This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
and use the password_reset_form argument.
-Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external
authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
from portal.forms import PasswordResetForm, SetPasswordForm
from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
##
import os.path, re
@csrf_protect
def password_reset(request, is_admin_site=False,
- template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html',
+ template_name='password_reset_form.html',
+ email_template_name='password_reset_email.html',
subject_template_name='registration/password_reset_subject.txt',
password_reset_form=PasswordResetForm,
token_generator=default_token_generator,
if form.is_valid():
### email check in manifold DB ###
- email = form.cleaned_data['email'] # email inserted on the form
+ email = form.cleaned_data['email'].lower() # email inserted on the form
user_query = Query().get('local:user').select('user_id','email')
user_details = execute_admin_query(request, user_query)
flag = 0
if flag == 0:
messages.error(request, 'Sorry, this email is not registered.')
- return render(request, 'registration/password_reset_form.html', {
+ return render(request, 'password_reset_form.html', {
'form': form,
})
### end of email check in manifold ###
def password_reset_done(request,
- template_name='registration/password_reset_done.html',
+ template_name='password_reset_done.html',
current_app=None, extra_context=None):
context = {}
if extra_context is not None:
@sensitive_post_parameters()
@never_cache
def password_reset_confirm(request, uidb36=None, token=None,
- template_name='registration/password_reset_confirm.html',
+ template_name='password_reset_confirm.html',
token_generator=default_token_generator,
set_password_form=SetPasswordForm,
post_reset_redirect=None,
### manifold pass update ###
#password = form.cleaned_data('password1')
password=request.POST['new_password1']
- user_query = Query().get('local:user').select('user_id','email','password')
- user_details = execute_admin_query(request, user_query)
- for user_detail in user_details:
- if user_detail['email'] == user.email:
- user_detail['password'] = password
+ #user_query = Query().get('local:user').select('user_id','email','password')
+ #user_details = execute_admin_query(request, user_query)
+ #for user_detail in user_details:
+ # if user_detail['email'] == user.email:
+ # user_detail['password'] = password
#updating password in local:user
- user_params = { 'password': user_detail['password']}
+ user_params = { 'password': password}
manifold_update_user(request,user.email,user_params)
### end of manifold pass update ###
def password_reset_complete(request,
- template_name='registration/password_reset_complete.html',
+ template_name='password_reset_complete.html',
current_app=None, extra_context=None):
context = {
'login_url': resolve_url(settings.LOGIN_URL)