def send_password_reset_email(self, user, site):
"""
Send email to learner with reset password link
:param user:
:param site:
"""
message_context = get_base_template_context(site)
email = user.email
message_context.update({
'email':
email,
'platform_name':
configuration_helpers.get_value('PLATFORM_NAME',
settings.PLATFORM_NAME),
'reset_link':
'{protocol}://{site}{link}?track=pwreset'.format(
protocol='http',
site=configuration_helpers.get_value('SITE_NAME',
settings.SITE_NAME),
link=reverse('password_reset_confirm',
kwargs={
'uidb36': int_to_base36(user.id),
'token':
default_token_generator.make_token(user),
}),
)
})
with emulate_http_request(site, user):
msg = PasswordReset().personalize(
recipient=Recipient(user.username, email),
language=get_user_preference(user, LANGUAGE_KEY),
user_context=message_context,
)
ace.send(msg)
def send_password_reset_email_for_user(user, request, preferred_email=None):
"""
Send out a password reset email for the given user.
Arguments:
user (User): Django User object
request (HttpRequest): Django request object
preferred_email (str): Send email to this address if present, otherwise fallback to user's email address.
"""
message_context, user_language_preference = get_user_default_email_params(user)
site_name = settings.LOGISTRATION_MICROFRONTEND_DOMAIN if should_redirect_to_logistration_mircrofrontend() \
else configuration_helpers.get_value('SITE_NAME', settings.SITE_NAME)
message_context.update({
'request': request, # Used by google_analytics_tracking_pixel
# TODO: This overrides `platform_name` from `get_base_template_context` to make the tests passes
'platform_name': configuration_helpers.get_value('PLATFORM_NAME', settings.PLATFORM_NAME),
'reset_link': '{protocol}://{site}{link}?track=pwreset'.format(
protocol='https' if request.is_secure() else 'http',
site=site_name,
link=reverse('password_reset_confirm', kwargs={
'uidb36': int_to_base36(user.id),
'token': default_token_generator.make_token(user),
}),
)
})
msg = PasswordReset().personalize(
recipient=Recipient(user.username, preferred_email or user.email),
language=user_language_preference,
user_context=message_context,
)
ace.send(msg)
def password_change_request_handler(request):
"""Handle password change requests originating from the account page.
Uses the Account API to email the user a link to the password reset page.
Note:
The next step in the password reset process (confirmation) is currently handled
by student.views.password_reset_confirm_wrapper, a custom wrapper around Django's
password reset confirmation view.
Args:
request (HttpRequest)
Returns:
HttpResponse: 200 if the email was sent successfully
HttpResponse: 400 if there is no 'email' POST parameter
HttpResponse: 403 if the client has been rate limited
HttpResponse: 405 if using an unsupported HTTP method
Example usage:
POST /account/password
"""
user = request.user
request_from_support_tools = (
user.is_staff
or user.is_superuser) and request.POST.get('email_from_support_tools')
if request_from_support_tools:
email = request.POST.get('email_from_support_tools')
else:
# Prefer logged-in user's email
email = user.email if user.is_authenticated else request.POST.get(
'email')
AUDIT_LOG.info("Password reset initiated for email %s.", email)
if getattr(request, 'limited', False) and not request_from_support_tools:
AUDIT_LOG.warning("Password reset rate limit exceeded for email %s.",
email)
return HttpResponse(_(
"Your previous request is in progress, please try again in a few moments."
),
status=403)
if email:
try:
request_password_change(email, request.is_secure())
user = user if not request.POST.get('email_from_support_tools') and user.is_authenticated \
else _get_user_from_email(email=email)
destroy_oauth_tokens(user)
except errors.UserNotFound:
AUDIT_LOG.info("Invalid password reset attempt")
# If enabled, send an email saying that a password reset was attempted, but that there is
# no user associated with the email
if configuration_helpers.get_value(
'ENABLE_PASSWORD_RESET_FAILURE_EMAIL',
settings.FEATURES['ENABLE_PASSWORD_RESET_FAILURE_EMAIL']):
site = get_current_site()
message_context = get_base_template_context(site)
message_context.update({
'failed': True,
'request':
request, # Used by google_analytics_tracking_pixel
'email_address': email,
})
msg = PasswordReset().personalize(
recipient=Recipient(lms_user_id=0, email_address=email),
language=settings.LANGUAGE_CODE,
user_context=message_context,
)
ace.send(msg)
except errors.UserAPIInternalError as err:
log.exception(
'Error occurred during password change for user {email}: {error}'
.format(email=email, error=err))
return HttpResponse(_(
"Some error occurred during password change. Please try again"
),
status=500)
return HttpResponse(status=200)
else:
return HttpResponseBadRequest(_("No email address provided."))
