+# -*- coding: utf-8 -*-
+#
+# portal/views.py: views for the portal application
+# This file is part of the Manifold project.
+#
+# Author:
+# Mohammed Yasin Rahman <mohammed-yasin.rahman@lip6.fr>
+# Copyright 2014, UPMC Sorbonne Universités / LIP6
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; see the file COPYING. If not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+
+
+
+"""
+View Description:
+
+Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's
+registered email address.
+
+If the email address provided does not exist in the system, this view won't send an email, but the user won't receive any error message either.
+This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
+and use the password_reset_form argument.
+
+Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external
+authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
+
+More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
+"""
+
+
+
try:
from urllib.parse import urlparse, urlunparse
except ImportError: # Python 2
@csrf_protect
def password_reset(request, is_admin_site=False,
- template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html',
+ template_name='password_reset_form.html',
+ email_template_name='password_reset_email.html',
subject_template_name='registration/password_reset_subject.txt',
password_reset_form=PasswordResetForm,
token_generator=default_token_generator,
if form.is_valid():
### email check in manifold DB ###
- email = form.cleaned_data['email'] # email inserted on the form
+ email = form.cleaned_data['email'].lower() # email inserted on the form
user_query = Query().get('local:user').select('user_id','email')
user_details = execute_admin_query(request, user_query)
flag = 0
if flag == 0:
messages.error(request, 'Sorry, this email is not registered.')
- return render(request, 'registration/password_reset_form.html', {
+ return render(request, 'password_reset_form.html', {
'form': form,
})
### end of email check in manifold ###
def password_reset_done(request,
- template_name='registration/password_reset_done.html',
+ template_name='password_reset_done.html',
current_app=None, extra_context=None):
context = {}
if extra_context is not None:
@sensitive_post_parameters()
@never_cache
def password_reset_confirm(request, uidb36=None, token=None,
- template_name='registration/password_reset_confirm.html',
+ template_name='password_reset_confirm.html',
token_generator=default_token_generator,
set_password_form=SetPasswordForm,
post_reset_redirect=None,
### manifold pass update ###
#password = form.cleaned_data('password1')
password=request.POST['new_password1']
- user_query = Query().get('local:user').select('user_id','email','password')
- user_details = execute_admin_query(request, user_query)
- for user_detail in user_details:
- if user_detail['email'] == user.email:
- user_detail['password'] = password
+ #user_query = Query().get('local:user').select('user_id','email','password')
+ #user_details = execute_admin_query(request, user_query)
+ #for user_detail in user_details:
+ # if user_detail['email'] == user.email:
+ # user_detail['password'] = password
#updating password in local:user
- user_params = { 'password': user_detail['password']}
+ user_params = { 'password': password}
manifold_update_user(request,user.email,user_params)
### end of manifold pass update ###
def password_reset_complete(request,
- template_name='registration/password_reset_complete.html',
+ template_name='password_reset_complete.html',
current_app=None, extra_context=None):
context = {
'login_url': resolve_url(settings.LOGIN_URL)