forked from 0x2620/pandora
reqeustToken/resetPassword
This commit is contained in:
parent
33351a024e
commit
80c0aad0d6
6 changed files with 92 additions and 43 deletions
|
@ -24,7 +24,6 @@ urlpatterns = patterns('',
|
|||
(r'^site.json$', 'app.views.site_json'),
|
||||
(r'^timeline$', 'app.views.timeline'),
|
||||
(r'^file/(?P<oshash>.*)$', 'archive.views.lookup_file'),
|
||||
(r'^r/(?P<key>.*)$', 'user.views.recover'),
|
||||
(r'^api/$', include('api.urls')),
|
||||
(r'', include('item.urls')),
|
||||
(r'^robots.txt$', serve_static_file, {'location': os.path.join(settings.STATIC_ROOT, 'robots.txt'), 'content_type': 'text/plain'}),
|
||||
|
|
|
@ -12,7 +12,7 @@ from django.conf import settings
|
|||
from ox.utils import json
|
||||
|
||||
class UserProfile(models.Model):
|
||||
recover_key = models.TextField()
|
||||
reset_token = models.TextField(blank=True, null=True, unique=True)
|
||||
user = models.ForeignKey(User, unique=True)
|
||||
|
||||
files_updated = models.DateTimeField(default=datetime.now)
|
||||
|
|
12
pandora/user/templates/password_reset_email.txt
Normal file
12
pandora/user/templates/password_reset_email.txt
Normal file
|
@ -0,0 +1,12 @@
|
|||
Somebody tried to reset your password for {{sitename}}.
|
||||
|
||||
If it is you, and still want to reset your password.
|
||||
Use this token
|
||||
|
||||
{{token}}
|
||||
|
||||
to reset your password.
|
||||
|
||||
If you did not request a password, you can safely ignore this e-mail.
|
||||
|
||||
{{sitename}}
|
|
@ -1,10 +0,0 @@
|
|||
Somebody requested a new password for your {{sitename}} account.
|
||||
|
||||
If it is you, and if you forgot your password, you can login
|
||||
by clicking the following url:
|
||||
|
||||
{{recover_url}}
|
||||
|
||||
If you did not request a password, you can safely ignore this e-mail.
|
||||
|
||||
{{sitename}}
|
|
@ -9,6 +9,5 @@ urlpatterns = patterns("user.views",
|
|||
(r'^login', 'login'),
|
||||
(r'^logout', 'logout'),
|
||||
(r'^register', 'register'),
|
||||
(r'^recover', 'recover'),
|
||||
)
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# vi:si:et:sw=4:sts=4:ts=4
|
||||
import uuid
|
||||
import hashlib
|
||||
import random
|
||||
random.seed()
|
||||
|
||||
from django import forms
|
||||
from django.contrib.auth.models import User
|
||||
|
@ -14,6 +14,7 @@ from django.core.mail import send_mail, BadHeaderError
|
|||
|
||||
from ox.django.shortcuts import render_to_json_response, json_response
|
||||
from ox.django.decorators import login_required_json
|
||||
import ox
|
||||
|
||||
import models
|
||||
|
||||
|
@ -136,6 +137,12 @@ def register(request):
|
|||
'email': 'Email address already exits'
|
||||
}
|
||||
})
|
||||
elif not form.data['password']:
|
||||
response = json_response({
|
||||
'errors': {
|
||||
'password': 'Password can not be empty'
|
||||
}
|
||||
})
|
||||
else:
|
||||
first_user = models.User.objects.count() == 0
|
||||
user = models.User(username=form.data['username'], email=form.data['email'])
|
||||
|
@ -156,10 +163,64 @@ def register(request):
|
|||
return render_to_json_response(response)
|
||||
actions.register(register)
|
||||
|
||||
def resetPassword(request):
|
||||
'''
|
||||
param data {
|
||||
token: reset token
|
||||
password: new password
|
||||
}
|
||||
|
||||
return {
|
||||
status: {'code': int, 'text': string}
|
||||
data: {
|
||||
errors: {
|
||||
token: 'Invalid token'
|
||||
}
|
||||
user {
|
||||
}
|
||||
}
|
||||
}
|
||||
'''
|
||||
data = json.loads(request.POST['data'])
|
||||
if 'token' in data and 'password' in data:
|
||||
if not data['password']:
|
||||
response = json_response({
|
||||
'errors': {
|
||||
'password': 'Password can not be empty'
|
||||
}
|
||||
})
|
||||
else:
|
||||
qs = models.UserProfile.objects.filter(reset_token=data['token'])
|
||||
if qs.count() == 1:
|
||||
user = qs[0].user
|
||||
user.set_password(data['password'])
|
||||
user.save()
|
||||
user_profile = user.get_profile()
|
||||
user_profile.reset_token = None
|
||||
user_profile.save()
|
||||
user = authenticate(username=user.username, password=data['password'])
|
||||
login(request, user)
|
||||
|
||||
user_json = models.get_user_json(user)
|
||||
response = json_response({
|
||||
'user': user_json
|
||||
}, text='password reset')
|
||||
else:
|
||||
response = json_response({
|
||||
'errors': {
|
||||
'token': 'Invalid token'
|
||||
}
|
||||
})
|
||||
|
||||
else:
|
||||
response = json_response(status=400, text='invalid data')
|
||||
return render_to_json_response(response)
|
||||
actions.register(resetPassword)
|
||||
|
||||
class RecoverForm(forms.Form):
|
||||
username_or_email = forms.TextInput()
|
||||
|
||||
def api_recover(request):
|
||||
def requestToken(request):
|
||||
'''
|
||||
param data {
|
||||
username_or_email: username
|
||||
|
@ -171,6 +232,7 @@ def api_recover(request):
|
|||
errors: {
|
||||
username_or_email: 'Username or email address not found'
|
||||
}
|
||||
username: user
|
||||
}
|
||||
}
|
||||
'''
|
||||
|
@ -187,20 +249,26 @@ def api_recover(request):
|
|||
if q.count() > 0:
|
||||
user = q[0]
|
||||
if user:
|
||||
key = hashlib.sha1(str(uuid.uuid4())).hexdigest()
|
||||
while True:
|
||||
token = ox.to32(random.randint(0, 1000000000))
|
||||
if models.UserProfile.objects.filter(reset_token=token).count() == 0:
|
||||
break
|
||||
user_profile = user.get_profile()
|
||||
user_profile.recover_key = key
|
||||
user_profile.reset_token = token
|
||||
user_profile.save()
|
||||
|
||||
template = loader.get_template('recover_email.txt')
|
||||
template = loader.get_template('password_reset_email.txt')
|
||||
context = RequestContext(request, {
|
||||
'recover_url': request.build_absolute_uri("/r/%s" % key),
|
||||
'url': request.build_absolute_uri("/"),
|
||||
'token': token,
|
||||
'sitename': settings.SITENAME,
|
||||
})
|
||||
message = template.render(context)
|
||||
subject = '%s account recovery' % settings.SITENAME
|
||||
subject = '%s password reset' % settings.SITENAME
|
||||
user.email_user(subject, message)
|
||||
response = json_response(text='recover email sent')
|
||||
response = json_response({
|
||||
'username': user.username
|
||||
}, text='recover email sent')
|
||||
else:
|
||||
response = json_response({
|
||||
'errors': {
|
||||
|
@ -210,7 +278,7 @@ def api_recover(request):
|
|||
else:
|
||||
response = json_response(status=400, text='invalid data')
|
||||
return render_to_json_response(response)
|
||||
actions.register(api_recover, 'recover')
|
||||
actions.register(requestToken)
|
||||
|
||||
def findUser(request):
|
||||
'''
|
||||
|
@ -233,25 +301,6 @@ def findUser(request):
|
|||
return render_to_json_response(response)
|
||||
actions.register(findUser)
|
||||
|
||||
def recover(request, key):
|
||||
'''
|
||||
recover user and redirect to settings
|
||||
'''
|
||||
qs = models.UserProfile.objects.filter(recover_key=key)
|
||||
if qs.count() == 1:
|
||||
user = qs[0].user
|
||||
user.set_password(key)
|
||||
user.save()
|
||||
user_profile = user.get_profile()
|
||||
user_profile.recover_key = ''
|
||||
user_profile.save()
|
||||
user = authenticate(username=user.username, password=key)
|
||||
login(request, user)
|
||||
|
||||
#FIXME: set message to notify user to update password
|
||||
return redirect('/#settings')
|
||||
return redirect('/')
|
||||
|
||||
class ContactForm(forms.Form):
|
||||
email = forms.EmailField()
|
||||
subject = forms.TextInput()
|
||||
|
|
Loading…
Reference in a new issue