def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertIs(p0.check_token(None, tk1), False)
self.assertIs(p0.check_token(user, None), False)
def create_or_login(request):
if not request.method == "POST":
return HttpResponseRedirect(reverse(list))
form = EmailForm(request.POST)
if not form.is_valid():
return render(request, "members/login.html", {"form": form})
data = form.cleaned_data
member = get_object_or_None(Member, email=data["email"])
if not member:
member = Member(email=data["email"])
member.save()
member_url = reverse(edit, kwargs={"key": member.key})
token_gen = PasswordResetTokenGenerator()
token = token_gen.make_token(member)
try:
send_mail(
"Your Nick Reid Directory Profile",
"Follow this link to update your profile: %s?token=%s" % (member_url, token),
"*****@*****.**",
[member.email],
fail_silently=False,
)
except:
messages.error(request, "There was an error sending email to %s", member.email)
messages.success(request, "An email has been sent to %s." % (member.email))
return HttpResponseRedirect(reverse(list))
def send_token_message(host, user, template, subject, new_user=False, extra_context=None):
"""
Send an email to the the user with a new token
"""
token_generator = PasswordResetTokenGenerator()
t = loader.get_template(template)
c = {
'email': user.email,
'host': host,
'user_token': int_to_base36(user.id),
'user': user,
'key_token': token_generator.make_token(user),
'new_user' : new_user,
}
if extra_context:
# If we have extra_content we need for the template
for key in extra_context:
c[key] = extra_context[key]
# send the user an email with the template filled out
# the actual link can be created using:
# {% url signup_login_by_email user_token key_token %}
send_mail(subject, t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def test_reset_password(self):
response = self.client.get(reverse('auth_password_reset'))
self.assertEquals(response.status_code, 200)
self.assertIn('Reset your password', response.content)
response = self.client.post(reverse('auth_password_reset'),
{'email': self.user.email}, follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('email with a link to reset your password', response.content)
pt = PasswordResetTokenGenerator()
token = pt.make_token(self.user)
uid = base64.b64encode(str(self.user.id)).strip('=')
response = self.client.get(reverse('auth_password_reset_confirm',
args=(uid, token)),
follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('Enter your new password below', response.content)
data = {
'new_password1': 'newpassword',
'new_password2': 'newpassword'
}
response = self.client.post(reverse('auth_password_reset_confirm', args=(uid, token)),
data, follow=True)
self.assertEquals(response.status_code, 200)
self.assertIn('Your password has been reset!', response.content)
result = self.client.login(username=self.user.username, password='******')
self.assertTrue(result)
#reset password
self.user.set_password('supersecret')
def test_timeout(self):
"""
The token is valid after n days, but no greater.
"""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'today'
class Mocked(PasswordResetTokenGenerator):
def __init__(self, today):
self._today_val = today
def _today(self):
return self._today_val
user = User.objects.create_user('tokentestuser', '*****@*****.**',
'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() +
timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
self.assertFalse(p2.check_token(user, tk1))
def test_django12_hash(self):
"""
Ensure we can use the hashes generated by Django 1.2
"""
# Hard code in the Django 1.2 algorithm (not the result, as it is time
# dependent)
def _make_token(user):
from django.utils.hashcompat import sha_constructor
from django.utils.http import int_to_base36
timestamp = (date.today() - date(2001, 1, 1)).days
ts_b36 = int_to_base36(timestamp)
hash = sha_constructor(
settings.SECRET_KEY
+ unicode(user.id)
+ user.password
+ user.last_login.strftime("%Y-%m-%d %H:%M:%S")
+ unicode(timestamp)
).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
user = User.objects.create_user("tokentestuser", "*****@*****.**", "testpw")
p0 = PasswordResetTokenGenerator()
tk1 = _make_token(user)
self.assertTrue(p0.check_token(user, tk1))
def _get_confirm_url(self, user):
token_maker = PasswordResetTokenGenerator()
token = token_maker.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.pk)) #same thing django does to generate uid
confirm_url = reverse('auth_password_reset_confirm',
kwargs={'token':token,
'uidb64':uid})
return confirm_url
def test_make_token(self):
"""
Ensure that we can make a token and that it is valid
"""
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertTrue(p0.check_token(user, tk1))
def test_PasswordResetConfirmView_valid_token(self):
# PasswordResetConfirmView valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(self.user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk)))
response = PasswordResetConfirmView.as_view(success_url='dummy/')(self.request, uidb64=uidb64, token=token)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
def form_valid(self, form):
"""
Register a new user.
"""
# Do not accept any valid form when registration is closed.
if not settings.REGISTRATION_POSSIBLE:
messages.error(self.request, _('I\'m sorry, but I can\'t let anyone register at the moment.'))
return redirect(reverse_lazy('login'))
# Create and save user
user = LilyUser.objects.create_user(
email=form.cleaned_data['email'],
password=form.cleaned_data['password'],
first_name=form.cleaned_data['first_name'],
preposition=form.cleaned_data['preposition'],
last_name=form.cleaned_data['last_name'],
)
user.is_active = False
user.save()
# Add to admin group
account_admin = Group.objects.get_or_create(name='account_admin')[0]
user.groups.add(account_admin)
# Get the current site
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
# Generate uidb36 and token for the activation link
uidb36 = int_to_base36(user.pk)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
# Send an activation mail
# TODO: only create/save contact when e-mail sent successfully
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'user': user,
'uidb36': uidb36,
'token': token,
}
)
# Show registration message
messages.success(
self.request,
_('Registration completed. I\'ve sent you an email, please check it to activate your account.')
)
return self.get_success_url()
def get_token(user):
#assert request.user.is_authenticated()
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
return token
def authenticate(self, user_token, key_token):
try:
token_generator=PasswordResetTokenGenerator()
user = get_object_or_404(User, pk=base36_to_int(user_token))
if token_generator.check_token( user, key_token) and user.is_active:
logger.debug("User: %s authenticated via token" % user.username)
return user
except User.DoesNotExist:
return None
def test_date_length(self):
"""
Overly long dates, which are a potential DoS vector, aren't allowed.
"""
user = User.objects.create_user('ima1337h4x0r', '*****@*****.**', 'p4ssw0rd')
p0 = PasswordResetTokenGenerator()
# This will put a 14-digit base36 timestamp into the token, which is too large.
with self.assertRaises(ValueError):
p0._make_token_with_timestamp(user, 175455491841851871349)
def test_date_length(self):
"""
Make sure we don't allow overly long dates, causing a potential DoS.
"""
user = User.objects.create_user('ima1337h4x0r', '*****@*****.**', 'p4ssw0rd')
p0 = PasswordResetTokenGenerator()
# This will put a 14-digit base36 timestamp into the token, which is too large.
tk1 = p0._make_token_with_timestamp(user, 175455491841851871349)
self.assertFalse(p0.check_token(user, tk1))
def test_PasswordResetConfirmView_valid_token(self):
# PasswordResetConfirmView valid token
client = PasswordResetConfirmClient()
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(self.user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(self.user.pk)))
url = reverse('password_reset_confirm', kwargs={'uidb64': uidb64, 'token': token})
response = client.get(url)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
def test_10265(self):
"""
The token generated for a user created in the same request
will work correctly.
"""
# See ticket #10265
user = User.objects.create_user('comebackkid', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
reload = User.objects.get(username='******')
tk2 = p0.make_token(reload)
self.assertEqual(tk1, tk2)
def send_reset_password_email(user, request):
token_generator = PasswordResetTokenGenerator()
temp_key = token_generator.make_token(user)
# send the password reset email
path = reverse('account_reset_password_from_key',
kwargs=dict(uidb36=int_to_base36(user.id),
key=temp_key))
url = request.build_absolute_uri(path)
context = {'password_reset_url': url}
subject = 'Reset your password'
send_mail('account/email/forget_password.html', subject, user.email, context)
def send_email_auth_token(request, user, new_user=False):
token_generator = PasswordResetTokenGenerator()
t = loader.get_template('signup/email_auth_form.html')
c = {
'email': user.email,
'host': request.get_host(),
'user_token': int_to_base36(user.id),
'user': user,
'key_token': token_generator.make_token(user),
'new_user' : new_user,
}
send_mail(_("New Login token for %s") % request.get_host(), t.render(Context(c)), settings.EMAIL_HOST_USER, [user.email])
def generate_password_reset_url(user_profile: UserProfile,
token_generator: PasswordResetTokenGenerator) -> str:
token = token_generator.make_token(user_profile)
uid = urlsafe_base64_encode(force_bytes(user_profile.id)).decode('ascii')
endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
return "{}{}".format(user_profile.realm.uri, endpoint)
def generate_token(request):
username_or_email = request.POST.get('username_or_email')
#Check to see if we can find a valid user
try:
empous_user = User.objects.get(Q(username__iexact=username_or_email)|Q(email__iexact=username_or_email))
token_gen = PasswordResetTokenGenerator()
reset_token = token_gen.make_token(empous_user)
reset_message = "A password reset token has been requested for your account. Your token is : %s" % reset_token
email = EmailMessage("Empous: Password Reset Token", reset_message, to=[empous_user.email], from_email="*****@*****.**")
email.send()
return HttpResponse(json.dumps({'response_message':'A token has been emailed to "%s"' % empous_user.email}), mimetype='application/json')
except User.DoesNotExist:
return HttpResponse(json.dumps({'response_message':'Could not find an empous user with a username or email of "%s"' % username_or_email}), mimetype='application/json')
def reset_password(request):
token = request.POST.get('token')
username_or_email = request.POST.get('username_or_email')
password = request.POST.get('password')
try:
empous_user = User.objects.get(Q(username__iexact=username_or_email)|Q(email__iexact=username_or_email))
token_gen = PasswordResetTokenGenerator()
if token_gen.check_token(empous_user, token):
empous_user.set_password(password)
empous_user.save()
return HttpResponse(json.dumps(StatusCodes.SUCCESS), mimetype='application/json')
else:
return HttpResponse(json.dumps(StatusCodes.TOKEN_INVALID), mimetype='application/json')
except User.DoesNotExist:
return HttpResponse(json.dumps(StatusCodes.USER_DOESNT_EXIST), mimetype='application/json')
def edit(request, key=None):
member = get_object_or_404(Member, key=key)
if "token" in request.REQUEST:
token = request.REQUEST["token"]
token_gen = PasswordResetTokenGenerator()
if token_gen.check_token(member, token):
member.backend = (
"django.contrib.auth.backends.ModelBackend"
) # from: http://stackoverflow.com/questions/2787650/manually-logging-in-a-user-without-password
login(request, member)
return HttpResponseRedirect(reverse(edit, kwargs={"key": member.key}))
if request.method == "POST":
form = MemberForm(request.POST, instance=member)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse(edit, kwargs={"key": member.key}))
form = MemberForm(instance=member)
return render(request, "members/form.html", {"member": member, "form": form})
def form_valid(self, form):
"""
If ResendActivationForm passed the validation, generate new token and send an e-mail.
"""
token_generator = PasswordResetTokenGenerator()
users = LilyUser.objects.filter(
email__iexact=form.cleaned_data['email']
)
# Get the current site or empty string
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
for user in users:
# Generate uidb36 and token for the activation link
uidb36 = int_to_base36(user.pk)
token = token_generator.make_token(user)
# E-mail to the user
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'user': user,
'uidb36': uidb36,
'token': token,
}
)
# Show registration message
messages.success(
self.request,
_('Reactivation successful. I\'ve sent you an email, please check it to activate your account.')
)
# Redirect to success url
return self.get_success_url()
def test_timeout(self, password_reset_timeout_days=3):
"""
Ensure we can use the token after n days, but no greater.
"""
# Uses a mocked version of PasswordResetTokenGenerator so we can change
# the value of 'today'
class Mocked(PasswordResetTokenGenerator):
def __init__(self, today):
self._today_val = today
def _today(self):
return self._today_val
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
p1 = Mocked(date.today() + timedelta(password_reset_timeout_days))
self.assertTrue(p1.check_token(user, tk1))
p2 = Mocked(date.today() + timedelta(password_reset_timeout_days + 1))
self.assertFalse(p2.check_token(user, tk1))
class ActivationResendView(FormView):
"""
This view is used by an user to request a new activation e-mail.
"""
template_name = 'users/activation_resend_form.html'
form_class = ResendActivationForm
def form_valid(self, form):
"""
If ResendActivationForm passed the validation, generate new token and send an e-mail.
"""
self.TGen = PasswordResetTokenGenerator()
self.users = CustomUser.objects.filter(
contact__email_addresses__email_address__iexact=form.cleaned_data['email'],
contact__email_addresses__is_primary=True
)
# Get the current site or empty string
try:
self.current_site = Site.objects.get_current()
except Site.DoesNotExist:
self.current_site = ''
for user in self.users:
# Generate uidb36 and token for the activation link
self.uidb36 = int_to_base36(user.pk)
self.token = self.TGen.make_token(user)
# E-mail to the user
send_templated_mail(
template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site': self.current_site,
'protocol': self.request.is_secure() and 'https' or 'http',
'full_name': " ".join([user.contact.first_name, user.contact.preposition, user.contact.last_name]),
'user': user,
'uidb36': self.uidb36,
'token': self.token,
}
)
# Show registration message
messages.success(self.request, _('Reactivation success. Check your <nobr>e-mail</nobr> to activate your account.'))
# Redirect to success url
return self.get_success_url()
def get_success_url(self):
"""
Redirect to the success url.
"""
return redirect(reverse_lazy('login'))
def test_titles(self):
rf = RequestFactory()
user = User.objects.create_user('jsmith', '*****@*****.**', 'pass')
user = authenticate(username=user.username, password='******')
request = rf.get('/somepath/')
request.user = user
response = PasswordResetView.as_view(success_url='dummy/')(request)
self.assertContains(response, '<title>Password reset</title>')
self.assertContains(response, '<h1>Password reset</h1>')
response = PasswordResetDoneView.as_view()(request)
self.assertContains(response, '<title>Password reset sent</title>')
self.assertContains(response, '<h1>Password reset sent</h1>')
# PasswordResetConfirmView invalid token
response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64='Bad', token='Bad')
self.assertContains(response, '<title>Password reset unsuccessful</title>')
self.assertContains(response, '<h1>Password reset unsuccessful</h1>')
# PasswordResetConfirmView valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
response = PasswordResetConfirmView.as_view(success_url='dummy/')(request, uidb64=uidb64, token=token)
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
response = PasswordResetCompleteView.as_view()(request)
self.assertContains(response, '<title>Password reset complete</title>')
self.assertContains(response, '<h1>Password reset complete</h1>')
response = PasswordChangeView.as_view(success_url='dummy/')(request)
self.assertContains(response, '<title>Password change</title>')
self.assertContains(response, '<h1>Password change</h1>')
response = PasswordChangeDoneView.as_view()(request)
self.assertContains(response, '<title>Password change successful</title>')
self.assertContains(response, '<h1>Password change successful</h1>')
def user_password_retrieve(request):
username = request.GET['username_forgot']
u = User.objects.get(email = username)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(u)
u.set_password(token)
u.save()
msg = MIMEMultipart()
msg['Subject'] = 'Mail from the MicrobesFlux -- Password reset'
msg['From'] = '*****@*****.**'
msg['To'] = username
msg.preamble = 'Reset your password'
fromaddr = "*****@*****.**"
toaddrs = [username, ]
content = MIMEText("Dear MicrobesFlux User: we have changed your password to " + token + ". -- MicrobesFlux")
msg.attach(content)
server = smtplib.SMTP('localhost')
server.sendmail(fromaddr, toaddrs, msg.as_string())
server.quit()
return HttpResponse(content = """New Email sent!""", status = 200, content_type = "text/html")
def test_titles(self):
rf = RequestFactory()
user = User.objects.create_user('jsmith', '*****@*****.**', 'pass')
user = authenticate(username=user.username, password='******')
request = rf.get('/somepath/')
request.user = user
response = password_reset(request, post_reset_redirect='dummy/')
self.assertContains(response, '<title>Password reset</title>')
self.assertContains(response, '<h1>Password reset</h1>')
response = password_reset_done(request)
self.assertContains(response, '<title>Password reset successful</title>')
self.assertContains(response, '<h1>Password reset successful</h1>')
# password_reset_confirm invalid token
response = password_reset_confirm(request, uidb64='Bad', token='Bad', post_reset_redirect='dummy/')
self.assertContains(response, '<title>Password reset unsuccessful</title>')
self.assertContains(response, '<h1>Password reset unsuccessful</h1>')
# password_reset_confirm valid token
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/')
self.assertContains(response, '<title>Enter new password</title>')
self.assertContains(response, '<h1>Enter new password</h1>')
response = password_reset_complete(request)
self.assertContains(response, '<title>Password reset complete</title>')
self.assertContains(response, '<h1>Password reset complete</h1>')
response = password_change(request, post_change_redirect='dummy/')
self.assertContains(response, '<title>Password change</title>')
self.assertContains(response, '<h1>Password change</h1>')
response = password_change_done(request)
self.assertContains(response, '<title>Password change successful</title>')
self.assertContains(response, '<h1>Password change successful</h1>')
def send_activation_email(request, user):
b64uid = urlsafe_base64_encode(str(user.id))
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
if user.is_active:
raise Exception('Will not send activation key to active user')
send_mail(
'Activate your Editors\' Notes account',
'This email was used to create an account at {site_url}.\n\n'
'To activate your account, visit the following link:\n\n'
'\t{activation_url}\n\n'
'If you did not request an account, please ignore this email.'.format(
site_url=request.build_absolute_uri('/'),
activation_url=request.build_absolute_uri(
reverse('auth:activate_account', args=[b64uid, token])
),
activation_token=token),
settings.SERVER_EMAIL,
[user.email]
)
def test_token_with_different_secret(self):
"""
A valid token can be created with a secret other than SECRET_KEY by
using the PasswordResetTokenGenerator.secret attribute.
"""
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
new_secret = 'abcdefghijkl'
# Create and check a token with a different secret.
p0 = PasswordResetTokenGenerator()
p0.secret = new_secret
tk0 = p0.make_token(user)
self.assertTrue(p0.check_token(user, tk0))
# Create and check a token with the default secret.
p1 = PasswordResetTokenGenerator()
self.assertEqual(p1.secret, settings.SECRET_KEY)
self.assertNotEqual(p1.secret, new_secret)
tk1 = p1.make_token(user)
# Tokens created with a different secret don't validate.
self.assertFalse(p0.check_token(user, tk1))
self.assertFalse(p1.check_token(user, tk0))
def get(self, request, uid64, token):
try:
id = smart_str(urlsafe_base64_decode(uid64))
user = User.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
return Response(
{'error': 'Token is not valid, please request a new one'},
status=status.HTTP_401_UNAUTHORIZED)
return Response(
{
'success': True,
'message': 'Credentials Valid',
'uid64': uid64,
'token': token
},
status=status.HTTP_200_OK)
except DjangoUnicodeDecodeError as err:
return Response(
{'error': 'Token is not valid, please request a new one'},
status=status.HTTP_401_UNAUTHORIZED)
def send_activation_code(user: CustomUser) -> None:
with open(configs.resolve('accounts.registration.activation.template'),
'r',
encoding='utf-8') as file:
template = Template(file.read())
try:
send_mail(
configs.resolve('accounts.registration.activation.subject'),
template.render(
Context({
'api': 'UWKGM',
'code': PasswordResetTokenGenerator().make_token(user),
'user': user.get_full_name()
})), '%s' % configs.resolve('accounts.registration.email'),
[user.email])
except SMTPException as error:
raise APIException(
_('An error occurred while sending an activation code: %s' %
str(error)))
def post(self, request):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
email = request.data.get('email', '')
if User.objects.filter(email=email).exists():
user = User.objects.get(email=email)
uidb64 = urlsafe_base64_encode(smart_bytes(user.id))
token = PasswordResetTokenGenerator().make_token(user)
absurl = config(
'FRONTEND_URL') + '/password_reset/' + uidb64 + '/' + token
email_body = 'Hello, \n Use link below to reset your password \n' + absurl
data = {
'email_body': email_body,
'to_email': [user.email],
'email_subject': 'Reset your passsword'
}
Util.send_email(data)
return Response(
{'success': 'We have sent you a link to reset your password'},
status=status.HTTP_200_OK)
def get(self, request, uidb64, token):
context = {'uidb64': uidb64, 'token': token}
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=user_id)
if not PasswordResetTokenGenerator().check_token(user, token):
# import pdb ; pdb.set_trace()
messages.info(
request,
'Password reset reset link is invalid. Please request for new one.'
)
return render(request, 'auth/set-password.html', context)
except Exception as identifier:
messages.info(request, 'Something went wrong, please try again.')
return render(request, 'auth/set-password.html', context)
return render(request, 'auth/set-password.html', context)
def validate(self, attrs):
try:
password = attrs.get('password')
token = attrs.get('token')
uidb64 = attrs.get('uidb64')
id = force_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
raise AuthenticationFailed('The reset link is invalid', 401)
user.set_password(password)
user.save()
return user
except Exception as e:
raise AuthenticationFailed('The reset link is invalid', 401)
def validate(self, attrs):
email = attrs.get('email', '')
if not email:
raise serializers.ValidationError('Email is required')
try:
user = User.objects.get(email=email)
except Exception as e:
print('Error >> ', e)
raise serializers.ValidationError('This user does not exists')
token = PasswordResetTokenGenerator().make_token(user)
data = {
'email': user.email,
'token': token,
}
return data
def reset_password_link(request, base64_id, token):
if request.method == "POST":
uid = force_text(urlsafe_base64_decode(base64_id))
user = get_user_model().objects.get(pk=uid)
if not user or not PasswordResetTokenGenerator().check_token(
user, token):
return HttpResponse("This is invalid!")
form = ResetPasswordForm(request.POST)
if form.is_valid():
form.save(uid)
return redirect("user:login")
else:
return HttpResponse("Invalid")
else:
form = ResetPasswordForm()
return render(request=request,
template_name="reset.html",
context={"form": form})
def validate(self, attrs):
try:
password = attrs.get('password')
token = attrs.get('token')
uidb64 = attrs.get('uidb64')
uid = force_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=uid)
if not PasswordResetTokenGenerator().check_token(user, token):
raise AuthenticationFailed(
'The link is invalid,please request a new one', 401)
user.set_password(password)
user.save()
return (user)
except DjangoUnicodeDecodeError as identifier:
raise serializers.ValidationError(
ValidationError({'token': 'invalid token'}))
return super().validate(attrs)
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
token = self.kwargs.get('token')
user = self.get_object()
if not PasswordResetTokenGenerator.check_token(default_token_generator,
user, token):
return Response({
'data': MESSAGE_CONSTANTS["INVALID_TOKEN"],
'status': status.HTTP_400_BAD_REQUEST
})
user.set_password(password)
user.save()
return Response({
'data': MESSAGE_CONSTANTS["PASSWORD_SET"],
'status': status.HTTP_200_OK
})
def activate_account(request, uid, token):
try:
uid = force_text(urlsafe_base64_decode(uid))
logger.debug("uid: %s" % uid)
user = User.objects.get(pk=uid)
check_token = PasswordResetTokenGenerator().check_token(user, token)
logger.debug("check_token: %s" % check_token)
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
check_token = False
if user is not None and check_token:
profile = get_object_or_404(Profile, user=user)
profile.email_confirmed = True
profile.save()
login(request, user)
template = "profiles/account_activate_complete.html"
context = {}
return render(request, template, context)
else:
return HttpResponse('Activation link is invalid!')
def post(self, request):
serializer = self.serializer_class(data=request.data)
email = request.data['email']
if User.objects.filter(email=email).exists():
user = User.objects.get(email=email)
uidb64 = urlsafe_base64_encode(smart_bytes(user.id))
token = PasswordResetTokenGenerator().make_token(user)
current_site = get_current_site(request=request).domain
relative_link = reverse('password-reset-confirm', kwargs={'uidb64': uidb64, 'token': token})
absolute_url = 'http://' + current_site + relative_link
email_body = 'Hello, \n Use link below to reset your password \n' + absolute_url
data = {
'email_body': email_body,
'to_email': user.email,
'email_subject': 'Reset your password'
}
Util.send_email(data)
return Response({'success': 'We have sent you a link to reset your password'}, status=status.HTTP_200_OK)
def send_reset_password_email(request, email):
user = get_user_model().objects.get(email=email)
host_name = request.get_host()
base_url = host_name + "/user/reset_password/"
if str(host_name).startswith("127.0.0.1"):
base_url = "http://" + base_url
else:
base_url = "https://" + base_url
c = {
"base_url": base_url,
"uid": urlsafe_base64_encode(force_bytes(user.pk)),
"token": PasswordResetTokenGenerator().make_token(user),
}
htmltemp = template.loader.get_template("reset_password_template.html")
html_content = htmltemp.render(c)
email_subject = "Reset Your DineLine Password!"
logger.info("Send email to: %s", user.email)
email = EmailMultiAlternatives(email_subject, to=[user.email])
email.attach_alternative(html_content, "text/html")
return email.send()
def validate(self, attrs):
try:
password = self.initial_data['password']
token = self.initial_data['token']
uidb64 = self.initial_data['uidb64']
id = force_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
raise exceptions.AuthenticationFailed(
'Invalid reset password link.', 401)
user.set_password(password)
user.save()
return (user)
except Exception:
raise exceptions.AuthenticationFailed(
'Invalid reset password link.', 401)
return super().validate(attrs)
def sendPasswordResetEmail(user_email):
if not UserExistsByEmail(user_email):
return False
user = User.objects.get(email=user_email)
context = {
'user': user,
'domain': getOption('site_url'),
'uid': urlsafe_base64_encode(force_bytes(user.pk)).decode(),
'token': PasswordResetTokenGenerator().make_token(user),
'protocol': 'http'
}
subject = "Reset your Password"
if send_mail(subject, user.email, 'accounts/email/forgot-password',
context):
return True
else:
return False
def get(self, request, uidb64, token):
try:
id = smart_str(urlsafe_base64_decode(uidb64))
user = CustomUser.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
return Response(
{'error', 'invalid token, kindly request a new one'})
return Response({
"success": True,
"message": "Credential valid",
"uidb64": uidb64,
"token": token
})
except DjangoUnicodeDecodeError as e:
return Response(
{'error', 'altered token, kindly request a new one'})
def get(self, request, uidb64, token):
context = {'uidb64': uidb64, 'token': token}
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=user_id)
if not PasswordResetTokenGenerator().check_token(user, token):
messages.error(
request,
'Password reset link is invalid. Please request a new one.'
)
return render(request, 'auth/request-reset-email.html')
except DjangoUnicodeDecodeError:
messages.success(request, 'Invalid link.')
return render(request, 'auth/request-reset-email.html')
return render(request, 'auth/set-new-password.html', context)
def get(self, request, uidb64, token):
try:
id = smart_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
raise Exception('El token no es correcto')
return Response({
'success': 'Token correcto'
}, status=status.HTTP_200_OK)
except DjangoUnicodeDecodeError as error:
return Response({
'error': 'El token es incorrecto'
}, status=status.HTTP_401_UNAUTHORIZED)
except Exception as error:
return Response({
'error': 'El token es incorrecto'
}, status=status.HTTP_401_UNAUTHORIZED)
def get(self, request, uidb64, token):
context = {'uidb64': uidb64, 'token': token}
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=user_id)
if not PasswordResetTokenGenerator().check_token(user, token):
messages.info(
request,
"Password link is expired, please request a new one")
return render(request, 'reset-password.html')
except Exception as identifier:
pass
return render(request, "set-new-password.html", context)
def get(self, request, uidb64, token):
context = {'uidb64': uidb64, 'token': token}
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=user_id)
if not PasswordResetTokenGenerator().check_token(user, token):
messages.info(
request,
'Password reset link, is invalid, please request a new one'
)
return render(request, 'small_change_password_form.html')
except DjangoUnicodeDecodeError as identifier:
messages.success(request, 'Invalid link')
return render(request, 'small_change_password_form.html')
return render(request, 'mail/reset_pass.html', context)
def send_verification_secondary_email(request, email):
host_name = request.get_host()
base_url = host_name + "/user/email/verification/"
if str(host_name).startswith("127.0.0.1"):
base_url = "http://" + base_url
else:
base_url = "https://" + base_url
c = {
"base_url": base_url,
"uid": urlsafe_base64_encode(force_bytes(request.user.pk)),
"encoded_email": urlsafe_base64_encode(force_bytes(email)),
"token": PasswordResetTokenGenerator().make_token(request.user),
}
htmltemp = template.loader.get_template("verify_email_template.html")
html_content = htmltemp.render(c)
email_subject = "Verify your email!"
email = EmailMultiAlternatives(email_subject, to=[email])
email.attach_alternative(html_content, "text/html")
return email.send()
def activate_account(request, uidb64, token):
try:
user_id = force_text(urlsafe_base64_decode(uidb64))
messages.success(request, 'Your account has been activated')
user = User.objects.get(pk=user_id)
user.is_active = True
user.save()
if not PasswordResetTokenGenerator().check_token(user, token):
messages.info(
request, 'Password reset link, is invalid, please request a new one')
return render(request, 'mail/register.html')
return redirect('login')
except DjangoUnicodeDecodeError as identifier:
messages.success(
request, 'Invalid link')
return render(request, 'mail/reset_mail.html')
def validate(self, attrs):
try:
password = attrs.get('password')
token = attrs.get('token')
uidb64 = attrs.get('uidb64')
id = force_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(id=id)
if not PasswordResetTokenGenerator().check_token(user, token):
raise AuthenticationFailed(
'El enlace de restablecimiento no es válido', 401)
user.set_password(password)
user.save()
return (user)
except Exception as e:
raise AuthenticationFailed(
'El enlace de restablecimiento no es válido', 401)
return super().validate(attrs)
def get(self, request, uidb64, token):
try:
id = smart_str(urlsafe_base64_decode(uidb64))
user = User.objects.get(id=id)
if PasswordResetTokenGenerator().check_token(user, token):
return Response({'error': 'Token not valid'},
status=status.HTTP_400_BAD_REQUEST)
return Response({
'success': True,
'message': 'credentials valid',
'uidb64': uidb64,
'token': token,
'status': status.HTTP_200_OK
})
except:
return Response({'error': 'Token is invalid'},
status=status.status.HTTP_400_BAD_REQUEST)
def post(self, request):
email = request.POST['email']
context = {'values': request.POST}
if not validate_email(email):
messages.error(request, "Please enter a valid email.")
return render(request, 'authentication/reset-password.html',
context)
current_site = get_current_site(request)
user = User.objects.filter(email=email)
if user.exists():
email_contests = {
'user': user[0],
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user[0].pk)),
'token': PasswordResetTokenGenerator().make_token(user[0]),
}
link = reverse('reset-user-password',
kwargs={
'uidb64': email_contests['uid'],
'token': email_contests['token']
})
email_subject = 'Password reset'
reset_url = 'http://' + current_site.domain + link
email = EmailMessage(
email_subject,
'Please the link below to reset your password \n' + reset_url,
'*****@*****.**',
[email],
)
EmailThread(email).start()
messages.success(request, "An email has been sent to your account.")
return render(request, 'authentication/reset-password.html')
def post(self, request):
email = request.POST['email']
data = {
'values': request.POST
}
if not validate_email(email):
messages.error(request, 'Please supply a valid email')
return render(request, 'authentication/reset_password.html')
user = User.objects.filter(email=email)
if not user.exists():
messages.error(request, 'User email does not exist')
return render(request, 'authentication/reset_password.html')
else:
email_content = {
'user': user[0],
'domain': get_current_site(request).domain,
'uid': urlsafe_base64_encode(force_bytes(user[0].pk)),
'token': PasswordResetTokenGenerator().make_token(user[0])
}
link = reverse('reset-user-password', kwargs={'uidb64': email_content['uid'],
'token': email_content['token']})
# - relative url to verification
reset_url = 'http://' + get_current_site(request).domain + link
email_subject = 'Password reset link'
email_body = 'Hi click the link below to reset password\n' + reset_url
email = EmailMessage(
email_subject,
email_body,
'*****@*****.**',
[email],
)
EmailThreading(email).start()
messages.success(request, 'Reset link sent successfully')
return render(request, 'authentication/reset_password.html', data)
def form_valid(self, form):
cleaned_data = form.cleaned_data
# profile_image = request.FILES['profile_image']
# if profile_image.name.endswith(".jpeg") or profile_image.name.endswith(
# '.jpg') or profile_image.name.endswith(".png"):
# fs = FileSystemStorage()
# filename = fs.save(profile_image.name, profile_image)
# print("File name is", filename)
new_user = User(first_name=cleaned_data['first_name'],
last_name=cleaned_data['last_name'],
email=cleaned_data['email'],
username=cleaned_data['username'],
is_active=False)
print("User is", new_user)
new_user.save()
new_user.set_password(cleaned_data['password1'])
new_user.save()
current_site = get_current_site(self.request)
subject = 'Activate Your Asmit Blogs Account'
message = render_to_string(
'Accounts/account_activation_email.html', {
'user':
new_user,
'domain':
current_site.domain,
'uid':
urlsafe_base64_encode(force_bytes(new_user.pk)),
'token':
PasswordResetTokenGenerator.make_token(
self=account_activation_token, user=new_user),
})
send_mail(subject,
message,
EMAIL_HOST_USER, [new_user.email],
fail_silently=False)
messages.success(
self.request,
'Please Confirm your email to complete registration.')
return redirect('account:login')
def post(self, request):
domain = request.META.get('HTTP_ORIGIN',
get_current_site(request).domain)
serializer = self.serializer_class(data=request.data)
serializer.is_valid(raise_exception=True)
try:
user = User.objects.filter(email=request.data['email'])
if not user:
raise serializers.ValidationError({
"email":
["No records correspondingly this user were found"]
})
uidb64 = urlsafe_base64_encode(smart_bytes(user[0].id))
token = PasswordResetTokenGenerator().make_token(user[0])
message = [
request,
reverse('authentication:setnewpassword',
kwargs={
"uidb64": uidb64,
"token": token
}), "Reset Password", "Reset Password",
request.data['email']
]
Utilities.send_email(message, domain, 'password_reset')
return Response(
{
"message":
"Please check your email for the reset password link."
},
status=status.HTTP_200_OK)
except KeyError:
return Response(
{
"errors": {
"email": ["Email is required to reset a password"]
}
},
status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
email = request.POST['email']
context = {'values': request.POST}
if not validate_email(email):
messages.error(request, 'Please enter a valid email')
return render(request, 'authentication/reset-password.html',
context)
current_site = get_current_site(request)
user = User.objects.filter(email=email)
if user.exists():
email_contents = {
'user': user[0],
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user[0].pk)),
'token': PasswordResetTokenGenerator().make_token(user[0]),
}
link = reverse('reset-user-password',
kwargs={
'uidb64': email_contents['uid'],
'token': email_contents['token']
})
email_subject = 'Password Reset'
reset_url = 'http://' + current_site.domain + link
email = EmailMessage(
email_subject,
'Hi there, Please use this link to reset your password\n' +
reset_url,
'*****@*****.**',
[email],
)
email.send(fail_silently=False)
messages.success(request,
'We have sent you an email to reset your password')
return render(request, 'authentication/reset-password.html')
def post(self, request):
serializer = self.serializer_class(data=request.data)
email = request.data.get('email', '')
print(email)
# if user exist we are creating a unique token using tokengenerator
if User.objects.filter(email=email).exists():
user = User.objects.get(email=email)
uidb64 = urlsafe_base64_encode(smart_bytes(user.id))
token = PasswordResetTokenGenerator().make_token(user)
return Response(
{
"message": "Forget email sent successfully",
"forget_pin": token,
"status": 1,
},
status=status.HTTP_200_OK)
return Response({
'failure': 'email not found',
"status": 0,
})
def post(self, request):
email = request.POST['email']
context = {
'values':request.POST
}
if not validate_email(email):
messages.error(request, "Please enter valid email")
return render(request, 'authentication/reset-password.html')
email_subject = "Reset Account Password"
user = User.objects.filter(email=email)
uidb64 = urlsafe_base64_encode(force_bytes(user.pk))
if user.exists():
domain = get_current_site(request).domain
link = reverse('reset-user-password', kwargs={'uidb64':uidb64, 'token': PasswordResetTokenGenerator().make_token(user)})
reset_url = 'http://'+domain+link
email_content = "Hi " + user.username + " Please use the link to reset your password \n "+reset_url
send_mail(email_subject,email_content, settings.EMAIL_HOST_USER, [email], fail_silently=False)
print(email)
messages.success(request, "Reset email sent")
return render(request, 'authentication/reset-password.html')
