from django.contrib.auth import update_session_auth_hash from django.core.exceptions import ValidationError from django.utils.translation import ugettext as _ from rest_framework import status from rest_framework.response import Response from misago.conf import settings from misago.core.mail import mail_user from misago.users.forms.options import ChangePasswordForm from misago.users.credentialchange import (store_new_credential, read_new_credential) def change_password_endpoint(request, pk=None): if 'token' in request.data: return use_token(request, request.data['token']) else: return handle_form_submission(request) def handle_form_submission(request): form = ChangePasswordForm(request.data, user=request.user) if form.is_valid(): token = store_new_credential( request, 'password', form.cleaned_data['new_password']) mail_subject = _("Confirm password change on %(forum_title)s forums") mail_subject = mail_subject % {'forum_title': settings.forum_name} mail_user(request, request.user, mail_subject, 'misago/emails/change_password', {'token': token}) return Response({'detail': _("Password change confirmation link " "was sent to your address.")}) else: return Response(form.errors, status=status.HTTP_400_BAD_REQUEST) def token_error_handler(f): def decorator(request, token): try: return f(request, token) except ValueError: message = _("Password change link has expired. Please try again.") return Response({'detail': message}, status=status.HTTP_400_BAD_REQUEST) return decorator @token_error_handler def use_token(request, token): new_password = read_new_credential(request, 'password', token) if new_password: request.user.set_password(new_password) request.user.save() update_session_auth_hash(request, request.user) return Response({'detail': _("Your password has been changed.")}) else: raise ValueError()