Commit 46e7f09ac814b80501e7537864d0c5c11faf5a35
Exists in
master
Merge branch 'master' of git.ucsd.edu:110swag/flashy-backend
Showing 3 changed files Side-by-side Diff
flashcards/api.py
View file @
46e7f09
| ... | ... | @@ -77,7 +77,7 @@ |
| 77 | 77 | |
| 78 | 78 | def post(self, request, format=None): |
| 79 | 79 | """ |
| 80 | - Returns user data if valid. | |
| 80 | + Authenticates and logs in the user and returns their data if valid. | |
| 81 | 81 | """ |
| 82 | 82 | if 'email' not in request.data: |
| 83 | 83 | raise ValidationError('Email is required') |
| 84 | 84 | |
| 85 | 85 | |
| ... | ... | @@ -98,17 +98,22 @@ |
| 98 | 98 | |
| 99 | 99 | class UserLogout(APIView): |
| 100 | 100 | """ |
| 101 | - Logs out an authenticated user. | |
| 101 | + Authenticated user log out. | |
| 102 | 102 | """ |
| 103 | 103 | |
| 104 | 104 | def post(self, request, format=None): |
| 105 | - logout(request, request.user) | |
| 105 | + """ | |
| 106 | + Logs the authenticated user out. | |
| 107 | + """ | |
| 108 | + logout(request) | |
| 106 | 109 | return Response(status=status.HTTP_204_NO_CONTENT) |
| 107 | 110 | |
| 108 | 111 | |
| 109 | 112 | class PasswordReset(APIView): |
| 110 | 113 | """ |
| 111 | 114 | Allows user to reset their password. |
| 115 | + System sends an email to the user's email with a token that may be verified | |
| 116 | + to reset their password. | |
| 112 | 117 | """ |
| 113 | 118 | |
| 114 | 119 | def post(self, request, format=None): |
| ... | ... | @@ -124,6 +129,7 @@ |
| 124 | 129 | try: |
| 125 | 130 | user = User.objects.get(email=email) |
| 126 | 131 | except User.DoesNotExist: |
| 132 | + # Don't leak that email does not exist. | |
| 127 | 133 | raise NotFound('Email does not exist') |
| 128 | 134 | |
| 129 | 135 | token = default_token_generator.make_token(user) |
| ... | ... | @@ -144,7 +150,7 @@ |
| 144 | 150 | |
| 145 | 151 | def patch(self, request, format=None): |
| 146 | 152 | """ |
| 147 | - Updates user's password to new password. | |
| 153 | + Updates user's password to new password if token is valid. | |
| 148 | 154 | """ |
| 149 | 155 | if 'new_password' not in request.data: |
| 150 | 156 | raise ValidationError('New password is required') |
| ... | ... | @@ -153,8 +159,10 @@ |
| 153 | 159 | |
| 154 | 160 | user = request.user |
| 155 | 161 | |
| 156 | - user.set_password(request.data['new_password']) | |
| 157 | - user.save() | |
| 162 | + # Check token validity. | |
| 163 | + if default_token_generator.check_token(user, request.data['token']): | |
| 164 | + user.set_password(request.data['new_password']) | |
| 165 | + user.save() | |
| 158 | 166 | |
| 159 | 167 | return Response(status=status.HTTP_204_NO_CONTENT) |
flashy.ini
View file @
46e7f09
| 1 | 1 | # mysite_uwsgi.ini file |
| 2 | 2 | [uwsgi] |
| 3 | 3 | |
| 4 | +uid = 1007 | |
| 5 | +gid = 1007 | |
| 4 | 6 | # Django-related settings |
| 5 | 7 | # the base directory (full path) |
| 6 | -chdir = /srv/flashy-backend | |
| 8 | +chdir = /srv/flashy-backend/ | |
| 7 | 9 | # Django's wsgi file |
| 8 | 10 | module = flashy.wsgi |
| 9 | 11 | # the virtualenv (full path) |
| 10 | 12 | home = /srv/flashy-backend/venv/ |
| 11 | - | |
| 13 | +logger = file:/var/log/uwsgi | |
| 12 | 14 | # process-related settings |
| 13 | 15 | # master |
| 14 | -master = true | |
| 16 | +# master = true | |
| 15 | 17 | # maximum number of worker processes |
| 16 | -processes = 10 | |
| 17 | -# the socket (use the full path to be safe | |
| 18 | -socket = /run/flashy.sock | |
| 18 | +# processes = 1 | |
| 19 | +http = :7001 | |
| 19 | 20 | # ... with appropriate permissions - may be needed |
| 20 | 21 | # chmod-socket = 664 |
| 21 | -# clear environment on exit | |
| 22 | -vacuum = true | |
| 22 | +# touch-reload = '/tmp/reload_uwsgi' |