def test_password_reset(self):
data = {'username': '******', 'password': '******'}
default_token_generator = PasswordResetTokenGenerator()
user = User.objects.create_user('antonio', '*****@*****.**', 'aquiTodoelDia1234')
token = default_token_generator.make_token(user)
uid = urlsafe_base64_encode(str(user.pk).encode()).decode()
from django.contrib.auth.tokens import PasswordResetTokenGenerator
# from django.utils import six
import six
class AccountActivationTokenGenerator(PasswordResetTokenGenerator):
def _make_hash_value(self, user, timestamp):
return (six.text_type(user.pk) +
six.text_type(timestamp)) + six.text_type(user.is_active)
account_activation_token = AccountActivationTokenGenerator()
password_reset_token = PasswordResetTokenGenerator()
def get_token_for_password_reset(user):
return "{}::{}".format(encode_uuid_to_base64(user.pk),
PasswordResetTokenGenerator().make_token(user))
from django.contrib.auth.tokens import PasswordResetTokenGenerator account_activation_token = PasswordResetTokenGenerator()
def test_make_token(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertIs(p0.check_token(user, tk1), True)
def validate(self, attrs):
try:
token = attrs.get('token')
uidb64 = attrs.get('uidb64')
uid = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(pk=uid)
profile = user.userAssociated.all().first()
if not PasswordResetTokenGenerator().check_token(user, token):
raise AuthenticationFailed('Reset link is valid', 401)
deleted_suffix = ''.join(
random.choices(string.ascii_uppercase + string.digits, k=4))
deleted_suffix = deleted_suffix.join(
random.choices(string.ascii_lowercase, k=2))
deleted_suffix += str(user.pk)
sent_requests = FriendRequest.objects.filter(sender=profile)
received_requests = FriendRequest.objects.filter(receiver=profile)
friends_id = []
for req in sent_requests:
friends_id.append(req.pk)
for req in received_requests:
friends_id.append(req.pk)
try:
request_url = CustomConstants.NODE_SERVER_DOMAIN + 'user/friendship'
node_response = requests.post(
request_url,
headers={
'x-auth-server': CustomConstants.NODE_ADMIN_TOKEN,
'Content-Type': "application/json",
},
json={
'user': profile.pk,
'friends': friends_id
})
node_response.raise_for_status()
except Exception as e:
response = {
'message': 'Account deletion failed !!',
'error': str(e),
'status': HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
sent_requests.delete()
received_requests.delete()
user.username = '******'.format(deleted_suffix)
user.status = 'Deleted'
user.save()
user.refresh_from_db()
try:
current_site = CustomConstants.EMAIL_DOMAIN
if profile.avatar:
profile_url = profile.avatar.url
else:
profile_url = ''
request_url = CustomConstants.NODE_SERVER_DOMAIN + 'user/'
node_response = requests.post(
request_url,
headers={
'x-auth-server': CustomConstants.NODE_ADMIN_TOKEN,
'Content-Type': "application/json",
},
json={
'userID': profile.pk,
'fullname': profile.full_name,
'username': user.username,
'profileURL': profile_url
})
except Exception as e:
response = {
'message': 'User deletion failed on Node server.',
'error': str(e),
'status': HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
token = Token.objects.get(user=user).delete()
return super().validate(attrs)
except Exception as e:
raise ValidationError(str(e))
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.contrib.sites.shortcuts import get_current_site
from django.shortcuts import render, redirect,get_object_or_404
from django.utils.encoding import force_text,force_bytes
from django.template.loader import render_to_string
from django.urls import reverse
from django.utils.http import urlsafe_base64_encode,urlsafe_base64_decode
from django.views.generic import FormView
from .forms import ChangePassword,RegisterForm,LoginForm, ChangeForm
from .models import User, QA
from .mixins import HandleAjaxMixin
from .utils import crypt, get_key
# from .tokens import acount_confirm_token
from django.contrib.auth.tokens import PasswordResetTokenGenerator
acount_confirm_token = PasswordResetTokenGenerator()
# Create your views here.
# def activate_email(request, uidb64, token):
# try:
# uid=force_text(urlsafe_base64_decode(uidb64))
# user=User.objects.get(pk=uid)
# except (TypeError, ValueError, OverflowError, User.DoesNotExist):
# user=None
# if user!=None and acount_confirm_token.check_token(user,token):
# user.active=True
# user.confirmed_email=True
# user.save()
# login(request,user)
# messages.success(request,f'{user.name}, your account is now activated successfully, you can now shorten your links')
# return redirect('dash')
# else:
def token_generator(self):
return PasswordResetTokenGenerator()
def signup(request):
global search_str
if request.method == "POST":
req_eml = request.POST.get('email')
all_eml = EmailAddress.objects.all()
all_usr = User.objects.all()
req_usr = request.POST.get('username')
for em in all_eml:
if str(em) == str(req_eml):
messages.error(request, f'Email already exists.')
return render(request, 'personal/signup.html',
{"search_str": search_str})
for us in all_usr:
if str(us) == str(req_usr):
messages.error(request, f'Username already exists.')
return render(request, 'personal/signup.html',
{"search_str": search_str})
form = UserCreationForm(request.POST)
print(form.is_valid())
if form.is_valid():
# instance=Blog(request.POST.get('User_Name'),request.POST.get('Email'),
# request.POST.get('Phone_Number'),request.POST.get('Password'))
# instance.save()
instance = form.save(commit=False)
instance.save()
# print(request.user)
usr = User.objects.get(username=request.POST.get('username'))
# print(usr.username)
# for email verification
usr.is_active = False
usr.save()
current_domain = get_current_site(request)
email_subject = "Account activation"
ttoken = PasswordResetTokenGenerator()
message = render_to_string(
'personal/activate.html', {
'user': usr,
'domain': current_domain,
'uid': urlsafe_base64_encode(force_bytes(usr.pk)),
'token': ttoken.make_token(usr)
})
email_message = EmailMessage(email_subject, message,
settings.EMAIL_HOST_USER, [usr.email])
email_message.send()
#################################
# form2 = UserSignupForm(request.POST)
# print(form2.is_valid())
# if form2.is_valid():
# form2.save() # this is for blog model
username = request.POST.get('username')
# messages.success(request, f'Account created for {username}!')
return redirect('verification')
# form.save()
# after login flow comes here
# print("Here")
# # for extracting information from request object request.POST.get("name") here "name" is key which is mentioned
# # in input field of form
# print(request.POST.get("name"))
# print(request.POST.get("pass"))
# print(request.POST.get("eml")+"last")
# data = []
# data.append(request.POST.get("name"))
# data.append(request.POST.get("eml"))
# data.append(request.POST.get("pass"))
# # models.database(data)
# usr = models.User2(User_Name=data[0], Email=data[1], Password=data[2])
# # print(usr)
# usr.save()
messages.error(request,
f'Sorry, Something went wrong, try again later.')
return render(request, 'personal/signup.html', {"search_str": search_str})
def register_profile(request):
if request.method == "GET":
template = "profiles/register.html"
form = AcademiaUserCreationForm
context = {"form": form}
return render(request, template, context)
elif request.method == "POST":
form = AcademiaUserCreationForm(request.POST)
if form.is_valid():
new_user = form.save()
logger.info("new_user: %s" % new_user.username)
# Crear perfil de usuario
new_profile = Profile.objects.create(user=new_user)
logger.info("new_profile: %s" % new_profile)
# Crear Accepted Cryptos por default
bitcoin, created = CryptoCurrency.objects.get_or_create(
name="Bitcoin", code="BTC")
ether, created = CryptoCurrency.objects.get_or_create(name="Ether",
code="ETH")
monero, created = CryptoCurrency.objects.get_or_create(
name="Monero", code="XMR")
user_bitcoin = AcceptedCrypto.objects.create(user=new_user,
crypto=bitcoin)
user_ether = AcceptedCrypto.objects.create(user=new_user,
crypto=ether)
user_monero = AcceptedCrypto.objects.create(user=new_user,
crypto=monero)
logger.info("user_bitcoin: %s" % user_bitcoin)
logger.info("user_ether: %s" % user_ether)
logger.info("user_monero: %s" % user_monero)
login(request, new_user)
# Enviar email de confirmacion
activation_token = PasswordResetTokenGenerator().make_token(
new_user)
logger.info("activation_token: %s" % activation_token)
current_site = get_current_site(request)
uid = urlsafe_base64_encode(force_bytes(new_user.pk))
logger.info("uid: %s" % uid)
message = render_to_string(
'profiles/email_confirm_account.html', {
'username': new_user.username,
'uid': uid,
'token': activation_token,
'domain': current_site
})
user_email = form.cleaned_data.get('email')
send_email_message(subject="Activa tu cuenta",
message=message,
receiver_email=user_email)
logger.debug("current_site: %s" % current_site)
logger.debug("uid: %s" % uid)
logger.debug("activation_token: %s" % activation_token)
template = "profiles/profile_data.html"
context = {'new_profile': new_profile}
return render(request, template, context)
else:
template = "profiles/register.html"
context = {"form": form}
return render(request, template, context)
def post(self, request, *args, **kwargs):
user = self.request.user
if user.status in ["Blocked", "Deactivated"]:
response = {
"message": "Account Deletion Failed!!",
"error": "User's account must be active for deletion",
"status": HTTP_401_UNAUTHORIZED
}
return Response(response, status=HTTP_401_UNAUTHORIZED)
if user.status == "Deleted":
response = {
"message": "Account Deletion Failed!!",
"error": "Your social account is already deleted",
"status": HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
uidb64 = urlsafe_base64_encode(force_bytes(user.pk))
token = PasswordResetTokenGenerator().make_token(user)
current_site = CustomConstants.EMAIL_DOMAIN + "/delete-your-account"
mail_subject = '[noreply] Delete your account'
msg = 'You will be redirected to the delete account page.'
message = render_to_string(
'delete_account_page.html', {
'user': user,
'domain': current_site,
'msg': msg,
'uid': uidb64,
'token': token,
})
to_email = [user.email]
from_email = settings.SENDER_EMAIL
email = Mail(
from_email=from_email,
to_emails=to_email,
subject=mail_subject,
html_content=message,
)
try:
sg = SendGridAPIClient(settings.SENDGRID_API_KEY)
response = sg.send(email)
except Exception as e:
response = {
'message': 'Delete account failed',
'error': str(e),
'status': HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
response = {
"message": "Delete account link sent on your mail.",
"status": HTTP_200_OK
}
return Response(response, status=HTTP_200_OK)
def test_reset_token_pattern(self):
token = PasswordResetTokenGenerator().make_token(self.registered_user)
pattern = re.compile(f'^{PASSWORD_RESET_TOKEN_PATTERN}$')
self.assertTrue(pattern.match(token))
def register(request):
if request.method == 'POST':
form = RegisterForm(request.POST)
email = escape(request.POST.get('email'))
username = escape(request.POST.get('username').lower())
password = escape(request.POST.get('password1'))
try:
check_email = User.objects.get(email=email)
messages.error(request, f'Adress email {email} is not avaiable. User created with that email.')
return redirect('register')
except ObjectDoesNotExist:
try:
user = User.objects.get(username=username)
messages.error(request, f'Username {username} is not avaiable.')
return redirect('register')
except ObjectDoesNotExist:
pass
if not validate_email(email):
messages.error(request, 'Please supply a valid email')
form = RegisterForm
return render(request, 'Todo/registel.html', {'form': form})
if form.is_valid():
user = User.objects.create_user(username=username.lower(), email=email)
user.set_password(password)
user.is_active = False
user.save()
messages.success(request, f'Account created for {username}!')
current_site = get_current_site(request)
email_subject = 'Account Activation'
message = render_to_string('Todo/email_activation.html',
{
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': PasswordResetTokenGenerator().make_token(user)
}
)
send_mail(
subject=email_subject,
message='',
from_email=DEFAULT_FROM_EMAIL,
recipient_list=[email],
html_message=message
)
messages.success(request, 'We have sent you an email to activate your account')
return redirect('login')
else:
messages.error(request, form.errors)
else:
form = RegisterForm
return render(request, 'Todo/register.html', {'form': form})
from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.utils import six
class TokenGenerator(PasswordResetTokenGenerator):
def _make_hash_value(self, user, timestamp):
return (six.text_type(user.pk) + six.text_type(timestamp) +
six.text_type(user.email_status))
account_activation_token = TokenGenerator()
pswd_get_back_token = PasswordResetTokenGenerator()
def token_generate(user):
newGenerate = PasswordResetTokenGenerator()
return newGenerate.make_token(user)
def form_valid(self, form):
"""
Register a new user.
"""
# Do not accept any valid form when registration is closed.
if not settings.REGISTRATION_POSSIBLE:
messages.error(
self.request,
_('I\'m sorry, but I can\'t let anyone register at the moment.'
))
return redirect(reverse_lazy('login'))
# Create and save user
user = LilyUser.objects.create_user(
email=form.cleaned_data['email'],
password=form.cleaned_data['password'],
first_name=form.cleaned_data['first_name'],
preposition=form.cleaned_data['preposition'],
last_name=form.cleaned_data['last_name'],
)
user.is_active = False
user.save()
# Add to admin group
account_admin = Group.objects.get_or_create(name='account_admin')[0]
user.groups.add(account_admin)
# Get the current site
try:
current_site = Site.objects.get_current()
except Site.DoesNotExist:
current_site = ''
# Generate uidb36 and token for the activation link
uidb36 = int_to_base36(user.pk)
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
# Send an activation mail
# TODO: only create/save contact when e-mail sent succesfully
send_templated_mail(template_name='activation',
from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list=[form.cleaned_data['email']],
context={
'current_site':
current_site,
'protocol':
self.request.is_secure() and 'https' or 'http',
'user':
user,
'uidb36':
uidb36,
'token':
token,
})
# Show registration message
messages.success(
self.request,
_('Registration completed. I\'ve sent you an email, please check it to activate your account.'
))
return self.get_success_url()
def token_check(user, token):
newGenerate = PasswordResetTokenGenerator()
return newGenerate.check_token(user, token)
def token_generator(self):
return PasswordResetTokenGenerator() # pragma: no cover
def post(self, request):
serializer = self.serializer_class(data=request.data)
email = request.data.get('email')
user = User.objects.filter(email=email).first()
if user:
print(user.status)
if user.status == 'Blocked' or user.status == 'Deleted':
message = "Your Account is {}".format(user.status)
response = {
'message': message,
'error': 'Request not allowed.',
'status': HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
uidb64 = urlsafe_base64_encode(force_bytes(user.pk))
token = PasswordResetTokenGenerator().make_token(user)
current_site = CustomConstants.EMAIL_DOMAIN + "/forget-password-reset"
mail_subject = '[noreply] Reset your Password'
msg = 'You will be redirected to the password reset page.'
message = render_to_string(
'password_reset_link.html', {
'user': user,
'domain': current_site,
'msg': msg,
'uid': uidb64,
'token': token,
})
to_email = [user.email]
from_email = settings.SENDER_EMAIL
email = Mail(
from_email=from_email,
to_emails=to_email,
subject=mail_subject,
html_content=message,
)
try:
sg = SendGridAPIClient(settings.SENDGRID_API_KEY)
response = sg.send(email)
except Exception as e:
response = {
'message': 'User Registration failed',
'error': e,
'status': HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
response = {
"message": "Password reset link sent on your mail.",
"status": HTTP_200_OK
}
return Response(response, status=HTTP_200_OK)
else:
response = {
"message": "Enter Correct email",
"status": HTTP_400_BAD_REQUEST
}
return Response(response, status=HTTP_400_BAD_REQUEST)
def test_secret_lazy_validation(self):
default_token_generator = PasswordResetTokenGenerator()
msg = 'The SECRET_KEY setting must not be empty.'
with self.assertRaisesMessage(ImproperlyConfigured, msg):
default_token_generator.secret
def get_token(self, user, **kwargs):
"""Returns a unique token for the given user"""
return PasswordResetTokenGenerator().make_token(user)
def post(self, request, *args, **kwargs):
method = request.POST.get('_method')
_query = request.GET.copy()
print request.REQUEST.__str__()
print _query
_query.pop("error", None)
_query.pop("message", None)
_query.pop("success", None)
if method == 'PUT':
password = request.POST.get('password')
password_confirm = request.POST.get('password_confirm')
email = request.GET.get('email')
token = request.GET.get('token')
print email
if password == password_confirm:
try:
user = User.objects.get(email=email)
token_gen = PasswordResetTokenGenerator()
if token_gen.check_token(user, token):
user.set_password(password)
user.save()
_query['success'] = 'password_changed'
_query['message'] = 'Tu password ha sido cambiado!'
# redirect ?success=password_changed
else:
_query['error'] = 'invalid_token'
_query[
'message'] = 'Esta url ha caducado o es inválida!'
# redirect ?error=invalid_token
except ObjectDoesNotExist:
# redirect ?error=user_does_not_exist
_query['error'] = 'user_does_not_exist'
_query['message'] = 'El usuario no existe!'
else:
# redirect ?error=password_missmatch
_query['error'] = 'password_missmatch'
_query['message'] = 'Las contraseñas no coinciden!'
pass
else:
email = request.POST.get('email')
user = User.objects.get(email=email)
if user:
token_gen = PasswordResetTokenGenerator()
token = token_gen.make_token(user)
print user.username
ctx = {
"name":
user.username,
"url":
request.build_absolute_uri(reverse('recuperar_pass')) +
'?token=' + token + '&email=' + email
}
mensaje = get_template(
'registration/mail.recuperar.html').render(Context(ctx))
to = [email]
mail = EmailMessage('Recuperar Contraseña',
mensaje,
to=to,
from_email=settings.EMAIL_HOST_USER)
mail.content_type = 'html'
mail.send()
_query['success'] = 'email_sent'
_query[
'message'] = 'Se ha enviado un correo con las instrucciones!'
# redirect ?success=email_sent
return redirect(reverse('recuperar_pass') + '?' + _query.urlencode())
def save(self, token):
token_generator = PasswordResetTokenGenerator()
if token_generator.check_token(self.instance, token):
self.instance.set_password(self.validated_data['password'])
self.instance.save()
return True
def generar_token(self, user):
token_generator = PasswordResetTokenGenerator()
token = token_generator.make_token(user)
return token
def test_check_token_with_nonexistent_token_and_user(self):
user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw')
p0 = PasswordResetTokenGenerator()
tk1 = p0.make_token(user)
self.assertIs(p0.check_token(None, tk1), False)
self.assertIs(p0.check_token(user, None), False)
def get_token(self, obj):
if not obj.last_login:
token_generator = PasswordResetTokenGenerator()
novo_token = token_generator.make_token(obj)
return novo_token
return None
# AntNupTracker Server, backend for recording and managing ant nuptial flight data
# Copyright (C) 2020 Abouheif Lab
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# Based on code from https://medium.com/@frfahim/django-registration-with-confirmation-email-bb5da011e4ef by Farhadur Reja Fahim
from django.contrib.auth.tokens import PasswordResetTokenGenerator
import six
class AccountTokenGenerator(PasswordResetTokenGenerator):
def _make_hash_value(self, user, timestamp):
return six.text_type(
user.pk) + six.text_type(timestamp) + six.text_type(user.is_active)
accountActivationToken = AccountTokenGenerator()
passwordResetToken = PasswordResetTokenGenerator()
def get_password_reset_token(self):
token = PasswordResetTokenGenerator().make_token(self.user)
return token
from django.contrib import messages
from django.http import HttpResponseForbidden
from django.shortcuts import redirect, render
from .models import User
from .forms import UserSignUpForm, UserUpdateForm
from django.template.loader import render_to_string
from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.core.mail import EmailMessage
from django.utils.encoding import force_bytes, force_text
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
token_generator = PasswordResetTokenGenerator()
# Create your views here.
def register(request):
form = UserSignUpForm()
if request.POST:
form = UserSignUpForm(request.POST)
if form.is_valid():
user = form.save(commit=False)
# user.is_active = False
user.is_active = True
user.save()
# mail_message = render_to_string("users/registration_email.html",
# {'user': urlsafe_base64_encode(force_bytes(user.id)),
# 'token': token_generator.make_token(user),
# })
# email = EmailMessage('Activate your account', mail_message, to=[user.email])
# email.content_subtype = "html"
def reset_password(request):
context = dict(form=SendResetEmailForm())
if request.method == "POST":
form = SendResetEmailForm(request.POST)
if not form.is_valid():
logger.warning("Invalid email")
messages.error(request, "Please, use valid email")
return render(request, "authentication/reset_password.html",
context)
email = form.cleaned_data["email"]
try:
validate_email(email)
except ValidationError:
logger.warning("Invalid email")
messages.error(request, "Please, use valid email")
return render(request, "authentication/reset_password.html",
context)
current_site = get_current_site(request)
user = User.objects.filter(email=email)
if not user.exists():
messages.error(request, "No users registered with this email")
logger.warning(f"There was no user for {email}")
render(request, "authentication/reset_password.html", context)
email_content = {
"user": user[0],
"domain": current_site.domain,
"uid": urlsafe_base64_encode(force_bytes(user[0].pk)),
"token": PasswordResetTokenGenerator().make_token(user[0]),
}
link = reverse(
"complete_password_reset",
kwargs=dict(uidb64=email_content["uid"],
token=email_content["token"]),
)
email_subject = "Password reset instructions"
reset_url = f"http://{current_site.domain}{link}"
email = EmailMessage(
email_subject,
f"Hi {user[0].username}, Please open the link below to reset your password \n{reset_url}",
"*****@*****.**",
[email],
)
EmailThread(email).start()
logger.info(f"Email was sent to {email}")
messages.success(request, "We send you an email with reset")
return render(request, "authentication/reset_password.html", context)
