X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=portal%2Fdjango_passresetview.py;h=6997008a7ce590446d6177f812042ce7b045b7f9;hb=refs%2Fheads%2Fonelab;hp=1126f1065a1a40307373d16bb0fb5a9c859c1f3f;hpb=0c34b56ff3e9887a592363ce92753a6a8383aa45;p=myslice.git diff --git a/portal/django_passresetview.py b/portal/django_passresetview.py index 1126f106..6997008a 100644 --- a/portal/django_passresetview.py +++ b/portal/django_passresetview.py @@ -1,3 +1,47 @@ +# -*- coding: utf-8 -*- +# +# portal/views.py: views for the portal application +# This file is part of the Manifold project. +# +# Author: +# Mohammed Yasin Rahman +# Copyright 2014, UPMC Sorbonne Universités / LIP6 +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# You should have received a copy of the GNU General Public License along with +# this program; see the file COPYING. If not, write to the Free Software +# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + + + + +""" +View Description: + +Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's +registered email address. + +If the email address provided does not exist in the system, this view won't send an email, but the user won't receive any error message either. +This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm +and use the password_reset_form argument. + +Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external +authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either. + +More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users +""" + + + try: from urllib.parse import urlparse, urlunparse except ImportError: # Python 2 @@ -20,7 +64,7 @@ from django.contrib.auth.decorators import login_required from portal.forms import PasswordResetForm, SetPasswordForm from django.contrib.auth.tokens import default_token_generator from django.contrib.sites.models import get_current_site -from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher +from django.contrib.auth.hashers import identify_hasher ## import os.path, re @@ -28,7 +72,6 @@ import json from random import choice -from django.core.mail import send_mail from django.contrib import messages from django.views.generic import View from django.shortcuts import render @@ -37,14 +80,14 @@ from django.http import HttpResponse, HttpResponseRedirec from unfold.loginrequired import FreeAccessView from ui.topmenu import topmenu_items_live -from manifold.manifoldapi import execute_admin_query +from manifoldapi.manifoldapi import execute_admin_query from manifold.core.query import Query -from portal.actions import manifold_update_user +from portal.actions import manifold_update_user from portal.forms import PassResetForm from portal.actions import manifold_update_user - +from myslice.theme import ThemeView # 4 views for password reset: # - password_reset sends the mail @@ -55,8 +98,8 @@ from portal.actions import manifold_update_user @csrf_protect def password_reset(request, is_admin_site=False, - template_name='registration/password_reset_form.html', - email_template_name='registration/password_reset_email.html', + template_name='password_reset_form.html', + email_template_name='password_reset_email.html', subject_template_name='registration/password_reset_subject.txt', password_reset_form=PasswordResetForm, token_generator=default_token_generator, @@ -64,6 +107,10 @@ def password_reset(request, is_admin_site=False, from_email=None, current_app=None, extra_context=None): + + themeview = ThemeView() + themeview.template_name = template_name + if post_reset_redirect is None: post_reset_redirect = reverse('portal.django_passresetview.password_reset_done') if request.method == "POST": @@ -71,7 +118,7 @@ def password_reset(request, is_admin_site=False, if form.is_valid(): ### email check in manifold DB ### - email = form.cleaned_data['email'] # email inserted on the form + email = form.cleaned_data['email'].lower() # email inserted on the form user_query = Query().get('local:user').select('user_id','email') user_details = execute_admin_query(request, user_query) flag = 0 @@ -82,9 +129,12 @@ def password_reset(request, is_admin_site=False, if flag == 0: messages.error(request, 'Sorry, this email is not registered.') - return render(request, 'registration/password_reset_form.html', { + context = { 'form': form, - }) + 'theme': themeview.theme + } + return TemplateResponse(request, themeview.template, context,current_app=current_app) + ### end of email check in manifold ### opts = { @@ -103,20 +153,25 @@ def password_reset(request, is_admin_site=False, form = password_reset_form() context = { 'form': form, + 'theme': themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) def password_reset_done(request, - template_name='registration/password_reset_done.html', + template_name='password_reset_done.html', current_app=None, extra_context=None): - context = {} + themeview = ThemeView() + themeview.template_name = template_name + context = { + 'theme' : themeview.theme + } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) @@ -124,7 +179,7 @@ def password_reset_done(request, @sensitive_post_parameters() @never_cache def password_reset_confirm(request, uidb36=None, token=None, - template_name='registration/password_reset_confirm.html', + template_name='password_reset_confirm.html', token_generator=default_token_generator, set_password_form=SetPasswordForm, post_reset_redirect=None, @@ -133,6 +188,9 @@ def password_reset_confirm(request, uidb36=None, token=None, View that checks the hash in a password reset link and presents a form for entering a new password. """ + themeview = ThemeView() + themeview.template_name = template_name + UserModel = get_user_model() assert uidb36 is not None and token is not None # checked by URLconf if post_reset_redirect is None: @@ -152,13 +210,13 @@ def password_reset_confirm(request, uidb36=None, token=None, ### manifold pass update ### #password = form.cleaned_data('password1') password=request.POST['new_password1'] - user_query = Query().get('local:user').select('user_id','email','password') - user_details = execute_admin_query(request, user_query) - for user_detail in user_details: - if user_detail['email'] == user.email: - user_detail['password'] = password + #user_query = Query().get('local:user').select('user_id','email','password') + #user_details = execute_admin_query(request, user_query) + #for user_detail in user_details: + # if user_detail['email'] == user.email: + # user_detail['password'] = password #updating password in local:user - user_params = { 'password': user_detail['password']} + user_params = { 'password': password} manifold_update_user(request,user.email,user_params) ### end of manifold pass update ### @@ -173,22 +231,26 @@ def password_reset_confirm(request, uidb36=None, token=None, context = { 'form': form, 'validlink': validlink, + 'theme' : themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) def password_reset_complete(request, - template_name='registration/password_reset_complete.html', + template_name='password_reset_complete.html', current_app=None, extra_context=None): + themeview = ThemeView() + themeview.template_name = template_name context = { - 'login_url': resolve_url(settings.LOGIN_URL) + 'login_url': resolve_url(settings.LOGIN_URL), + 'theme' : themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app)