1 # -*- coding: utf-8 -*-
3 # portal/views.py: views for the portal application
4 # This file is part of the Manifold project.
7 # Mohammed Yasin Rahman <mohammed-yasin.rahman@lip6.fr>
8 # Copyright 2014, UPMC Sorbonne Universités / LIP6
10 # This program is free software; you can redistribute it and/or modify it under
11 # the terms of the GNU General Public License as published by the Free Software
12 # Foundation; either version 3, or (at your option) any later version.
14 # This program is distributed in the hope that it will be useful, but WITHOUT
15 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
19 # You should have received a copy of the GNU General Public License along with
20 # this program; see the file COPYING. If not, write to the Free Software
21 # Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's
31 registered email address.
33 If the email address provided does not exist in the system, this view won't send an email, but the user won't receive any error message either.
34 This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
35 and use the password_reset_form argument.
37 Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external
38 authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
40 More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
46 from urllib.parse import urlparse, urlunparse
47 except ImportError: # Python 2
48 from urlparse import urlparse, urlunparse
50 from django.conf import settings
51 from django.core.urlresolvers import reverse
52 from django.http import HttpResponseRedirect, QueryDict
53 from django.template.response import TemplateResponse
54 from django.utils.http import base36_to_int, is_safe_url
55 from django.utils.translation import ugettext as _
56 from django.shortcuts import resolve_url
57 from django.views.decorators.debug import sensitive_post_parameters
58 from django.views.decorators.cache import never_cache
59 from django.views.decorators.csrf import csrf_protect
61 # Avoid shadowing the login() and logout() views below.
62 from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout, get_user_model
63 from django.contrib.auth.decorators import login_required
64 from portal.forms import PasswordResetForm, SetPasswordForm
65 from django.contrib.auth.tokens import default_token_generator
66 from django.contrib.sites.models import get_current_site
67 from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
73 from random import choice
75 from django.core.mail import send_mail
76 from django.contrib import messages
77 from django.views.generic import View
78 from django.shortcuts import render
79 from django.http import HttpResponse, HttpResponseRedirect
81 from unfold.loginrequired import FreeAccessView
82 from ui.topmenu import topmenu_items_live
84 from manifold.manifoldapi import execute_admin_query
85 from manifold.core.query import Query
86 from portal.actions import manifold_update_user
88 from portal.forms import PassResetForm
89 from portal.actions import manifold_update_user
93 # 4 views for password reset:
94 # - password_reset sends the mail
95 # - password_reset_done shows a success message for the above
96 # - password_reset_confirm checks the link the user clicked and
97 # prompts for a new password
98 # - password_reset_complete shows a success message for the above
101 def password_reset(request, is_admin_site=False,
102 template_name='password_reset_form.html',
103 email_template_name='password_reset_email.html',
104 subject_template_name='registration/password_reset_subject.txt',
105 password_reset_form=PasswordResetForm,
106 token_generator=default_token_generator,
107 post_reset_redirect=None,
111 if post_reset_redirect is None:
112 post_reset_redirect = reverse('portal.django_passresetview.password_reset_done')
113 if request.method == "POST":
114 form = password_reset_form(request.POST)
117 ### email check in manifold DB ###
118 email = form.cleaned_data['email'] # email inserted on the form
119 user_query = Query().get('local:user').select('user_id','email')
120 user_details = execute_admin_query(request, user_query)
122 for user_detail in user_details:
123 if user_detail['email']==email:
128 messages.error(request, 'Sorry, this email is not registered.')
129 return render(request, 'password_reset_form.html', {
132 ### end of email check in manifold ###
135 'use_https': request.is_secure(),
136 'token_generator': token_generator,
137 'from_email': from_email,
138 'email_template_name': email_template_name,
139 'subject_template_name': subject_template_name,
143 opts = dict(opts, domain_override=request.get_host())
145 return HttpResponseRedirect(post_reset_redirect)
147 form = password_reset_form()
151 if extra_context is not None:
152 context.update(extra_context)
153 return TemplateResponse(request, template_name, context,
154 current_app=current_app)
157 def password_reset_done(request,
158 template_name='password_reset_done.html',
159 current_app=None, extra_context=None):
161 if extra_context is not None:
162 context.update(extra_context)
163 return TemplateResponse(request, template_name, context,
164 current_app=current_app)
167 # Doesn't need csrf_protect since no-one can guess the URL
168 @sensitive_post_parameters()
170 def password_reset_confirm(request, uidb36=None, token=None,
171 template_name='password_reset_confirm.html',
172 token_generator=default_token_generator,
173 set_password_form=SetPasswordForm,
174 post_reset_redirect=None,
175 current_app=None, extra_context=None):
177 View that checks the hash in a password reset link and presents a
178 form for entering a new password.
180 UserModel = get_user_model()
181 assert uidb36 is not None and token is not None # checked by URLconf
182 if post_reset_redirect is None:
183 post_reset_redirect = reverse('portal.django_passresetview.password_reset_complete')
185 uid_int = base36_to_int(uidb36)
186 user = UserModel._default_manager.get(pk=uid_int)
187 except (ValueError, OverflowError, UserModel.DoesNotExist):
190 if user is not None and token_generator.check_token(user, token):
192 if request.method == 'POST':
193 form = set_password_form(user, request.POST)
196 ### manifold pass update ###
197 #password = form.cleaned_data('password1')
198 password=request.POST['new_password1']
199 user_query = Query().get('local:user').select('user_id','email','password')
200 user_details = execute_admin_query(request, user_query)
201 for user_detail in user_details:
202 if user_detail['email'] == user.email:
203 user_detail['password'] = password
204 #updating password in local:user
205 user_params = { 'password': user_detail['password']}
206 manifold_update_user(request,user.email,user_params)
207 ### end of manifold pass update ###
211 return HttpResponseRedirect(post_reset_redirect)
213 form = set_password_form(None)
219 'validlink': validlink,
221 if extra_context is not None:
222 context.update(extra_context)
223 return TemplateResponse(request, template_name, context,
224 current_app=current_app)
227 def password_reset_complete(request,
228 template_name='password_reset_complete.html',
229 current_app=None, extra_context=None):
231 'login_url': resolve_url(settings.LOGIN_URL)
233 if extra_context is not None:
234 context.update(extra_context)
235 return TemplateResponse(request, template_name, context,
236 current_app=current_app)