def send_password_reset_email(self, user, site): """ Send email to learner with reset password link :param user: :param site: """ message_context = get_base_template_context(site) email = user.email message_context.update({ 'email': email, 'platform_name': configuration_helpers.get_value('PLATFORM_NAME', settings.PLATFORM_NAME), 'reset_link': '{protocol}://{site}{link}?track=pwreset'.format( protocol='http', site=configuration_helpers.get_value('SITE_NAME', settings.SITE_NAME), link=reverse('password_reset_confirm', kwargs={ 'uidb36': int_to_base36(user.id), 'token': default_token_generator.make_token(user), }), ) }) with emulate_http_request(site, user): msg = PasswordReset().personalize( recipient=Recipient(user.username, email), language=get_user_preference(user, LANGUAGE_KEY), user_context=message_context, ) ace.send(msg)
def send_password_reset_email_for_user(user, request, preferred_email=None): """ Send out a password reset email for the given user. Arguments: user (User): Django User object request (HttpRequest): Django request object preferred_email (str): Send email to this address if present, otherwise fallback to user's email address. """ message_context, user_language_preference = get_user_default_email_params(user) site_name = settings.LOGISTRATION_MICROFRONTEND_DOMAIN if should_redirect_to_logistration_mircrofrontend() \ else configuration_helpers.get_value('SITE_NAME', settings.SITE_NAME) message_context.update({ 'request': request, # Used by google_analytics_tracking_pixel # TODO: This overrides `platform_name` from `get_base_template_context` to make the tests passes 'platform_name': configuration_helpers.get_value('PLATFORM_NAME', settings.PLATFORM_NAME), 'reset_link': '{protocol}://{site}{link}?track=pwreset'.format( protocol='https' if request.is_secure() else 'http', site=site_name, link=reverse('password_reset_confirm', kwargs={ 'uidb36': int_to_base36(user.id), 'token': default_token_generator.make_token(user), }), ) }) msg = PasswordReset().personalize( recipient=Recipient(user.username, preferred_email or user.email), language=user_language_preference, user_context=message_context, ) ace.send(msg)
def password_change_request_handler(request): """Handle password change requests originating from the account page. Uses the Account API to email the user a link to the password reset page. Note: The next step in the password reset process (confirmation) is currently handled by student.views.password_reset_confirm_wrapper, a custom wrapper around Django's password reset confirmation view. Args: request (HttpRequest) Returns: HttpResponse: 200 if the email was sent successfully HttpResponse: 400 if there is no 'email' POST parameter HttpResponse: 403 if the client has been rate limited HttpResponse: 405 if using an unsupported HTTP method Example usage: POST /account/password """ user = request.user request_from_support_tools = ( user.is_staff or user.is_superuser) and request.POST.get('email_from_support_tools') if request_from_support_tools: email = request.POST.get('email_from_support_tools') else: # Prefer logged-in user's email email = user.email if user.is_authenticated else request.POST.get( 'email') AUDIT_LOG.info("Password reset initiated for email %s.", email) if getattr(request, 'limited', False) and not request_from_support_tools: AUDIT_LOG.warning("Password reset rate limit exceeded for email %s.", email) return HttpResponse(_( "Your previous request is in progress, please try again in a few moments." ), status=403) if email: try: request_password_change(email, request.is_secure()) user = user if not request.POST.get('email_from_support_tools') and user.is_authenticated \ else _get_user_from_email(email=email) destroy_oauth_tokens(user) except errors.UserNotFound: AUDIT_LOG.info("Invalid password reset attempt") # If enabled, send an email saying that a password reset was attempted, but that there is # no user associated with the email if configuration_helpers.get_value( 'ENABLE_PASSWORD_RESET_FAILURE_EMAIL', settings.FEATURES['ENABLE_PASSWORD_RESET_FAILURE_EMAIL']): site = get_current_site() message_context = get_base_template_context(site) message_context.update({ 'failed': True, 'request': request, # Used by google_analytics_tracking_pixel 'email_address': email, }) msg = PasswordReset().personalize( recipient=Recipient(lms_user_id=0, email_address=email), language=settings.LANGUAGE_CODE, user_context=message_context, ) ace.send(msg) except errors.UserAPIInternalError as err: log.exception( 'Error occurred during password change for user {email}: {error}' .format(email=email, error=err)) return HttpResponse(_( "Some error occurred during password change. Please try again" ), status=500) return HttpResponse(status=200) else: return HttpResponseBadRequest(_("No email address provided."))