def change_forgotten_password(request, user_id, token): User = auth.get_user_model() try: user = User.objects.get(pk=user_id) except User.DoesNotExist: message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): message = _("Form link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def change_forgotten_password(request, user_id, token): User = auth.get_user_model() invalid_message = _("Form link is invalid. Please try again.") try: user = User.objects.get(pk=user_id) if request.is_authenticated() and request.user.id != user.id: raise User.DoesNotExist() except User.DoesNotExist: return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) if not is_password_change_token_valid(user, token): return Response({'detail': invalid_message}, status=status.HTTP_400_BAD_REQUEST) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) if request.method == 'POST': return process_forgotten_password_form(request, user) else: return Response({ 'username': user.username, 'email': user.email })
def decorator(request, *args, **kwargs): if 'user_id' in kwargs: User = get_user_model() user = get_object_or_404(User.objects, pk=kwargs.pop('user_id')) kwargs['user'] = user if not is_password_change_token_valid(user, kwargs['token']): message = _("Your link is invalid. Please try again.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) try: form = ResetPasswordForm() form.confirm_allowed(user) except ValidationError: message = _("Your link has expired. Please request new one.") return Response({'detail': message}, status=status.HTTP_404_NOT_FOUND) return f(request, *args, **kwargs)