reqeustToken/resetPassword

This commit is contained in:
j 2010-12-24 18:24:35 +05:30
parent 33351a024e
commit 80c0aad0d6
6 changed files with 92 additions and 43 deletions

View file

@ -24,7 +24,6 @@ urlpatterns = patterns('',
(r'^site.json$', 'app.views.site_json'),
(r'^timeline$', 'app.views.timeline'),
(r'^file/(?P<oshash>.*)$', 'archive.views.lookup_file'),
(r'^r/(?P<key>.*)$', 'user.views.recover'),
(r'^api/$', include('api.urls')),
(r'', include('item.urls')),
(r'^robots.txt$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'robots.txt'), 'content_type': 'text/plain'}),

View file

@ -12,7 +12,7 @@ from django.conf import settings
from ox.utils import json
class UserProfile(models.Model):
recover_key = models.TextField()
reset_token = models.TextField(blank=True, null=True, unique=True)
user = models.ForeignKey(User, unique=True)
files_updated = models.DateTimeField(default=datetime.now)

View file

@ -0,0 +1,12 @@
Somebody tried to reset your password for {{sitename}}.
If it is you, and still want to reset your password.
Use this token
{{token}}
to reset your password.
If you did not request a password, you can safely ignore this e-mail.
{{sitename}}

View file

@ -1,10 +0,0 @@
Somebody requested a new password for your {{sitename}} account.
If it is you, and if you forgot your password, you can login
by clicking the following url:
{{recover_url}}
If you did not request a password, you can safely ignore this e-mail.
{{sitename}}

View file

@ -9,6 +9,5 @@ urlpatterns = patterns("user.views",
(r'^login', 'login'),
(r'^logout', 'logout'),
(r'^register', 'register'),
(r'^recover', 'recover'),
)

View file

@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
# -*- coding: utf-8 -*-
# vi:si:et:sw=4:sts=4:ts=4
import uuid
import hashlib
import random
random.seed()
from django import forms
from django.contrib.auth.models import User
@ -14,6 +14,7 @@ from django.core.mail import send_mail, BadHeaderError
from ox.django.shortcuts import render_to_json_response, json_response
from ox.django.decorators import login_required_json
import ox
import models
@ -136,6 +137,12 @@ def register(request):
'email': 'Email address already exits'
}
})
elif not form.data['password']:
response = json_response({
'errors': {
'password': 'Password can not be empty'
}
})
else:
first_user = models.User.objects.count() == 0
user = models.User(username=form.data['username'], email=form.data['email'])
@ -156,10 +163,64 @@ def register(request):
return render_to_json_response(response)
actions.register(register)
def resetPassword(request):
'''
param data {
token: reset token
password: new password
}
return {
status: {'code': int, 'text': string}
data: {
errors: {
token: 'Invalid token'
}
user {
}
}
}
'''
data = json.loads(request.POST['data'])
if 'token' in data and 'password' in data:
if not data['password']:
response = json_response({
'errors': {
'password': 'Password can not be empty'
}
})
else:
qs = models.UserProfile.objects.filter(reset_token=data['token'])
if qs.count() == 1:
user = qs[0].user
user.set_password(data['password'])
user.save()
user_profile = user.get_profile()
user_profile.reset_token = None
user_profile.save()
user = authenticate(username=user.username, password=data['password'])
login(request, user)
user_json = models.get_user_json(user)
response = json_response({
'user': user_json
}, text='password reset')
else:
response = json_response({
'errors': {
'token': 'Invalid token'
}
})
else:
response = json_response(status=400, text='invalid data')
return render_to_json_response(response)
actions.register(resetPassword)
class RecoverForm(forms.Form):
username_or_email = forms.TextInput()
def api_recover(request):
def requestToken(request):
'''
param data {
username_or_email: username
@ -171,6 +232,7 @@ def api_recover(request):
errors: {
username_or_email: 'Username or email address not found'
}
username: user
}
}
'''
@ -187,20 +249,26 @@ def api_recover(request):
if q.count() > 0:
user = q[0]
if user:
key = hashlib.sha1(str(uuid.uuid4())).hexdigest()
while True:
token = ox.to32(random.randint(0, 1000000000))
if models.UserProfile.objects.filter(reset_token=token).count() == 0:
break
user_profile = user.get_profile()
user_profile.recover_key = key
user_profile.reset_token = token
user_profile.save()
template = loader.get_template('recover_email.txt')
template = loader.get_template('password_reset_email.txt')
context = RequestContext(request, {
'recover_url': request.build_absolute_uri("/r/%s" % key),
'url': request.build_absolute_uri("/"),
'token': token,
'sitename': settings.SITENAME,
})
message = template.render(context)
subject = '%s account recovery' % settings.SITENAME
subject = '%s password reset' % settings.SITENAME
user.email_user(subject, message)
response = json_response(text='recover email sent')
response = json_response({
'username': user.username
}, text='recover email sent')
else:
response = json_response({
'errors': {
@ -210,7 +278,7 @@ def api_recover(request):
else:
response = json_response(status=400, text='invalid data')
return render_to_json_response(response)
actions.register(api_recover, 'recover')
actions.register(requestToken)
def findUser(request):
'''
@ -233,25 +301,6 @@ def findUser(request):
return render_to_json_response(response)
actions.register(findUser)
def recover(request, key):
'''
recover user and redirect to settings
'''
qs = models.UserProfile.objects.filter(recover_key=key)
if qs.count() == 1:
user = qs[0].user
user.set_password(key)
user.save()
user_profile = user.get_profile()
user_profile.recover_key = ''
user_profile.save()
user = authenticate(username=user.username, password=key)
login(request, user)
#FIXME: set message to notify user to update password
return redirect('/#settings')
return redirect('/')
class ContactForm(forms.Form):
email = forms.EmailField()
subject = forms.TextInput()