+# -*- coding: utf-8 -*-
+#
+# portal/views.py: views for the portal application
+# This file is part of the Manifold project.
+#
+# Author:
+# Mohammed Yasin Rahman <mohammed-yasin.rahman@lip6.fr>
+# Copyright 2014, UPMC Sorbonne Universités / LIP6
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; see the file COPYING. If not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+
+
+
+"""
+View Description:
+
+Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's
+registered email address.
+
+If the email address provided does not exist in the system, this view won't send an email, but the user won't receive any error message either.
+This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
+and use the password_reset_form argument.
+
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external
+authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
+
+More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
+"""
+
+
+
try:
from urllib.parse import urlparse, urlunparse
except ImportError: # Python 2
from portal.forms import PasswordResetForm, SetPasswordForm
from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
##
import os.path, re
from random import choice
-from django.core.mail import send_mail
from django.contrib import messages
from django.views.generic import View
from django.shortcuts import render
from unfold.loginrequired import FreeAccessView
from ui.topmenu import topmenu_items_live
-from manifold.manifoldapi import execute_admin_query
+from manifoldapi.manifoldapi import execute_admin_query
from manifold.core.query import Query
-from portal.actions import manifold_update_user
+from portal.actions import manifold_update_user
from portal.forms import PassResetForm
from portal.actions import manifold_update_user
-
+from myslice.theme import ThemeView
# 4 views for password reset:
# - password_reset sends the mail
@csrf_protect
def password_reset(request, is_admin_site=False,
- template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html',
+ template_name='password_reset_form.html',
+ email_template_name='password_reset_email.html',
subject_template_name='registration/password_reset_subject.txt',
password_reset_form=PasswordResetForm,
token_generator=default_token_generator,
from_email=None,
current_app=None,
extra_context=None):
+
+ themeview = ThemeView()
+ themeview.template_name = template_name
+
if post_reset_redirect is None:
post_reset_redirect = reverse('portal.django_passresetview.password_reset_done')
if request.method == "POST":
if form.is_valid():
### email check in manifold DB ###
- email = form.cleaned_data['email'] # email inserted on the form
+ email = form.cleaned_data['email'].lower() # email inserted on the form
user_query = Query().get('local:user').select('user_id','email')
user_details = execute_admin_query(request, user_query)
flag = 0
if flag == 0:
messages.error(request, 'Sorry, this email is not registered.')
- return render(request, 'registration/password_reset_form.html', {
+ context = {
'form': form,
- })
+ 'theme': themeview.theme
+ }
+ return TemplateResponse(request, themeview.template, context,current_app=current_app)
+
### end of email check in manifold ###
opts = {
form = password_reset_form()
context = {
'form': form,
+ 'theme': themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
def password_reset_done(request,
- template_name='registration/password_reset_done.html',
+ template_name='password_reset_done.html',
current_app=None, extra_context=None):
- context = {}
+ themeview = ThemeView()
+ themeview.template_name = template_name
+ context = {
+ 'theme' : themeview.theme
+ }
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
@sensitive_post_parameters()
@never_cache
def password_reset_confirm(request, uidb36=None, token=None,
- template_name='registration/password_reset_confirm.html',
+ template_name='password_reset_confirm.html',
token_generator=default_token_generator,
set_password_form=SetPasswordForm,
post_reset_redirect=None,
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
+ themeview = ThemeView()
+ themeview.template_name = template_name
+
UserModel = get_user_model()
assert uidb36 is not None and token is not None # checked by URLconf
if post_reset_redirect is None:
### manifold pass update ###
#password = form.cleaned_data('password1')
password=request.POST['new_password1']
- user_query = Query().get('local:user').select('user_id','email','password')
- user_details = execute_admin_query(request, user_query)
- for user_detail in user_details:
- if user_detail['email'] == user.email:
- user_detail['password'] = password
+ #user_query = Query().get('local:user').select('user_id','email','password')
+ #user_details = execute_admin_query(request, user_query)
+ #for user_detail in user_details:
+ # if user_detail['email'] == user.email:
+ # user_detail['password'] = password
#updating password in local:user
- user_params = { 'password': user_detail['password']}
+ user_params = { 'password': password}
manifold_update_user(request,user.email,user_params)
### end of manifold pass update ###
context = {
'form': form,
'validlink': validlink,
+ 'theme' : themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
def password_reset_complete(request,
- template_name='registration/password_reset_complete.html',
+ template_name='password_reset_complete.html',
current_app=None, extra_context=None):
+ themeview = ThemeView()
+ themeview.template_name = template_name
context = {
- 'login_url': resolve_url(settings.LOGIN_URL)
+ 'login_url': resolve_url(settings.LOGIN_URL),
+ 'theme' : themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)