moviewyrm/bookwyrm/views/password.py

106 lines
3.7 KiB
Python
Raw Normal View History

2021-03-08 16:49:10 +00:00
""" class views for password management """
from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
from django.shortcuts import redirect
from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator
2021-03-21 19:06:20 +00:00
from django.utils.translation import gettext as _
from django.views import View
from bookwyrm import models
from bookwyrm.emailing import password_reset_email
# pylint: disable= no-self-use
class PasswordResetRequest(View):
2021-04-26 16:15:42 +00:00
"""forgot password flow"""
2021-03-08 16:49:10 +00:00
def get(self, request):
2021-04-26 16:15:42 +00:00
"""password reset page"""
return TemplateResponse(
request,
2021-03-08 16:49:10 +00:00
"password_reset_request.html",
)
def post(self, request):
2021-04-26 16:15:42 +00:00
"""create a password reset token"""
2021-03-08 16:49:10 +00:00
email = request.POST.get("email")
try:
user = models.User.objects.get(email=email, email__isnull=False)
except models.User.DoesNotExist:
2021-03-21 19:06:20 +00:00
data = {"error": _("No user with that email address was found.")}
return TemplateResponse(request, "password_reset_request.html", data)
# remove any existing password reset cods for this user
models.PasswordReset.objects.filter(user=user).all().delete()
# create a new reset code
code = models.PasswordReset.objects.create(user=user)
password_reset_email(code)
2021-03-21 19:06:20 +00:00
data = {"message": _("A password reset link sent to %s" % email)}
2021-03-08 16:49:10 +00:00
return TemplateResponse(request, "password_reset_request.html", data)
class PasswordReset(View):
2021-04-26 16:15:42 +00:00
"""set new password"""
2021-03-08 16:49:10 +00:00
def get(self, request, code):
2021-04-26 16:15:42 +00:00
"""endpoint for sending invites"""
if request.user.is_authenticated:
2021-03-08 16:49:10 +00:00
return redirect("/")
try:
reset_code = models.PasswordReset.objects.get(code=code)
if not reset_code.valid():
raise PermissionDenied
except models.PasswordReset.DoesNotExist:
raise PermissionDenied
2021-03-29 01:53:49 +00:00
return TemplateResponse(request, "password_reset.html", {"code": code})
def post(self, request, code):
2021-04-26 16:15:42 +00:00
"""allow a user to change their password through an emailed token"""
try:
2021-03-08 16:49:10 +00:00
reset_code = models.PasswordReset.objects.get(code=code)
except models.PasswordReset.DoesNotExist:
2021-03-08 16:49:10 +00:00
data = {"errors": ["Invalid password reset link"]}
return TemplateResponse(request, "password_reset.html", data)
user = reset_code.user
2021-03-08 16:49:10 +00:00
new_password = request.POST.get("password")
confirm_password = request.POST.get("confirm-password")
if new_password != confirm_password:
2021-03-08 16:49:10 +00:00
data = {"errors": ["Passwords do not match"]}
return TemplateResponse(request, "password_reset.html", data)
user.set_password(new_password)
2021-08-03 19:33:48 +00:00
user.save(broadcast=False, update_fields=["password"])
login(request, user)
reset_code.delete()
2021-03-08 16:49:10 +00:00
return redirect("/")
2021-03-08 16:49:10 +00:00
@method_decorator(login_required, name="dispatch")
class ChangePassword(View):
2021-04-26 16:15:42 +00:00
"""change password as logged in user"""
2021-03-08 16:49:10 +00:00
def get(self, request):
2021-04-26 16:15:42 +00:00
"""change password page"""
2021-03-08 16:49:10 +00:00
data = {"user": request.user}
return TemplateResponse(request, "preferences/change_password.html", data)
def post(self, request):
2021-04-26 16:15:42 +00:00
"""allow a user to change their password"""
2021-03-08 16:49:10 +00:00
new_password = request.POST.get("password")
confirm_password = request.POST.get("confirm-password")
if new_password != confirm_password:
2021-03-08 16:49:10 +00:00
return redirect("preferences/password")
request.user.set_password(new_password)
2021-08-03 19:33:48 +00:00
request.user.save(broadcast=False, update_fields=["password"])
login(request, request.user)
2021-01-29 17:28:00 +00:00
return redirect(request.user.local_path)