Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0.30.0.dev
Branches Tags
Misago
/
misago
/
users
/
views
/
forgottenpassword.py

forgottenpassword.py 2.3 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. from django.contrib.auth import get_user_model
    2. 

  2. from django.core.exceptions import PermissionDenied
    3. 

  3. from django.shortcuts import get_object_or_404, render
    4. 

  4. from django.urls import reverse
    5. 

  5. from django.utils.translation import gettext as _
    6. 

  6. 

  7. from ...core.exceptions import Banned
    8. 

  8. from ..bans import get_user_ban
    9. 

  9. from ..decorators import deny_banned_ips
    10. 

  10. from ..tokens import is_password_change_token_valid
    11. 

  11. 

  12. 

  13. @deny_banned_ips
    14. 

  14. def request_reset(request):
    15. 

  15.     if request.settings.enable_oauth2_client:
    16. 

  16.         raise PermissionDenied(
    17. 

  17.             _("Please use %(provider)s to reset your password.")
    18. 

  18.             % {"provider": request.settings.oauth2_provider}
    19. 

  19.         )
    20. 

  20. 

  21.     request.frontend_context.update(
    22. 

  22.         {"SEND_PASSWORD_RESET_API": reverse("misago:api:send-password-form")}
    23. 

  23.     )
    24. 

  24.     return render(request, "misago/forgottenpassword/request.html")
    25. 

  25. 

  26. 

  27. class ResetError(Exception):
    28. 

  28.     pass
    29. 

  29. 

  30. 

  31. @deny_banned_ips
    32. 

  32. def reset_password_form(request, pk, token):
    33. 

  33.     if request.settings.enable_oauth2_client:
    34. 

  34.         raise PermissionDenied(
    35. 

  35.             _("Please use %(provider)s to reset your password.")
    36. 

  36.             % {"provider": request.settings.oauth2_provider}
    37. 

  37.         )
    38. 

  38. 

  39.     requesting_user = get_object_or_404(get_user_model(), pk=pk)
    40. 

  40. 

  41.     try:
    42. 

  42.         if request.user.is_authenticated and request.user.id != requesting_user.id:
    43. 

  43.             message = _(
    44. 

  44.                 "%(user)s, your link has expired. "
    45. 

  45.                 "Please request new link and try again."
    46. 

  46.             )
    47. 

  47.             raise ResetError(message % {"user": requesting_user.username})
    48. 

  48. 

  49.         if not is_password_change_token_valid(requesting_user, token):
    50. 

  50.             message = _(
    51. 

  51.                 "%(user)s, your link is invalid. Please try again or request new link."
    52. 

  52.             )
    53. 

  53.             raise ResetError(message % {"user": requesting_user.username})
    54. 

  54. 

  55.         ban = get_user_ban(requesting_user, request.cache_versions)
    56. 

  56.         if ban:
    57. 

  57.             raise Banned(ban)
    58. 

  58.     except ResetError as e:
    59. 

  59.         return render(
    60. 

  60.             request,
    61. 

  61.             "misago/forgottenpassword/error.html",
    62. 

  62.             {"message": e.args[0]},
    63. 

  63.             status=400,
    64. 

  64.         )
    65. 

  65. 

  66.     api_url = reverse(
    67. 

  67.         "misago:api:change-forgotten-password", kwargs={"pk": pk, "token": token}
    68. 

  68.     )
    69. 

  69. 

  70.     request.frontend_context["CHANGE_PASSWORD_API"] = api_url
    71. 

  71.     return render(request, "misago/forgottenpassword/form.html")
    72.