(self): """ Ensure that we can make a token and that it is valid """ user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) self.assertTrue(p0.check_token(user, tk1))
def test_PasswordResetConfirmView_valid_token(self): # PasswordResetConfirmView valid token default_token_generator = PasswordResetTokenGenerator() token = default_token_generator.make_token(self.user) uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk))) response = PasswordResetConfirmView.as_view(success_url='dummy/')(self.request, uidb64=uidb64, token=token) self.assertContains(response, '<title>Enter new password</title>') self.assertContains(response, '<h1>Enter new password</h1>')
def form_valid(self, form): """ Register a new user. """ # Do not accept any valid form when registration is closed. if not settings.REGISTRATION_POSSIBLE: messages.error(self.request, _('I\'m sorry, but I can\'t let anyone register at the moment.')) return redirect(reverse_lazy('login')) # Create and save user user = LilyUser.objects.create_user( email=form.cleaned_data['email'], password=form.cleaned_data['password'], first_name=form.cleaned_data['first_name'], preposition=form.cleaned_data['preposition'], last_name=form.cleaned_data['last_name'], ) user.is_active = False user.save() # Add to admin group account_admin = Group.objects.get_or_create(name='account_admin')[0] user.groups.add(account_admin) # Get the current site try: current_site = Site.objects.get_current() except Site.DoesNotExist: current_site = '' # Generate uidb36 and token for the activation link uidb36 = int_to_base36(user.pk) token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(user) # Send an activation mail # TODO: only create/save contact when e-mail sent successfully send_templated_mail( template_name='activation', from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[form.cleaned_data['email']], context={ 'current_site': current_site, 'protocol': self.request.is_secure() and 'https' or 'http', 'user': user, 'uidb36': uidb36, 'token': token, } ) # Show registration message messages.success( self.request, _('Registration completed. I\'ve sent you an email, please check it to activate your account.') ) return self.get_success_url()
def get_token(user): #assert request.user.is_authenticated() token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(user) return token
def authenticate(self, user_token, key_token): try: token_generator=PasswordResetTokenGenerator() user = get_object_or_404(User, pk=base36_to_int(user_token)) if token_generator.check_token( user, key_token) and user.is_active: logger.debug("User: %s authenticated via token" % user.username) return user except User.DoesNotExist: return None
def test_date_length(self): """ Overly long dates, which are a potential DoS vector, aren't allowed. """ user = User.objects.create_user('ima1337h4x0r', '*****@*****.**', 'p4ssw0rd') p0 = PasswordResetTokenGenerator() # This will put a 14-digit base36 timestamp into the token, which is too large. with self.assertRaises(ValueError): p0._make_token_with_timestamp(user, 175455491841851871349)
def test_date_length(self): """ Make sure we don't allow overly long dates, causing a potential DoS. """ user = User.objects.create_user('ima1337h4x0r', '*****@*****.**', 'p4ssw0rd') p0 = PasswordResetTokenGenerator() # This will put a 14-digit base36 timestamp into the token, which is too large. tk1 = p0._make_token_with_timestamp(user, 175455491841851871349) self.assertFalse(p0.check_token(user, tk1))
def test_PasswordResetConfirmView_valid_token(self): # PasswordResetConfirmView valid token client = PasswordResetConfirmClient() default_token_generator = PasswordResetTokenGenerator() token = default_token_generator.make_token(self.user) uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk))) url = reverse('password_reset_confirm', kwargs={'uidb64': uidb64, 'token': token}) response = client.get(url) self.assertContains(response, '<title>Enter new password</title>') self.assertContains(response, '<h1>Enter new password</h1>')
def test_10265(self): """ The token generated for a user created in the same request will work correctly. """ # See ticket #10265 user = User.objects.create_user('comebackkid', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) reload = User.objects.get(username='******') tk2 = p0.make_token(reload) self.assertEqual(tk1, tk2)
def send_reset_password_email(user, request): token_generator = PasswordResetTokenGenerator() temp_key = token_generator.make_token(user) # send the password reset email path = reverse('account_reset_password_from_key', kwargs=dict(uidb36=int_to_base36(user.id), key=temp_key)) url = request.build_absolute_uri(path) context = {'password_reset_url': url} subject = 'Reset your password' send_mail('account/email/forget_password.html', subject, user.email, context)
def send_email_auth_token(request, user, new_user=False): token_generator = PasswordResetTokenGenerator() t = loader.get_template('signup/email_auth_form.html') c = { 'email': user.email, 'host': request.get_host(), 'user_token': int_to_base36(user.id), 'user': user, 'key_token': token_generator.make_token(user), 'new_user' : new_user, } send_mail(_("New Login token for %s") % request.get_host(), t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def generate_password_reset_url(user_profile: UserProfile, token_generator: PasswordResetTokenGenerator) -> str: token = token_generator.make_token(user_profile) uid = urlsafe_base64_encode(force_bytes(user_profile.id)).decode('ascii') endpoint = reverse('django.contrib.auth.views.password_reset_confirm', kwargs=dict(uidb64=uid, token=token)) return "{}{}".format(user_profile.realm.uri, endpoint)
def generate_token(request): username_or_email = request.POST.get('username_or_email') #Check to see if we can find a valid user try: empous_user = User.objects.get(Q(username__iexact=username_or_email)|Q(email__iexact=username_or_email)) token_gen = PasswordResetTokenGenerator() reset_token = token_gen.make_token(empous_user) reset_message = "A password reset token has been requested for your account. Your token is : %s" % reset_token email = EmailMessage("Empous: Password Reset Token", reset_message, to=[empous_user.email], from_email="*****@*****.**") email.send() return HttpResponse(json.dumps({'response_message':'A token has been emailed to "%s"' % empous_user.email}), mimetype='application/json') except User.DoesNotExist: return HttpResponse(json.dumps({'response_message':'Could not find an empous user with a username or email of "%s"' % username_or_email}), mimetype='application/json')
def reset_password(request): token = request.POST.get('token') username_or_email = request.POST.get('username_or_email') password = request.POST.get('password') try: empous_user = User.objects.get(Q(username__iexact=username_or_email)|Q(email__iexact=username_or_email)) token_gen = PasswordResetTokenGenerator() if token_gen.check_token(empous_user, token): empous_user.set_password(password) empous_user.save() return HttpResponse(json.dumps(StatusCodes.SUCCESS), mimetype='application/json') else: return HttpResponse(json.dumps(StatusCodes.TOKEN_INVALID), mimetype='application/json') except User.DoesNotExist: return HttpResponse(json.dumps(StatusCodes.USER_DOESNT_EXIST), mimetype='application/json')
def edit(request, key=None): member = get_object_or_404(Member, key=key) if "token" in request.REQUEST: token = request.REQUEST["token"] token_gen = PasswordResetTokenGenerator() if token_gen.check_token(member, token): member.backend = ( "django.contrib.auth.backends.ModelBackend" ) # from: http://stackoverflow.com/questions/2787650/manually-logging-in-a-user-without-password login(request, member) return HttpResponseRedirect(reverse(edit, kwargs={"key": member.key})) if request.method == "POST": form = MemberForm(request.POST, instance=member) if form.is_valid(): form.save() return HttpResponseRedirect(reverse(edit, kwargs={"key": member.key})) form = MemberForm(instance=member) return render(request, "members/form.html", {"member": member, "form": form})
def form_valid(self, form): """ If ResendActivationForm passed the validation, generate new token and send an e-mail. """ token_generator = PasswordResetTokenGenerator() users = LilyUser.objects.filter( email__iexact=form.cleaned_data['email'] ) # Get the current site or empty string try: current_site = Site.objects.get_current() except Site.DoesNotExist: current_site = '' for user in users: # Generate uidb36 and token for the activation link uidb36 = int_to_base36(user.pk) token = token_generator.make_token(user) # E-mail to the user send_templated_mail( template_name='activation', from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[form.cleaned_data['email']], context={ 'current_site': current_site, 'protocol': self.request.is_secure() and 'https' or 'http', 'user': user, 'uidb36': uidb36, 'token': token, } ) # Show registration message messages.success( self.request, _('Reactivation successful. I\'ve sent you an email, please check it to activate your account.') ) # Redirect to success url return self.get_success_url()
def test_timeout(self, password_reset_timeout_days=3): """ Ensure we can use the token after n days, but no greater. """ # Uses a mocked version of PasswordResetTokenGenerator so we can change # the value of 'today' class Mocked(PasswordResetTokenGenerator): def __init__(self, today): self._today_val = today def _today(self): return self._today_val user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) p1 = Mocked(date.today() + timedelta(password_reset_timeout_days)) self.assertTrue(p1.check_token(user, tk1)) p2 = Mocked(date.today() + timedelta(password_reset_timeout_days + 1)) self.assertFalse(p2.check_token(user, tk1))
class ActivationResendView(FormView): """ This view is used by an user to request a new activation e-mail. """ template_name = 'users/activation_resend_form.html' form_class = ResendActivationForm def form_valid(self, form): """ If ResendActivationForm passed the validation, generate new token and send an e-mail. """ self.TGen = PasswordResetTokenGenerator() self.users = CustomUser.objects.filter( contact__email_addresses__email_address__iexact=form.cleaned_data['email'], contact__email_addresses__is_primary=True ) # Get the current site or empty string try: self.current_site = Site.objects.get_current() except Site.DoesNotExist: self.current_site = '' for user in self.users: # Generate uidb36 and token for the activation link self.uidb36 = int_to_base36(user.pk) self.token = self.TGen.make_token(user) # E-mail to the user send_templated_mail( template_name='activation', from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[form.cleaned_data['email']], context={ 'current_site': self.current_site, 'protocol': self.request.is_secure() and 'https' or 'http', 'full_name': " ".join([user.contact.first_name, user.contact.preposition, user.contact.last_name]), 'user': user, 'uidb36': self.uidb36, 'token': self.token, } ) # Show registration message messages.success(self.request, _('Reactivation success. Check your <nobr>e-mail</nobr> to activate your account.')) # Redirect to success url return self.get_success_url() def get_success_url(self): """ Redirect to the success url. """ return redirect(reverse_lazy('login'))
def test_titles(self): rf = RequestFactory() user = User.objects.create_user('jsmith', '*****@*****.**', 'pass') user = authenticate(username=user.username, password='******') request = rf.get('/somepath/') request.user = user response = PasswordResetView.as_view(success_url='dummy/')(request) self.assertContains(response, '<title>Password reset</title>') self.assertContains(response, '<h1>Password reset</h1>') response = PasswordResetDoneView.as_view()(request) self.assertContains(response, '<title>Password reset sent</title>') self.assertContains(response, '<h1>Password reset sent</h1>') # PasswordResetConfirmView invalid token response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64='Bad', token='Bad') self.assertContains(response, '<title>Password reset unsuccessful</title>') self.assertContains(response, '<h1>Password reset unsuccessful</h1>') # PasswordResetConfirmView valid token default_token_generator = PasswordResetTokenGenerator() token = default_token_generator.make_token(user) uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk))) response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64=uidb64, token=token) self.assertContains(response, '<title>Enter new password</title>') self.assertContains(response, '<h1>Enter new password</h1>') response = PasswordResetCompleteView.as_view()(request) self.assertContains(response, '<title>Password reset complete</title>') self.assertContains(response, '<h1>Password reset complete</h1>') response = PasswordChangeView.as_view(success_url='dummy/')(request) self.assertContains(response, '<title>Password change</title>') self.assertContains(response, '<h1>Password change</h1>') response = PasswordChangeDoneView.as_view()(request) self.assertContains(response, '<title>Password change successful</title>') self.assertContains(response, '<h1>Password change successful</h1>')
def user_password_retrieve(request): username = request.GET['username_forgot'] u = User.objects.get(email = username) token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(u) u.set_password(token) u.save() msg = MIMEMultipart() msg['Subject'] = 'Mail from the MicrobesFlux -- Password reset' msg['From'] = '*****@*****.**' msg['To'] = username msg.preamble = 'Reset your password' fromaddr = "*****@*****.**" toaddrs = [username, ] content = MIMEText("Dear MicrobesFlux User: we have changed your password to " + token + ". -- MicrobesFlux") msg.attach(content) server = smtplib.SMTP('localhost') server.sendmail(fromaddr, toaddrs, msg.as_string()) server.quit() return HttpResponse(content = """New Email sent!""", status = 200, content_type = "text/html")
def test_titles(self): rf = RequestFactory() user = User.objects.create_user('jsmith', '*****@*****.**', 'pass') user = authenticate(username=user.username, password='******') request = rf.get('/somepath/') request.user = user response = password_reset(request, post_reset_redirect='dummy/') self.assertContains(response, '<title>Password reset</title>') self.assertContains(response, '<h1>Password reset</h1>') response = password_reset_done(request) self.assertContains(response, '<title>Password reset successful</title>') self.assertContains(response, '<h1>Password reset successful</h1>') # password_reset_confirm invalid token response = password_reset_confirm(request, uidb64='Bad', token='Bad', post_reset_redirect='dummy/') self.assertContains(response, '<title>Password reset unsuccessful</title>') self.assertContains(response, '<h1>Password reset unsuccessful</h1>') # password_reset_confirm valid token default_token_generator = PasswordResetTokenGenerator() token = default_token_generator.make_token(user) uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk))) response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/') self.assertContains(response, '<title>Enter new password</title>') self.assertContains(response, '<h1>Enter new password</h1>') response = password_reset_complete(request) self.assertContains(response, '<title>Password reset complete</title>') self.assertContains(response, '<h1>Password reset complete</h1>') response = password_change(request, post_change_redirect='dummy/') self.assertContains(response, '<title>Password change</title>') self.assertContains(response, '<h1>Password change</h1>') response = password_change_done(request) self.assertContains(response, '<title>Password change successful</title>') self.assertContains(response, '<h1>Password change successful</h1>')
def send_activation_email(request, user): b64uid = urlsafe_base64_encode(str(user.id)) token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(user) if user.is_active: raise Exception('Will not send activation key to active user') send_mail( 'Activate your Editors\' Notes account', 'This email was used to create an account at {site_url}.\n\n' 'To activate your account, visit the following link:\n\n' '\t{activation_url}\n\n' 'If you did not request an account, please ignore this email.'.format( site_url=request.build_absolute_uri('/'), activation_url=request.build_absolute_uri( reverse('auth:activate_account', args=[b64uid, token]) ), activation_token=token), settings.SERVER_EMAIL, [user.email] )
def test_token_with_different_secret(self): """ A valid token can be created with a secret other than SECRET_KEY by using the PasswordResetTokenGenerator.secret attribute. """ user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') new_secret = 'abcdefghijkl' # Create and check a token with a different secret. p0 = PasswordResetTokenGenerator() p0.secret = new_secret tk0 = p0.make_token(user) self.assertTrue(p0.check_token(user, tk0)) # Create and check a token with the default secret. p1 = PasswordResetTokenGenerator() self.assertEqual(p1.secret, settings.SECRET_KEY) self.assertNotEqual(p1.secret, new_secret) tk1 = p1.make_token(user) # Tokens created with a different secret don't validate. self.assertFalse(p0.check_token(user, tk1)) self.assertFalse(p1.check_token(user, tk0))
def get(self, request, uid64, token): try: id = smart_str(urlsafe_base64_decode(uid64)) user = User.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): return Response( {'error': 'Token is not valid, please request a new one'}, status=status.HTTP_401_UNAUTHORIZED) return Response( { 'success': True, 'message': 'Credentials Valid', 'uid64': uid64, 'token': token }, status=status.HTTP_200_OK) except DjangoUnicodeDecodeError as err: return Response( {'error': 'Token is not valid, please request a new one'}, status=status.HTTP_401_UNAUTHORIZED)
def send_activation_code(user: CustomUser) -> None: with open(configs.resolve('accounts.registration.activation.template'), 'r', encoding='utf-8') as file: template = Template(file.read()) try: send_mail( configs.resolve('accounts.registration.activation.subject'), template.render( Context({ 'api': 'UWKGM', 'code': PasswordResetTokenGenerator().make_token(user), 'user': user.get_full_name() })), '%s' % configs.resolve('accounts.registration.email'), [user.email]) except SMTPException as error: raise APIException( _('An error occurred while sending an activation code: %s' % str(error)))
def post(self, request): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) email = request.data.get('email', '') if User.objects.filter(email=email).exists(): user = User.objects.get(email=email) uidb64 = urlsafe_base64_encode(smart_bytes(user.id)) token = PasswordResetTokenGenerator().make_token(user) absurl = config( 'FRONTEND_URL') + '/password_reset/' + uidb64 + '/' + token email_body = 'Hello, \n Use link below to reset your password \n' + absurl data = { 'email_body': email_body, 'to_email': [user.email], 'email_subject': 'Reset your passsword' } Util.send_email(data) return Response( {'success': 'We have sent you a link to reset your password'}, status=status.HTTP_200_OK)
def get(self, request, uidb64, token): context = {'uidb64': uidb64, 'token': token} try: user_id = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=user_id) if not PasswordResetTokenGenerator().check_token(user, token): # import pdb ; pdb.set_trace() messages.info( request, 'Password reset reset link is invalid. Please request for new one.' ) return render(request, 'auth/set-password.html', context) except Exception as identifier: messages.info(request, 'Something went wrong, please try again.') return render(request, 'auth/set-password.html', context) return render(request, 'auth/set-password.html', context)
def validate(self, attrs): try: password = attrs.get('password') token = attrs.get('token') uidb64 = attrs.get('uidb64') id = force_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): raise AuthenticationFailed('The reset link is invalid', 401) user.set_password(password) user.save() return user except Exception as e: raise AuthenticationFailed('The reset link is invalid', 401)
def validate(self, attrs): email = attrs.get('email', '') if not email: raise serializers.ValidationError('Email is required') try: user = User.objects.get(email=email) except Exception as e: print('Error >> ', e) raise serializers.ValidationError('This user does not exists') token = PasswordResetTokenGenerator().make_token(user) data = { 'email': user.email, 'token': token, } return data
def reset_password_link(request, base64_id, token): if request.method == "POST": uid = force_text(urlsafe_base64_decode(base64_id)) user = get_user_model().objects.get(pk=uid) if not user or not PasswordResetTokenGenerator().check_token( user, token): return HttpResponse("This is invalid!") form = ResetPasswordForm(request.POST) if form.is_valid(): form.save(uid) return redirect("user:login") else: return HttpResponse("Invalid") else: form = ResetPasswordForm() return render(request=request, template_name="reset.html", context={"form": form})
def validate(self, attrs): try: password = attrs.get('password') token = attrs.get('token') uidb64 = attrs.get('uidb64') uid = force_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=uid) if not PasswordResetTokenGenerator().check_token(user, token): raise AuthenticationFailed( 'The link is invalid,please request a new one', 401) user.set_password(password) user.save() return (user) except DjangoUnicodeDecodeError as identifier: raise serializers.ValidationError( ValidationError({'token': 'invalid token'})) return super().validate(attrs)
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) password = serializer.validated_data['password'] token = self.kwargs.get('token') user = self.get_object() if not PasswordResetTokenGenerator.check_token(default_token_generator, user, token): return Response({ 'data': MESSAGE_CONSTANTS["INVALID_TOKEN"], 'status': status.HTTP_400_BAD_REQUEST }) user.set_password(password) user.save() return Response({ 'data': MESSAGE_CONSTANTS["PASSWORD_SET"], 'status': status.HTTP_200_OK })
def activate_account(request, uid, token): try: uid = force_text(urlsafe_base64_decode(uid)) logger.debug("uid: %s" % uid) user = User.objects.get(pk=uid) check_token = PasswordResetTokenGenerator().check_token(user, token) logger.debug("check_token: %s" % check_token) except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None check_token = False if user is not None and check_token: profile = get_object_or_404(Profile, user=user) profile.email_confirmed = True profile.save() login(request, user) template = "profiles/account_activate_complete.html" context = {} return render(request, template, context) else: return HttpResponse('Activation link is invalid!')
def post(self, request): serializer = self.serializer_class(data=request.data) email = request.data['email'] if User.objects.filter(email=email).exists(): user = User.objects.get(email=email) uidb64 = urlsafe_base64_encode(smart_bytes(user.id)) token = PasswordResetTokenGenerator().make_token(user) current_site = get_current_site(request=request).domain relative_link = reverse('password-reset-confirm', kwargs={'uidb64': uidb64, 'token': token}) absolute_url = 'http://' + current_site + relative_link email_body = 'Hello, \n Use link below to reset your password \n' + absolute_url data = { 'email_body': email_body, 'to_email': user.email, 'email_subject': 'Reset your password' } Util.send_email(data) return Response({'success': 'We have sent you a link to reset your password'}, status=status.HTTP_200_OK)
def send_reset_password_email(request, email): user = get_user_model().objects.get(email=email) host_name = request.get_host() base_url = host_name + "/user/reset_password/" if str(host_name).startswith("127.0.0.1"): base_url = "http://" + base_url else: base_url = "https://" + base_url c = { "base_url": base_url, "uid": urlsafe_base64_encode(force_bytes(user.pk)), "token": PasswordResetTokenGenerator().make_token(user), } htmltemp = template.loader.get_template("reset_password_template.html") html_content = htmltemp.render(c) email_subject = "Reset Your DineLine Password!" logger.info("Send email to: %s", user.email) email = EmailMultiAlternatives(email_subject, to=[user.email]) email.attach_alternative(html_content, "text/html") return email.send()
def validate(self, attrs): try: password = self.initial_data['password'] token = self.initial_data['token'] uidb64 = self.initial_data['uidb64'] id = force_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): raise exceptions.AuthenticationFailed( 'Invalid reset password link.', 401) user.set_password(password) user.save() return (user) except Exception: raise exceptions.AuthenticationFailed( 'Invalid reset password link.', 401) return super().validate(attrs)
def sendPasswordResetEmail(user_email): if not UserExistsByEmail(user_email): return False user = User.objects.get(email=user_email) context = { 'user': user, 'domain': getOption('site_url'), 'uid': urlsafe_base64_encode(force_bytes(user.pk)).decode(), 'token': PasswordResetTokenGenerator().make_token(user), 'protocol': 'http' } subject = "Reset your Password" if send_mail(subject, user.email, 'accounts/email/forgot-password', context): return True else: return False
def get(self, request, uidb64, token): try: id = smart_str(urlsafe_base64_decode(uidb64)) user = CustomUser.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): return Response( {'error', 'invalid token, kindly request a new one'}) return Response({ "success": True, "message": "Credential valid", "uidb64": uidb64, "token": token }) except DjangoUnicodeDecodeError as e: return Response( {'error', 'altered token, kindly request a new one'})
def get(self, request, uidb64, token): context = {'uidb64': uidb64, 'token': token} try: user_id = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=user_id) if not PasswordResetTokenGenerator().check_token(user, token): messages.error( request, 'Password reset link is invalid. Please request a new one.' ) return render(request, 'auth/request-reset-email.html') except DjangoUnicodeDecodeError: messages.success(request, 'Invalid link.') return render(request, 'auth/request-reset-email.html') return render(request, 'auth/set-new-password.html', context)
def get(self, request, uidb64, token): try: id = smart_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): raise Exception('El token no es correcto') return Response({ 'success': 'Token correcto' }, status=status.HTTP_200_OK) except DjangoUnicodeDecodeError as error: return Response({ 'error': 'El token es incorrecto' }, status=status.HTTP_401_UNAUTHORIZED) except Exception as error: return Response({ 'error': 'El token es incorrecto' }, status=status.HTTP_401_UNAUTHORIZED)
def get(self, request, uidb64, token): context = {'uidb64': uidb64, 'token': token} try: user_id = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=user_id) if not PasswordResetTokenGenerator().check_token(user, token): messages.info( request, "Password link is expired, please request a new one") return render(request, 'reset-password.html') except Exception as identifier: pass return render(request, "set-new-password.html", context)
def get(self, request, uidb64, token): context = {'uidb64': uidb64, 'token': token} try: user_id = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=user_id) if not PasswordResetTokenGenerator().check_token(user, token): messages.info( request, 'Password reset link, is invalid, please request a new one' ) return render(request, 'small_change_password_form.html') except DjangoUnicodeDecodeError as identifier: messages.success(request, 'Invalid link') return render(request, 'small_change_password_form.html') return render(request, 'mail/reset_pass.html', context)
def send_verification_secondary_email(request, email): host_name = request.get_host() base_url = host_name + "/user/email/verification/" if str(host_name).startswith("127.0.0.1"): base_url = "http://" + base_url else: base_url = "https://" + base_url c = { "base_url": base_url, "uid": urlsafe_base64_encode(force_bytes(request.user.pk)), "encoded_email": urlsafe_base64_encode(force_bytes(email)), "token": PasswordResetTokenGenerator().make_token(request.user), } htmltemp = template.loader.get_template("verify_email_template.html") html_content = htmltemp.render(c) email_subject = "Verify your email!" email = EmailMultiAlternatives(email_subject, to=[email]) email.attach_alternative(html_content, "text/html") return email.send()
def activate_account(request, uidb64, token): try: user_id = force_text(urlsafe_base64_decode(uidb64)) messages.success(request, 'Your account has been activated') user = User.objects.get(pk=user_id) user.is_active = True user.save() if not PasswordResetTokenGenerator().check_token(user, token): messages.info( request, 'Password reset link, is invalid, please request a new one') return render(request, 'mail/register.html') return redirect('login') except DjangoUnicodeDecodeError as identifier: messages.success( request, 'Invalid link') return render(request, 'mail/reset_mail.html')
def validate(self, attrs): try: password = attrs.get('password') token = attrs.get('token') uidb64 = attrs.get('uidb64') id = force_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(id=id) if not PasswordResetTokenGenerator().check_token(user, token): raise AuthenticationFailed( 'El enlace de restablecimiento no es válido', 401) user.set_password(password) user.save() return (user) except Exception as e: raise AuthenticationFailed( 'El enlace de restablecimiento no es válido', 401) return super().validate(attrs)
def get(self, request, uidb64, token): try: id = smart_str(urlsafe_base64_decode(uidb64)) user = User.objects.get(id=id) if PasswordResetTokenGenerator().check_token(user, token): return Response({'error': 'Token not valid'}, status=status.HTTP_400_BAD_REQUEST) return Response({ 'success': True, 'message': 'credentials valid', 'uidb64': uidb64, 'token': token, 'status': status.HTTP_200_OK }) except: return Response({'error': 'Token is invalid'}, status=status.status.HTTP_400_BAD_REQUEST)
def post(self, request): email = request.POST['email'] context = {'values': request.POST} if not validate_email(email): messages.error(request, "Please enter a valid email.") return render(request, 'authentication/reset-password.html', context) current_site = get_current_site(request) user = User.objects.filter(email=email) if user.exists(): email_contests = { 'user': user[0], 'domain': current_site.domain, 'uid': urlsafe_base64_encode(force_bytes(user[0].pk)), 'token': PasswordResetTokenGenerator().make_token(user[0]), } link = reverse('reset-user-password', kwargs={ 'uidb64': email_contests['uid'], 'token': email_contests['token'] }) email_subject = 'Password reset' reset_url = 'http://' + current_site.domain + link email = EmailMessage( email_subject, 'Please the link below to reset your password \n' + reset_url, '*****@*****.**', [email], ) EmailThread(email).start() messages.success(request, "An email has been sent to your account.") return render(request, 'authentication/reset-password.html')
def post(self, request): email = request.POST['email'] data = { 'values': request.POST } if not validate_email(email): messages.error(request, 'Please supply a valid email') return render(request, 'authentication/reset_password.html') user = User.objects.filter(email=email) if not user.exists(): messages.error(request, 'User email does not exist') return render(request, 'authentication/reset_password.html') else: email_content = { 'user': user[0], 'domain': get_current_site(request).domain, 'uid': urlsafe_base64_encode(force_bytes(user[0].pk)), 'token': PasswordResetTokenGenerator().make_token(user[0]) } link = reverse('reset-user-password', kwargs={'uidb64': email_content['uid'], 'token': email_content['token']}) # - relative url to verification reset_url = 'http://' + get_current_site(request).domain + link email_subject = 'Password reset link' email_body = 'Hi click the link below to reset password\n' + reset_url email = EmailMessage( email_subject, email_body, '*****@*****.**', [email], ) EmailThreading(email).start() messages.success(request, 'Reset link sent successfully') return render(request, 'authentication/reset_password.html', data)
def form_valid(self, form): cleaned_data = form.cleaned_data # profile_image = request.FILES['profile_image'] # if profile_image.name.endswith(".jpeg") or profile_image.name.endswith( # '.jpg') or profile_image.name.endswith(".png"): # fs = FileSystemStorage() # filename = fs.save(profile_image.name, profile_image) # print("File name is", filename) new_user = User(first_name=cleaned_data['first_name'], last_name=cleaned_data['last_name'], email=cleaned_data['email'], username=cleaned_data['username'], is_active=False) print("User is", new_user) new_user.save() new_user.set_password(cleaned_data['password1']) new_user.save() current_site = get_current_site(self.request) subject = 'Activate Your Asmit Blogs Account' message = render_to_string( 'Accounts/account_activation_email.html', { 'user': new_user, 'domain': current_site.domain, 'uid': urlsafe_base64_encode(force_bytes(new_user.pk)), 'token': PasswordResetTokenGenerator.make_token( self=account_activation_token, user=new_user), }) send_mail(subject, message, EMAIL_HOST_USER, [new_user.email], fail_silently=False) messages.success( self.request, 'Please Confirm your email to complete registration.') return redirect('account:login')
def post(self, request): domain = request.META.get('HTTP_ORIGIN', get_current_site(request).domain) serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) try: user = User.objects.filter(email=request.data['email']) if not user: raise serializers.ValidationError({ "email": ["No records correspondingly this user were found"] }) uidb64 = urlsafe_base64_encode(smart_bytes(user[0].id)) token = PasswordResetTokenGenerator().make_token(user[0]) message = [ request, reverse('authentication:setnewpassword', kwargs={ "uidb64": uidb64, "token": token }), "Reset Password", "Reset Password", request.data['email'] ] Utilities.send_email(message, domain, 'password_reset') return Response( { "message": "Please check your email for the reset password link." }, status=status.HTTP_200_OK) except KeyError: return Response( { "errors": { "email": ["Email is required to reset a password"] } }, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): email = request.POST['email'] context = {'values': request.POST} if not validate_email(email): messages.error(request, 'Please enter a valid email') return render(request, 'authentication/reset-password.html', context) current_site = get_current_site(request) user = User.objects.filter(email=email) if user.exists(): email_contents = { 'user': user[0], 'domain': current_site.domain, 'uid': urlsafe_base64_encode(force_bytes(user[0].pk)), 'token': PasswordResetTokenGenerator().make_token(user[0]), } link = reverse('reset-user-password', kwargs={ 'uidb64': email_contents['uid'], 'token': email_contents['token'] }) email_subject = 'Password Reset' reset_url = 'http://' + current_site.domain + link email = EmailMessage( email_subject, 'Hi there, Please use this link to reset your password\n' + reset_url, '*****@*****.**', [email], ) email.send(fail_silently=False) messages.success(request, 'We have sent you an email to reset your password') return render(request, 'authentication/reset-password.html')
def post(self, request): serializer = self.serializer_class(data=request.data) email = request.data.get('email', '') print(email) # if user exist we are creating a unique token using tokengenerator if User.objects.filter(email=email).exists(): user = User.objects.get(email=email) uidb64 = urlsafe_base64_encode(smart_bytes(user.id)) token = PasswordResetTokenGenerator().make_token(user) return Response( { "message": "Forget email sent successfully", "forget_pin": token, "status": 1, }, status=status.HTTP_200_OK) return Response({ 'failure': 'email not found', "status": 0, })
def post(self, request): email = request.POST['email'] context = { 'values':request.POST } if not validate_email(email): messages.error(request, "Please enter valid email") return render(request, 'authentication/reset-password.html') email_subject = "Reset Account Password" user = User.objects.filter(email=email) uidb64 = urlsafe_base64_encode(force_bytes(user.pk)) if user.exists(): domain = get_current_site(request).domain link = reverse('reset-user-password', kwargs={'uidb64':uidb64, 'token': PasswordResetTokenGenerator().make_token(user)}) reset_url = 'http://'+domain+link email_content = "Hi " + user.username + " Please use the link to reset your password \n "+reset_url send_mail(email_subject,email_content, settings.EMAIL_HOST_USER, [email], fail_silently=False) print(email) messages.success(request, "Reset email sent") return render(request, 'authentication/reset-password.html')