| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- from django.contrib.auth import update_session_auth_hash
- from django.core.exceptions import ValidationError
- from django.utils.translation import ugettext as _
- from rest_framework import status
- from rest_framework.response import Response
- from misago.conf import settings
- from misago.core.mail import mail_user
- from misago.users.forms.options import ChangePasswordForm
- from misago.users.credentialchange import (store_new_credential,
- read_new_credential)
- def change_password_endpoint(request, pk=None):
- if 'token' in request.data:
- return use_token(request, request.data['token'])
- else:
- return handle_form_submission(request)
- def handle_form_submission(request):
- form = ChangePasswordForm(request.data, user=request.user)
- if form.is_valid():
- token = store_new_credential(
- request, 'password', form.cleaned_data['new_password'])
- mail_subject = _("Confirm password change on %(forum_title)s forums")
- mail_subject = mail_subject % {'forum_title': settings.forum_name}
- mail_user(request, request.user, mail_subject,
- 'misago/emails/change_password',
- {'token': token})
- return Response({'detail': _("Password change confirmation link "
- "was sent to your address.")})
- else:
- return Response(form.errors, status=status.HTTP_400_BAD_REQUEST)
- def token_error_handler(f):
- def decorator(request, token):
- try:
- return f(request, token)
- except ValueError:
- message = _("Password change link has expired. Please try again.")
- return Response({'detail': message},
- status=status.HTTP_400_BAD_REQUEST)
- return decorator
- @token_error_handler
- def use_token(request, token):
- new_password = read_new_credential(request, 'password', token)
- if new_password:
- request.user.set_password(new_password)
- request.user.save()
- update_session_auth_hash(request, request.user)
- return Response({'detail': _("Your password has been changed.")})
- else:
- raise ValueError()
|
