2021-01-12 16:48:31 +00:00
|
|
|
''' class views for password management '''
|
|
|
|
from django.contrib.auth import login
|
|
|
|
from django.contrib.auth.decorators import login_required
|
|
|
|
from django.core.exceptions import PermissionDenied
|
|
|
|
from django.shortcuts import redirect
|
|
|
|
from django.template.response import TemplateResponse
|
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
from django.views import View
|
|
|
|
|
|
|
|
from bookwyrm import models
|
|
|
|
from bookwyrm.emailing import password_reset_email
|
|
|
|
|
|
|
|
|
|
|
|
# pylint: disable= no-self-use
|
|
|
|
class PasswordResetRequest(View):
|
|
|
|
''' forgot password flow '''
|
|
|
|
def get(self, request):
|
|
|
|
''' password reset page '''
|
|
|
|
return TemplateResponse(
|
|
|
|
request,
|
|
|
|
'password_reset_request.html',
|
|
|
|
{'title': 'Reset Password'}
|
|
|
|
)
|
|
|
|
|
|
|
|
def post(self, request):
|
|
|
|
''' create a password reset token '''
|
|
|
|
email = request.POST.get('email')
|
|
|
|
try:
|
|
|
|
user = models.User.objects.get(email=email)
|
|
|
|
except models.User.DoesNotExist:
|
|
|
|
return redirect('/password-reset')
|
|
|
|
|
|
|
|
# remove any existing password reset cods for this user
|
|
|
|
models.PasswordReset.objects.filter(user=user).all().delete()
|
|
|
|
|
|
|
|
# create a new reset code
|
|
|
|
code = models.PasswordReset.objects.create(user=user)
|
|
|
|
password_reset_email(code)
|
|
|
|
data = {'message': 'Password reset link sent to %s' % email}
|
|
|
|
return TemplateResponse(request, 'password_reset_request.html', data)
|
|
|
|
|
|
|
|
|
|
|
|
class PasswordReset(View):
|
|
|
|
''' set new password '''
|
|
|
|
def get(self, request, code):
|
|
|
|
''' endpoint for sending invites '''
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
return redirect('/')
|
|
|
|
try:
|
|
|
|
reset_code = models.PasswordReset.objects.get(code=code)
|
|
|
|
if not reset_code.valid():
|
|
|
|
raise PermissionDenied
|
|
|
|
except models.PasswordReset.DoesNotExist:
|
|
|
|
raise PermissionDenied
|
|
|
|
|
|
|
|
return TemplateResponse(
|
|
|
|
request,
|
|
|
|
'password_reset.html',
|
|
|
|
{'title': 'Reset Password', 'code': reset_code.code}
|
|
|
|
)
|
|
|
|
|
|
|
|
def post(self, request, code):
|
|
|
|
''' allow a user to change their password through an emailed token '''
|
|
|
|
try:
|
|
|
|
reset_code = models.PasswordReset.objects.get(
|
|
|
|
code=code
|
|
|
|
)
|
|
|
|
except models.PasswordReset.DoesNotExist:
|
|
|
|
data = {'errors': ['Invalid password reset link']}
|
|
|
|
return TemplateResponse(request, 'password_reset.html', data)
|
|
|
|
|
|
|
|
user = reset_code.user
|
|
|
|
|
|
|
|
new_password = request.POST.get('password')
|
|
|
|
confirm_password = request.POST.get('confirm-password')
|
|
|
|
|
|
|
|
if new_password != confirm_password:
|
|
|
|
data = {'errors': ['Passwords do not match']}
|
|
|
|
return TemplateResponse(request, 'password_reset.html', data)
|
|
|
|
|
|
|
|
user.set_password(new_password)
|
2021-02-07 06:37:40 +00:00
|
|
|
user.save(broadcast=False)
|
2021-01-12 16:48:31 +00:00
|
|
|
login(request, user)
|
|
|
|
reset_code.delete()
|
|
|
|
return redirect('/')
|
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(login_required, name='dispatch')
|
|
|
|
class ChangePassword(View):
|
|
|
|
''' change password as logged in user '''
|
2021-01-26 17:56:01 +00:00
|
|
|
def get(self, request):
|
|
|
|
''' change password page '''
|
|
|
|
data = {
|
|
|
|
'title': 'Change Password',
|
|
|
|
'user': request.user,
|
|
|
|
}
|
2021-01-29 17:28:00 +00:00
|
|
|
return TemplateResponse(
|
|
|
|
request, 'preferences/change_password.html', data)
|
2021-01-26 17:56:01 +00:00
|
|
|
|
2021-01-12 16:48:31 +00:00
|
|
|
def post(self, request):
|
|
|
|
''' allow a user to change their password '''
|
|
|
|
new_password = request.POST.get('password')
|
|
|
|
confirm_password = request.POST.get('confirm-password')
|
|
|
|
|
|
|
|
if new_password != confirm_password:
|
2021-01-29 17:28:00 +00:00
|
|
|
return redirect('preferences/password')
|
2021-01-12 16:48:31 +00:00
|
|
|
|
|
|
|
request.user.set_password(new_password)
|
2021-02-07 06:37:40 +00:00
|
|
|
request.user.save(broadcast=False)
|
2021-01-12 16:48:31 +00:00
|
|
|
login(request, request.user)
|
2021-01-29 17:28:00 +00:00
|
|
|
return redirect(request.user.local_path)
|