def get(self, request, *args, **kwargs):
sms_password_recovery = (self.request.localconfig.parameters.get_value(
"sms_password_recovery"))
if not sms_password_recovery:
raise Http404
try:
user = models.User._default_manager.get(
pk=self.request.session["user_pk"])
except KeyError:
raise Http404
backend = sms_backends.get_active_backend(
self.request.localconfig.parameters)
secret = cryptutils.random_hex_key(20)
code = oath.totp(secret)
text = _(
"Please use the following code to recover your Modoboa password: {}"
.format(code))
if not backend.send(text, [user.phone_number]):
raise Http404
self.request.session["totp_secret"] = secret
return JsonResponse({"status": "ok"})
def form_valid(self, form):
"""Redirect to code verification page if needed."""
sms_password_recovery = (self.request.localconfig.parameters.get_value(
"sms_password_recovery"))
if not sms_password_recovery:
return super().form_valid(form)
user = models.User._default_manager.filter(
email=form.cleaned_data["email"],
phone_number__isnull=False).first()
if not user:
# Fallback to email
return super().form_valid(form)
backend = sms_backends.get_active_backend(
self.request.localconfig.parameters)
secret = cryptutils.random_hex_key(20)
code = oath.totp(secret)
text = _(
"Please use the following code to recover your Modoboa password: {}"
.format(code))
if not backend.send(text, [str(user.phone_number)]):
return super().form_valid(form)
self.request.session["user_pk"] = user.pk
self.request.session["totp_secret"] = secret
return HttpResponseRedirect(reverse("password_reset_confirm_code"))