def test_password_reset(self): data = {'username': '******', 'password': '******'} default_token_generator = PasswordResetTokenGenerator() user = User.objects.create_user('antonio', '*****@*****.**', 'aquiTodoelDia1234') token = default_token_generator.make_token(user) uid = urlsafe_base64_encode(str(user.pk).encode()).decode()
from django.contrib.auth.tokens import PasswordResetTokenGenerator # from django.utils import six import six class AccountActivationTokenGenerator(PasswordResetTokenGenerator): def _make_hash_value(self, user, timestamp): return (six.text_type(user.pk) + six.text_type(timestamp)) + six.text_type(user.is_active) account_activation_token = AccountActivationTokenGenerator() password_reset_token = PasswordResetTokenGenerator()
def get_token_for_password_reset(user): return "{}::{}".format(encode_uuid_to_base64(user.pk), PasswordResetTokenGenerator().make_token(user))
from django.contrib.auth.tokens import PasswordResetTokenGenerator account_activation_token = PasswordResetTokenGenerator()
def test_make_token(self): user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) self.assertIs(p0.check_token(user, tk1), True)
def validate(self, attrs): try: token = attrs.get('token') uidb64 = attrs.get('uidb64') uid = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(pk=uid) profile = user.userAssociated.all().first() if not PasswordResetTokenGenerator().check_token(user, token): raise AuthenticationFailed('Reset link is valid', 401) deleted_suffix = ''.join( random.choices(string.ascii_uppercase + string.digits, k=4)) deleted_suffix = deleted_suffix.join( random.choices(string.ascii_lowercase, k=2)) deleted_suffix += str(user.pk) sent_requests = FriendRequest.objects.filter(sender=profile) received_requests = FriendRequest.objects.filter(receiver=profile) friends_id = [] for req in sent_requests: friends_id.append(req.pk) for req in received_requests: friends_id.append(req.pk) try: request_url = CustomConstants.NODE_SERVER_DOMAIN + 'user/friendship' node_response = requests.post( request_url, headers={ 'x-auth-server': CustomConstants.NODE_ADMIN_TOKEN, 'Content-Type': "application/json", }, json={ 'user': profile.pk, 'friends': friends_id }) node_response.raise_for_status() except Exception as e: response = { 'message': 'Account deletion failed !!', 'error': str(e), 'status': HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) sent_requests.delete() received_requests.delete() user.username = '******'.format(deleted_suffix) user.status = 'Deleted' user.save() user.refresh_from_db() try: current_site = CustomConstants.EMAIL_DOMAIN if profile.avatar: profile_url = profile.avatar.url else: profile_url = '' request_url = CustomConstants.NODE_SERVER_DOMAIN + 'user/' node_response = requests.post( request_url, headers={ 'x-auth-server': CustomConstants.NODE_ADMIN_TOKEN, 'Content-Type': "application/json", }, json={ 'userID': profile.pk, 'fullname': profile.full_name, 'username': user.username, 'profileURL': profile_url }) except Exception as e: response = { 'message': 'User deletion failed on Node server.', 'error': str(e), 'status': HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) token = Token.objects.get(user=user).delete() return super().validate(attrs) except Exception as e: raise ValidationError(str(e))
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin from django.contrib.sites.shortcuts import get_current_site from django.shortcuts import render, redirect,get_object_or_404 from django.utils.encoding import force_text,force_bytes from django.template.loader import render_to_string from django.urls import reverse from django.utils.http import urlsafe_base64_encode,urlsafe_base64_decode from django.views.generic import FormView from .forms import ChangePassword,RegisterForm,LoginForm, ChangeForm from .models import User, QA from .mixins import HandleAjaxMixin from .utils import crypt, get_key # from .tokens import acount_confirm_token from django.contrib.auth.tokens import PasswordResetTokenGenerator acount_confirm_token = PasswordResetTokenGenerator() # Create your views here. # def activate_email(request, uidb64, token): # try: # uid=force_text(urlsafe_base64_decode(uidb64)) # user=User.objects.get(pk=uid) # except (TypeError, ValueError, OverflowError, User.DoesNotExist): # user=None # if user!=None and acount_confirm_token.check_token(user,token): # user.active=True # user.confirmed_email=True # user.save() # login(request,user) # messages.success(request,f'{user.name}, your account is now activated successfully, you can now shorten your links') # return redirect('dash') # else:
def token_generator(self): return PasswordResetTokenGenerator()
def signup(request): global search_str if request.method == "POST": req_eml = request.POST.get('email') all_eml = EmailAddress.objects.all() all_usr = User.objects.all() req_usr = request.POST.get('username') for em in all_eml: if str(em) == str(req_eml): messages.error(request, f'Email already exists.') return render(request, 'personal/signup.html', {"search_str": search_str}) for us in all_usr: if str(us) == str(req_usr): messages.error(request, f'Username already exists.') return render(request, 'personal/signup.html', {"search_str": search_str}) form = UserCreationForm(request.POST) print(form.is_valid()) if form.is_valid(): # instance=Blog(request.POST.get('User_Name'),request.POST.get('Email'), # request.POST.get('Phone_Number'),request.POST.get('Password')) # instance.save() instance = form.save(commit=False) instance.save() # print(request.user) usr = User.objects.get(username=request.POST.get('username')) # print(usr.username) # for email verification usr.is_active = False usr.save() current_domain = get_current_site(request) email_subject = "Account activation" ttoken = PasswordResetTokenGenerator() message = render_to_string( 'personal/activate.html', { 'user': usr, 'domain': current_domain, 'uid': urlsafe_base64_encode(force_bytes(usr.pk)), 'token': ttoken.make_token(usr) }) email_message = EmailMessage(email_subject, message, settings.EMAIL_HOST_USER, [usr.email]) email_message.send() ################################# # form2 = UserSignupForm(request.POST) # print(form2.is_valid()) # if form2.is_valid(): # form2.save() # this is for blog model username = request.POST.get('username') # messages.success(request, f'Account created for {username}!') return redirect('verification') # form.save() # after login flow comes here # print("Here") # # for extracting information from request object request.POST.get("name") here "name" is key which is mentioned # # in input field of form # print(request.POST.get("name")) # print(request.POST.get("pass")) # print(request.POST.get("eml")+"last") # data = [] # data.append(request.POST.get("name")) # data.append(request.POST.get("eml")) # data.append(request.POST.get("pass")) # # models.database(data) # usr = models.User2(User_Name=data[0], Email=data[1], Password=data[2]) # # print(usr) # usr.save() messages.error(request, f'Sorry, Something went wrong, try again later.') return render(request, 'personal/signup.html', {"search_str": search_str})
def register_profile(request): if request.method == "GET": template = "profiles/register.html" form = AcademiaUserCreationForm context = {"form": form} return render(request, template, context) elif request.method == "POST": form = AcademiaUserCreationForm(request.POST) if form.is_valid(): new_user = form.save() logger.info("new_user: %s" % new_user.username) # Crear perfil de usuario new_profile = Profile.objects.create(user=new_user) logger.info("new_profile: %s" % new_profile) # Crear Accepted Cryptos por default bitcoin, created = CryptoCurrency.objects.get_or_create( name="Bitcoin", code="BTC") ether, created = CryptoCurrency.objects.get_or_create(name="Ether", code="ETH") monero, created = CryptoCurrency.objects.get_or_create( name="Monero", code="XMR") user_bitcoin = AcceptedCrypto.objects.create(user=new_user, crypto=bitcoin) user_ether = AcceptedCrypto.objects.create(user=new_user, crypto=ether) user_monero = AcceptedCrypto.objects.create(user=new_user, crypto=monero) logger.info("user_bitcoin: %s" % user_bitcoin) logger.info("user_ether: %s" % user_ether) logger.info("user_monero: %s" % user_monero) login(request, new_user) # Enviar email de confirmacion activation_token = PasswordResetTokenGenerator().make_token( new_user) logger.info("activation_token: %s" % activation_token) current_site = get_current_site(request) uid = urlsafe_base64_encode(force_bytes(new_user.pk)) logger.info("uid: %s" % uid) message = render_to_string( 'profiles/email_confirm_account.html', { 'username': new_user.username, 'uid': uid, 'token': activation_token, 'domain': current_site }) user_email = form.cleaned_data.get('email') send_email_message(subject="Activa tu cuenta", message=message, receiver_email=user_email) logger.debug("current_site: %s" % current_site) logger.debug("uid: %s" % uid) logger.debug("activation_token: %s" % activation_token) template = "profiles/profile_data.html" context = {'new_profile': new_profile} return render(request, template, context) else: template = "profiles/register.html" context = {"form": form} return render(request, template, context)
def post(self, request, *args, **kwargs): user = self.request.user if user.status in ["Blocked", "Deactivated"]: response = { "message": "Account Deletion Failed!!", "error": "User's account must be active for deletion", "status": HTTP_401_UNAUTHORIZED } return Response(response, status=HTTP_401_UNAUTHORIZED) if user.status == "Deleted": response = { "message": "Account Deletion Failed!!", "error": "Your social account is already deleted", "status": HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) uidb64 = urlsafe_base64_encode(force_bytes(user.pk)) token = PasswordResetTokenGenerator().make_token(user) current_site = CustomConstants.EMAIL_DOMAIN + "/delete-your-account" mail_subject = '[noreply] Delete your account' msg = 'You will be redirected to the delete account page.' message = render_to_string( 'delete_account_page.html', { 'user': user, 'domain': current_site, 'msg': msg, 'uid': uidb64, 'token': token, }) to_email = [user.email] from_email = settings.SENDER_EMAIL email = Mail( from_email=from_email, to_emails=to_email, subject=mail_subject, html_content=message, ) try: sg = SendGridAPIClient(settings.SENDGRID_API_KEY) response = sg.send(email) except Exception as e: response = { 'message': 'Delete account failed', 'error': str(e), 'status': HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) response = { "message": "Delete account link sent on your mail.", "status": HTTP_200_OK } return Response(response, status=HTTP_200_OK)
def test_reset_token_pattern(self): token = PasswordResetTokenGenerator().make_token(self.registered_user) pattern = re.compile(f'^{PASSWORD_RESET_TOKEN_PATTERN}$') self.assertTrue(pattern.match(token))
def register(request): if request.method == 'POST': form = RegisterForm(request.POST) email = escape(request.POST.get('email')) username = escape(request.POST.get('username').lower()) password = escape(request.POST.get('password1')) try: check_email = User.objects.get(email=email) messages.error(request, f'Adress email {email} is not avaiable. User created with that email.') return redirect('register') except ObjectDoesNotExist: try: user = User.objects.get(username=username) messages.error(request, f'Username {username} is not avaiable.') return redirect('register') except ObjectDoesNotExist: pass if not validate_email(email): messages.error(request, 'Please supply a valid email') form = RegisterForm return render(request, 'Todo/registel.html', {'form': form}) if form.is_valid(): user = User.objects.create_user(username=username.lower(), email=email) user.set_password(password) user.is_active = False user.save() messages.success(request, f'Account created for {username}!') current_site = get_current_site(request) email_subject = 'Account Activation' message = render_to_string('Todo/email_activation.html', { 'domain': current_site.domain, 'uid': urlsafe_base64_encode(force_bytes(user.pk)), 'token': PasswordResetTokenGenerator().make_token(user) } ) send_mail( subject=email_subject, message='', from_email=DEFAULT_FROM_EMAIL, recipient_list=[email], html_message=message ) messages.success(request, 'We have sent you an email to activate your account') return redirect('login') else: messages.error(request, form.errors) else: form = RegisterForm return render(request, 'Todo/register.html', {'form': form})
from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.utils import six class TokenGenerator(PasswordResetTokenGenerator): def _make_hash_value(self, user, timestamp): return (six.text_type(user.pk) + six.text_type(timestamp) + six.text_type(user.email_status)) account_activation_token = TokenGenerator() pswd_get_back_token = PasswordResetTokenGenerator()
def token_generate(user): newGenerate = PasswordResetTokenGenerator() return newGenerate.make_token(user)
def form_valid(self, form): """ Register a new user. """ # Do not accept any valid form when registration is closed. if not settings.REGISTRATION_POSSIBLE: messages.error( self.request, _('I\'m sorry, but I can\'t let anyone register at the moment.' )) return redirect(reverse_lazy('login')) # Create and save user user = LilyUser.objects.create_user( email=form.cleaned_data['email'], password=form.cleaned_data['password'], first_name=form.cleaned_data['first_name'], preposition=form.cleaned_data['preposition'], last_name=form.cleaned_data['last_name'], ) user.is_active = False user.save() # Add to admin group account_admin = Group.objects.get_or_create(name='account_admin')[0] user.groups.add(account_admin) # Get the current site try: current_site = Site.objects.get_current() except Site.DoesNotExist: current_site = '' # Generate uidb36 and token for the activation link uidb36 = int_to_base36(user.pk) token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(user) # Send an activation mail # TODO: only create/save contact when e-mail sent succesfully send_templated_mail(template_name='activation', from_email=settings.DEFAULT_FROM_EMAIL, recipient_list=[form.cleaned_data['email']], context={ 'current_site': current_site, 'protocol': self.request.is_secure() and 'https' or 'http', 'user': user, 'uidb36': uidb36, 'token': token, }) # Show registration message messages.success( self.request, _('Registration completed. I\'ve sent you an email, please check it to activate your account.' )) return self.get_success_url()
def token_check(user, token): newGenerate = PasswordResetTokenGenerator() return newGenerate.check_token(user, token)
def token_generator(self): return PasswordResetTokenGenerator() # pragma: no cover
def post(self, request): serializer = self.serializer_class(data=request.data) email = request.data.get('email') user = User.objects.filter(email=email).first() if user: print(user.status) if user.status == 'Blocked' or user.status == 'Deleted': message = "Your Account is {}".format(user.status) response = { 'message': message, 'error': 'Request not allowed.', 'status': HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) uidb64 = urlsafe_base64_encode(force_bytes(user.pk)) token = PasswordResetTokenGenerator().make_token(user) current_site = CustomConstants.EMAIL_DOMAIN + "/forget-password-reset" mail_subject = '[noreply] Reset your Password' msg = 'You will be redirected to the password reset page.' message = render_to_string( 'password_reset_link.html', { 'user': user, 'domain': current_site, 'msg': msg, 'uid': uidb64, 'token': token, }) to_email = [user.email] from_email = settings.SENDER_EMAIL email = Mail( from_email=from_email, to_emails=to_email, subject=mail_subject, html_content=message, ) try: sg = SendGridAPIClient(settings.SENDGRID_API_KEY) response = sg.send(email) except Exception as e: response = { 'message': 'User Registration failed', 'error': e, 'status': HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST) response = { "message": "Password reset link sent on your mail.", "status": HTTP_200_OK } return Response(response, status=HTTP_200_OK) else: response = { "message": "Enter Correct email", "status": HTTP_400_BAD_REQUEST } return Response(response, status=HTTP_400_BAD_REQUEST)
def test_secret_lazy_validation(self): default_token_generator = PasswordResetTokenGenerator() msg = 'The SECRET_KEY setting must not be empty.' with self.assertRaisesMessage(ImproperlyConfigured, msg): default_token_generator.secret
def get_token(self, user, **kwargs): """Returns a unique token for the given user""" return PasswordResetTokenGenerator().make_token(user)
def post(self, request, *args, **kwargs): method = request.POST.get('_method') _query = request.GET.copy() print request.REQUEST.__str__() print _query _query.pop("error", None) _query.pop("message", None) _query.pop("success", None) if method == 'PUT': password = request.POST.get('password') password_confirm = request.POST.get('password_confirm') email = request.GET.get('email') token = request.GET.get('token') print email if password == password_confirm: try: user = User.objects.get(email=email) token_gen = PasswordResetTokenGenerator() if token_gen.check_token(user, token): user.set_password(password) user.save() _query['success'] = 'password_changed' _query['message'] = 'Tu password ha sido cambiado!' # redirect ?success=password_changed else: _query['error'] = 'invalid_token' _query[ 'message'] = 'Esta url ha caducado o es inválida!' # redirect ?error=invalid_token except ObjectDoesNotExist: # redirect ?error=user_does_not_exist _query['error'] = 'user_does_not_exist' _query['message'] = 'El usuario no existe!' else: # redirect ?error=password_missmatch _query['error'] = 'password_missmatch' _query['message'] = 'Las contraseñas no coinciden!' pass else: email = request.POST.get('email') user = User.objects.get(email=email) if user: token_gen = PasswordResetTokenGenerator() token = token_gen.make_token(user) print user.username ctx = { "name": user.username, "url": request.build_absolute_uri(reverse('recuperar_pass')) + '?token=' + token + '&email=' + email } mensaje = get_template( 'registration/mail.recuperar.html').render(Context(ctx)) to = [email] mail = EmailMessage('Recuperar Contraseña', mensaje, to=to, from_email=settings.EMAIL_HOST_USER) mail.content_type = 'html' mail.send() _query['success'] = 'email_sent' _query[ 'message'] = 'Se ha enviado un correo con las instrucciones!' # redirect ?success=email_sent return redirect(reverse('recuperar_pass') + '?' + _query.urlencode())
def save(self, token): token_generator = PasswordResetTokenGenerator() if token_generator.check_token(self.instance, token): self.instance.set_password(self.validated_data['password']) self.instance.save() return True
def generar_token(self, user): token_generator = PasswordResetTokenGenerator() token = token_generator.make_token(user) return token
def test_check_token_with_nonexistent_token_and_user(self): user = User.objects.create_user('tokentestuser', '*****@*****.**', 'testpw') p0 = PasswordResetTokenGenerator() tk1 = p0.make_token(user) self.assertIs(p0.check_token(None, tk1), False) self.assertIs(p0.check_token(user, None), False)
def get_token(self, obj): if not obj.last_login: token_generator = PasswordResetTokenGenerator() novo_token = token_generator.make_token(obj) return novo_token return None
# AntNupTracker Server, backend for recording and managing ant nuptial flight data # Copyright (C) 2020 Abouheif Lab # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <https://www.gnu.org/licenses/>. # # Based on code from https://medium.com/@frfahim/django-registration-with-confirmation-email-bb5da011e4ef by Farhadur Reja Fahim from django.contrib.auth.tokens import PasswordResetTokenGenerator import six class AccountTokenGenerator(PasswordResetTokenGenerator): def _make_hash_value(self, user, timestamp): return six.text_type( user.pk) + six.text_type(timestamp) + six.text_type(user.is_active) accountActivationToken = AccountTokenGenerator() passwordResetToken = PasswordResetTokenGenerator()
def get_password_reset_token(self): token = PasswordResetTokenGenerator().make_token(self.user) return token
from django.contrib import messages from django.http import HttpResponseForbidden from django.shortcuts import redirect, render from .models import User from .forms import UserSignUpForm, UserUpdateForm from django.template.loader import render_to_string from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.core.mail import EmailMessage from django.utils.encoding import force_bytes, force_text from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode token_generator = PasswordResetTokenGenerator() # Create your views here. def register(request): form = UserSignUpForm() if request.POST: form = UserSignUpForm(request.POST) if form.is_valid(): user = form.save(commit=False) # user.is_active = False user.is_active = True user.save() # mail_message = render_to_string("users/registration_email.html", # {'user': urlsafe_base64_encode(force_bytes(user.id)), # 'token': token_generator.make_token(user), # }) # email = EmailMessage('Activate your account', mail_message, to=[user.email]) # email.content_subtype = "html"
def reset_password(request): context = dict(form=SendResetEmailForm()) if request.method == "POST": form = SendResetEmailForm(request.POST) if not form.is_valid(): logger.warning("Invalid email") messages.error(request, "Please, use valid email") return render(request, "authentication/reset_password.html", context) email = form.cleaned_data["email"] try: validate_email(email) except ValidationError: logger.warning("Invalid email") messages.error(request, "Please, use valid email") return render(request, "authentication/reset_password.html", context) current_site = get_current_site(request) user = User.objects.filter(email=email) if not user.exists(): messages.error(request, "No users registered with this email") logger.warning(f"There was no user for {email}") render(request, "authentication/reset_password.html", context) email_content = { "user": user[0], "domain": current_site.domain, "uid": urlsafe_base64_encode(force_bytes(user[0].pk)), "token": PasswordResetTokenGenerator().make_token(user[0]), } link = reverse( "complete_password_reset", kwargs=dict(uidb64=email_content["uid"], token=email_content["token"]), ) email_subject = "Password reset instructions" reset_url = f"http://{current_site.domain}{link}" email = EmailMessage( email_subject, f"Hi {user[0].username}, Please open the link below to reset your password \n{reset_url}", "*****@*****.**", [email], ) EmailThread(email).start() logger.info(f"Email was sent to {email}") messages.success(request, "We send you an email with reset") return render(request, "authentication/reset_password.html", context)