reqeustToken/resetPassword
This commit is contained in:
parent
33351a024e
commit
80c0aad0d6
6 changed files with 92 additions and 43 deletions
|
@ -24,7 +24,6 @@ urlpatterns = patterns('',
|
||||||
(r'^site.json$', 'app.views.site_json'),
|
(r'^site.json$', 'app.views.site_json'),
|
||||||
(r'^timeline$', 'app.views.timeline'),
|
(r'^timeline$', 'app.views.timeline'),
|
||||||
(r'^file/(?P<oshash>.*)$', 'archive.views.lookup_file'),
|
(r'^file/(?P<oshash>.*)$', 'archive.views.lookup_file'),
|
||||||
(r'^r/(?P<key>.*)$', 'user.views.recover'),
|
|
||||||
(r'^api/$', include('api.urls')),
|
(r'^api/$', include('api.urls')),
|
||||||
(r'', include('item.urls')),
|
(r'', include('item.urls')),
|
||||||
(r'^robots.txt$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'robots.txt'), 'content_type': 'text/plain'}),
|
(r'^robots.txt$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'robots.txt'), 'content_type': 'text/plain'}),
|
||||||
|
|
|
@ -12,7 +12,7 @@ from django.conf import settings
|
||||||
from ox.utils import json
|
from ox.utils import json
|
||||||
|
|
||||||
class UserProfile(models.Model):
|
class UserProfile(models.Model):
|
||||||
recover_key = models.TextField()
|
reset_token = models.TextField(blank=True, null=True, unique=True)
|
||||||
user = models.ForeignKey(User, unique=True)
|
user = models.ForeignKey(User, unique=True)
|
||||||
|
|
||||||
files_updated = models.DateTimeField(default=datetime.now)
|
files_updated = models.DateTimeField(default=datetime.now)
|
||||||
|
|
12
pandora/user/templates/password_reset_email.txt
Normal file
12
pandora/user/templates/password_reset_email.txt
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
Somebody tried to reset your password for {{sitename}}.
|
||||||
|
|
||||||
|
If it is you, and still want to reset your password.
|
||||||
|
Use this token
|
||||||
|
|
||||||
|
{{token}}
|
||||||
|
|
||||||
|
to reset your password.
|
||||||
|
|
||||||
|
If you did not request a password, you can safely ignore this e-mail.
|
||||||
|
|
||||||
|
{{sitename}}
|
|
@ -1,10 +0,0 @@
|
||||||
Somebody requested a new password for your {{sitename}} account.
|
|
||||||
|
|
||||||
If it is you, and if you forgot your password, you can login
|
|
||||||
by clicking the following url:
|
|
||||||
|
|
||||||
{{recover_url}}
|
|
||||||
|
|
||||||
If you did not request a password, you can safely ignore this e-mail.
|
|
||||||
|
|
||||||
{{sitename}}
|
|
|
@ -9,6 +9,5 @@ urlpatterns = patterns("user.views",
|
||||||
(r'^login', 'login'),
|
(r'^login', 'login'),
|
||||||
(r'^logout', 'logout'),
|
(r'^logout', 'logout'),
|
||||||
(r'^register', 'register'),
|
(r'^register', 'register'),
|
||||||
(r'^recover', 'recover'),
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
# vi:si:et:sw=4:sts=4:ts=4
|
# vi:si:et:sw=4:sts=4:ts=4
|
||||||
import uuid
|
import random
|
||||||
import hashlib
|
random.seed()
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
|
@ -14,6 +14,7 @@ from django.core.mail import send_mail, BadHeaderError
|
||||||
|
|
||||||
from ox.django.shortcuts import render_to_json_response, json_response
|
from ox.django.shortcuts import render_to_json_response, json_response
|
||||||
from ox.django.decorators import login_required_json
|
from ox.django.decorators import login_required_json
|
||||||
|
import ox
|
||||||
|
|
||||||
import models
|
import models
|
||||||
|
|
||||||
|
@ -136,6 +137,12 @@ def register(request):
|
||||||
'email': 'Email address already exits'
|
'email': 'Email address already exits'
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
elif not form.data['password']:
|
||||||
|
response = json_response({
|
||||||
|
'errors': {
|
||||||
|
'password': 'Password can not be empty'
|
||||||
|
}
|
||||||
|
})
|
||||||
else:
|
else:
|
||||||
first_user = models.User.objects.count() == 0
|
first_user = models.User.objects.count() == 0
|
||||||
user = models.User(username=form.data['username'], email=form.data['email'])
|
user = models.User(username=form.data['username'], email=form.data['email'])
|
||||||
|
@ -156,10 +163,64 @@ def register(request):
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(register)
|
actions.register(register)
|
||||||
|
|
||||||
|
def resetPassword(request):
|
||||||
|
'''
|
||||||
|
param data {
|
||||||
|
token: reset token
|
||||||
|
password: new password
|
||||||
|
}
|
||||||
|
|
||||||
|
return {
|
||||||
|
status: {'code': int, 'text': string}
|
||||||
|
data: {
|
||||||
|
errors: {
|
||||||
|
token: 'Invalid token'
|
||||||
|
}
|
||||||
|
user {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'''
|
||||||
|
data = json.loads(request.POST['data'])
|
||||||
|
if 'token' in data and 'password' in data:
|
||||||
|
if not data['password']:
|
||||||
|
response = json_response({
|
||||||
|
'errors': {
|
||||||
|
'password': 'Password can not be empty'
|
||||||
|
}
|
||||||
|
})
|
||||||
|
else:
|
||||||
|
qs = models.UserProfile.objects.filter(reset_token=data['token'])
|
||||||
|
if qs.count() == 1:
|
||||||
|
user = qs[0].user
|
||||||
|
user.set_password(data['password'])
|
||||||
|
user.save()
|
||||||
|
user_profile = user.get_profile()
|
||||||
|
user_profile.reset_token = None
|
||||||
|
user_profile.save()
|
||||||
|
user = authenticate(username=user.username, password=data['password'])
|
||||||
|
login(request, user)
|
||||||
|
|
||||||
|
user_json = models.get_user_json(user)
|
||||||
|
response = json_response({
|
||||||
|
'user': user_json
|
||||||
|
}, text='password reset')
|
||||||
|
else:
|
||||||
|
response = json_response({
|
||||||
|
'errors': {
|
||||||
|
'token': 'Invalid token'
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
else:
|
||||||
|
response = json_response(status=400, text='invalid data')
|
||||||
|
return render_to_json_response(response)
|
||||||
|
actions.register(resetPassword)
|
||||||
|
|
||||||
class RecoverForm(forms.Form):
|
class RecoverForm(forms.Form):
|
||||||
username_or_email = forms.TextInput()
|
username_or_email = forms.TextInput()
|
||||||
|
|
||||||
def api_recover(request):
|
def requestToken(request):
|
||||||
'''
|
'''
|
||||||
param data {
|
param data {
|
||||||
username_or_email: username
|
username_or_email: username
|
||||||
|
@ -171,6 +232,7 @@ def api_recover(request):
|
||||||
errors: {
|
errors: {
|
||||||
username_or_email: 'Username or email address not found'
|
username_or_email: 'Username or email address not found'
|
||||||
}
|
}
|
||||||
|
username: user
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
'''
|
'''
|
||||||
|
@ -187,20 +249,26 @@ def api_recover(request):
|
||||||
if q.count() > 0:
|
if q.count() > 0:
|
||||||
user = q[0]
|
user = q[0]
|
||||||
if user:
|
if user:
|
||||||
key = hashlib.sha1(str(uuid.uuid4())).hexdigest()
|
while True:
|
||||||
|
token = ox.to32(random.randint(0, 1000000000))
|
||||||
|
if models.UserProfile.objects.filter(reset_token=token).count() == 0:
|
||||||
|
break
|
||||||
user_profile = user.get_profile()
|
user_profile = user.get_profile()
|
||||||
user_profile.recover_key = key
|
user_profile.reset_token = token
|
||||||
user_profile.save()
|
user_profile.save()
|
||||||
|
|
||||||
template = loader.get_template('recover_email.txt')
|
template = loader.get_template('password_reset_email.txt')
|
||||||
context = RequestContext(request, {
|
context = RequestContext(request, {
|
||||||
'recover_url': request.build_absolute_uri("/r/%s" % key),
|
'url': request.build_absolute_uri("/"),
|
||||||
|
'token': token,
|
||||||
'sitename': settings.SITENAME,
|
'sitename': settings.SITENAME,
|
||||||
})
|
})
|
||||||
message = template.render(context)
|
message = template.render(context)
|
||||||
subject = '%s account recovery' % settings.SITENAME
|
subject = '%s password reset' % settings.SITENAME
|
||||||
user.email_user(subject, message)
|
user.email_user(subject, message)
|
||||||
response = json_response(text='recover email sent')
|
response = json_response({
|
||||||
|
'username': user.username
|
||||||
|
}, text='recover email sent')
|
||||||
else:
|
else:
|
||||||
response = json_response({
|
response = json_response({
|
||||||
'errors': {
|
'errors': {
|
||||||
|
@ -210,7 +278,7 @@ def api_recover(request):
|
||||||
else:
|
else:
|
||||||
response = json_response(status=400, text='invalid data')
|
response = json_response(status=400, text='invalid data')
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(api_recover, 'recover')
|
actions.register(requestToken)
|
||||||
|
|
||||||
def findUser(request):
|
def findUser(request):
|
||||||
'''
|
'''
|
||||||
|
@ -233,25 +301,6 @@ def findUser(request):
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(findUser)
|
actions.register(findUser)
|
||||||
|
|
||||||
def recover(request, key):
|
|
||||||
'''
|
|
||||||
recover user and redirect to settings
|
|
||||||
'''
|
|
||||||
qs = models.UserProfile.objects.filter(recover_key=key)
|
|
||||||
if qs.count() == 1:
|
|
||||||
user = qs[0].user
|
|
||||||
user.set_password(key)
|
|
||||||
user.save()
|
|
||||||
user_profile = user.get_profile()
|
|
||||||
user_profile.recover_key = ''
|
|
||||||
user_profile.save()
|
|
||||||
user = authenticate(username=user.username, password=key)
|
|
||||||
login(request, user)
|
|
||||||
|
|
||||||
#FIXME: set message to notify user to update password
|
|
||||||
return redirect('/#settings')
|
|
||||||
return redirect('/')
|
|
||||||
|
|
||||||
class ContactForm(forms.Form):
|
class ContactForm(forms.Form):
|
||||||
email = forms.EmailField()
|
email = forms.EmailField()
|
||||||
subject = forms.TextInput()
|
subject = forms.TextInput()
|
||||||
|
|
Loading…
Reference in a new issue