forgottenpassword.py 1.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. from django.contrib.auth import get_user_model
  2. from django.shortcuts import get_object_or_404, render
  3. from django.urls import reverse
  4. from django.utils.translation import ugettext as _
  5. from misago.core.exceptions import Banned
  6. from misago.users.bans import get_user_ban
  7. from misago.users.decorators import deny_banned_ips
  8. from misago.users.tokens import is_password_change_token_valid
  9. def reset_view(f):
  10. @deny_banned_ips
  11. def decorator(*args, **kwargs):
  12. return f(*args, **kwargs)
  13. return decorator
  14. @reset_view
  15. def request_reset(request):
  16. request.frontend_context.update({
  17. 'SEND_PASSWORD_RESET_API': reverse('misago:api:send-password-form'),
  18. })
  19. return render(request, 'misago/forgottenpassword/request.html')
  20. class ResetError(Exception):
  21. pass
  22. @reset_view
  23. def reset_password_form(request, pk, token):
  24. requesting_user = get_object_or_404(get_user_model(), pk=pk)
  25. try:
  26. if (request.user.is_authenticated and request.user.id != requesting_user.id):
  27. message = _("%(user)s, your link has expired. Please request new link and try again.")
  28. raise ResetError(message % {'user': requesting_user.username})
  29. if not is_password_change_token_valid(requesting_user, token):
  30. message = _("%(user)s, your link is invalid. Please try again or request new link.")
  31. raise ResetError(message % {'user': requesting_user.username})
  32. ban = get_user_ban(requesting_user)
  33. if ban:
  34. raise Banned(ban)
  35. except ResetError as e:
  36. return render(
  37. request, 'misago/forgottenpassword/error.html', {
  38. 'message': e.args[0],
  39. }, status=400
  40. )
  41. api_url = reverse(
  42. 'misago:api:change-forgotten-password', kwargs={
  43. 'pk': pk,
  44. 'token': token,
  45. }
  46. )
  47. request.frontend_context['CHANGE_PASSWORD_API'] = api_url
  48. return render(request, 'misago/forgottenpassword/form.html')