def send_password_form(request): """ POST /auth/send-password-form/ with CSRF token and email will mail change password form link to requester """ form = ResetPasswordForm(request.data) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password on %(forum_name)s forums") % { 'user': requesting_user.username, 'forum_name': settings.forum_name, } confirmation_token = make_password_change_token(requesting_user) mail_user( request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', { 'confirmation_token': confirmation_token, }, ) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email, }) else: return Response( form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST, )
def change_forgotten_password(request, user_id, token): User = auth.get_user_model() try: user = User.objects.get(pk=user_id) except User.DoesNotExist: message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def request_reset(request): form = ResetPasswordForm() if request.method == "POST": form = ResetPasswordForm(request.POST) if form.is_valid(): requesting_user = form.user_cache request.session["reset_password_link_sent_to"] = requesting_user.pk mail_subject = _("Change %(user)s password " "on %(forum_title)s forums") subject_formats = {"user": requesting_user.username, "forum_title": settings.forum_name} mail_subject = mail_subject % subject_formats confirmation_token = make_password_reset_token(requesting_user) mail_user( request, requesting_user, mail_subject, "misago/emails/change_password_form_link", {"confirmation_token": confirmation_token}, ) return redirect("misago:reset_password_link_sent") return render(request, "misago/forgottenpassword/request.html", {"form": form})
def send_password_form(request): form = ResetPasswordForm(request.data) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password on %(forum_name)s forums") subject_formats = { 'user': requesting_user.username, 'forum_name': settings.forum_name, } mail_subject = mail_subject % subject_formats confirmation_token = make_password_change_token(requesting_user) mail_user(request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', {'confirmation_token': confirmation_token}) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email }) else: return Response(form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST)
def send_link(request): form = ResetPasswordForm(request.DATA) if form.is_valid(): requesting_user = form.user_cache mail_subject = _("Change %(user)s password " "on %(forum_title)s forums") subject_formats = { 'user': requesting_user.username, 'forum_title': settings.forum_name } mail_subject = mail_subject % subject_formats confirmation_token = make_password_change_token(requesting_user) mail_user(request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', {'confirmation_token': confirmation_token}) return Response({ 'username': form.user_cache.username, 'email': form.user_cache.email }) else: return Response(form.get_errors_dict(), status=status.HTTP_400_BAD_REQUEST)
def request_reset(request): form = ResetPasswordForm() if request.method == 'POST': form = ResetPasswordForm(request.POST) if form.is_valid(): requesting_user = form.user_cache request.session['reset_password_link_sent_to'] = requesting_user.pk mail_subject = _("Change %(user)s password " "on %(forum_title)s forums") subject_formats = { 'user': requesting_user.username, 'forum_title': settings.forum_name } mail_subject = mail_subject % subject_formats confirmation_token = make_password_reset_token(requesting_user) mail_user(request, requesting_user, mail_subject, 'misago/emails/change_password_form_link', {'confirmation_token': confirmation_token}) return redirect('misago:reset_password_link_sent') return render(request, 'misago/forgottenpassword/request.html', {'form': form})
def change_forgotten_password(request, user_id, token): User = auth.get_user_model() invalid_message = _("Form link is invalid. Please try again.") try: user = User.objects.get(pk=user_id) if request.is_authenticated() and request.user.id != user.id: raise User.DoesNotExist() except User.DoesNotExist: return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def decorator(request, *args, **kwargs): if 'user_id' in kwargs: User = get_user_model() user = get_object_or_404(User.objects, pk=kwargs.pop('user_id')) kwargs['user'] = user if not is_password_change_token_valid(user, kwargs['token']): message = _("Your link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) return f(request, *args, **kwargs)