Commit 6260f1981fa39c4b6fd05de69df104ce5114f16e
1 parent
ef21eb3223
Exists in
master
reset_password send email and verify token works
Showing 1 changed file with 14 additions and 6 deletions Inline Diff
flashcards/api.py
View file @
6260f19
| from django.core.mail import send_mail | 1 | 1 | from django.core.mail import send_mail | |
| from django.contrib.auth import authenticate, login, logout | 2 | 2 | from django.contrib.auth import authenticate, login, logout | |
| from django.contrib.auth.tokens import default_token_generator | 3 | 3 | from django.contrib.auth.tokens import default_token_generator | |
| from rest_framework.status import HTTP_201_CREATED, HTTP_204_NO_CONTENT | 4 | 4 | from rest_framework.status import HTTP_201_CREATED, HTTP_204_NO_CONTENT | |
| from rest_framework.views import APIView | 5 | 5 | from rest_framework.views import APIView | |
| from rest_framework.response import Response | 6 | 6 | from rest_framework.response import Response | |
| from rest_framework import status | 7 | 7 | from rest_framework import status | |
| from rest_framework.exceptions import ValidationError, NotFound | 8 | 8 | from rest_framework.exceptions import ValidationError, NotFound | |
| from flashcards.serializers import * | 9 | 9 | from flashcards.serializers import * | |
| 10 | 10 | |||
| 11 | 11 | |||
| class UserDetail(APIView): | 12 | 12 | class UserDetail(APIView): | |
| def patch(self, request, format=None): | 13 | 13 | def patch(self, request, format=None): | |
| """ | 14 | 14 | """ | |
| This method checks either the email or the password passed in | 15 | 15 | This method checks either the email or the password passed in | |
| is valid. If confirmation key is correct, it validates the | 16 | 16 | is valid. If confirmation key is correct, it validates the | |
| user. It updates the password if the new password | 17 | 17 | user. It updates the password if the new password | |
| is valid. | 18 | 18 | is valid. | |
| 19 | 19 | |||
| """ | 20 | 20 | """ | |
| currentuser = request.user | 21 | 21 | currentuser = request.user | |
| 22 | 22 | |||
| if 'confirmation_key' in request.data: | 23 | 23 | if 'confirmation_key' in request.data: | |
| if not currentuser.confirm_email( request.data['confirmation_key'] ): | 24 | 24 | if not currentuser.confirm_email( request.data['confirmation_key'] ): | |
| raise ValidationError('confirmation_key is invalid') | 25 | 25 | raise ValidationError('confirmation_key is invalid') | |
| 26 | 26 | |||
| if 'new_password' in request.data: | 27 | 27 | if 'new_password' in request.data: | |
| if not currentuser.check_password(request.data['old_password']): | 28 | 28 | if not currentuser.check_password(request.data['old_password']): | |
| raise ValidationError('Invalid old password') | 29 | 29 | raise ValidationError('Invalid old password') | |
| if not request.data['new_password']: | 30 | 30 | if not request.data['new_password']: | |
| raise ValidationError('Password cannot be blank') | 31 | 31 | raise ValidationError('Password cannot be blank') | |
| currentuser.set_password(request.data['new_password']) | 32 | 32 | currentuser.set_password(request.data['new_password']) | |
| currentuser.save() | 33 | 33 | currentuser.save() | |
| 34 | 34 | |||
| return Response(status=status.HTTP_204_NO_CONTENT) | 35 | 35 | return Response(status=status.HTTP_204_NO_CONTENT) | |
| 36 | 36 | |||
| def get(self, request, format=None): | 37 | 37 | def get(self, request, format=None): | |
| serializer = UserSerializer(request.user) | 38 | 38 | serializer = UserSerializer(request.user) | |
| return Response(serializer.data) | 39 | 39 | return Response(serializer.data) | |
| 40 | 40 | |||
| def post(self, request, format=None): | 41 | 41 | def post(self, request, format=None): | |
| if 'email' not in request.data: | 42 | 42 | if 'email' not in request.data: | |
| raise ValidationError('Email is required') | 43 | 43 | raise ValidationError('Email is required') | |
| if 'password' not in request.data: | 44 | 44 | if 'password' not in request.data: | |
| raise ValidationError('Password is required') | 45 | 45 | raise ValidationError('Password is required') | |
| email = request.data['email'] | 46 | 46 | email = request.data['email'] | |
| existing_users = User.objects.filter(email=email) | 47 | 47 | existing_users = User.objects.filter(email=email) | |
| if existing_users.exists(): | 48 | 48 | if existing_users.exists(): | |
| raise ValidationError("An account with this email already exists") | 49 | 49 | raise ValidationError("An account with this email already exists") | |
| user = User.objects.create_user(email, email=email, password=request.data['password']) | 50 | 50 | user = User.objects.create_user(email, email=email, password=request.data['password']) | |
| 51 | 51 | |||
| body = ''' | 52 | 52 | body = ''' | |
| Visit the following link to confirm your email address: | 53 | 53 | Visit the following link to confirm your email address: | |
| http://flashy.cards/app/verify_email/%s | 54 | 54 | http://flashy.cards/app/verify_email/%s | |
| 55 | 55 | |||
| If you did not register for Flashy, no action is required. | 56 | 56 | If you did not register for Flashy, no action is required. | |
| ''' | 57 | 57 | ''' | |
| 58 | 58 | |||
| user = authenticate(email=email, password=request.data['password']) | 59 | 59 | user = authenticate(email=email, password=request.data['password']) | |
| login(request, user) | 60 | 60 | login(request, user) | |
| return Response(UserSerializer(user).data, status=HTTP_201_CREATED) | 61 | 61 | return Response(UserSerializer(user).data, status=HTTP_201_CREATED) | |
| 62 | 62 | |||
| def delete(self, request): | 63 | 63 | def delete(self, request): | |
| request.user.delete() | 64 | 64 | request.user.delete() | |
| return Response(status=HTTP_204_NO_CONTENT) | 65 | 65 | return Response(status=HTTP_204_NO_CONTENT) | |
| 66 | 66 | |||
| 67 | 67 | |||
| class UserLogin(APIView): | 68 | 68 | class UserLogin(APIView): | |
| """ | 69 | 69 | """ | |
| Authenticates user and returns user data if valid. Handles invalid | 70 | 70 | Authenticates user and returns user data if valid. Handles invalid | |
| users. | 71 | 71 | users. | |
| """ | 72 | 72 | """ | |
| 73 | 73 | |||
| def post(self, request, format=None): | 74 | 74 | def post(self, request, format=None): | |
| """ | 75 | 75 | """ | |
| Returns user data if valid. | 76 | 76 | Authenticates and logs in the user and returns their data if valid. | |
| """ | 77 | 77 | """ | |
| if 'email' not in request.data: | 78 | 78 | if 'email' not in request.data: | |
| raise ValidationError('Email is required') | 79 | 79 | raise ValidationError('Email is required') | |
| if 'password' not in request.data: | 80 | 80 | if 'password' not in request.data: | |
| raise ValidationError('Password is required') | 81 | 81 | raise ValidationError('Password is required') | |
| 82 | 82 | |||
| email = request.data['email'] | 83 | 83 | email = request.data['email'] | |
| password = request.data['password'] | 84 | 84 | password = request.data['password'] | |
| user = authenticate(email=email, password=password) | 85 | 85 | user = authenticate(email=email, password=password) | |
| 86 | 86 | |||
| if user is None: | 87 | 87 | if user is None: | |
| raise ValidationError('Invalid email or password') | 88 | 88 | raise ValidationError('Invalid email or password') | |
| if not user.is_active: | 89 | 89 | if not user.is_active: | |
| raise ValidationError('Account is disabled') | 90 | 90 | raise ValidationError('Account is disabled') | |
| login(request, user) | 91 | 91 | login(request, user) | |
| return Response(UserSerializer(user).data) | 92 | 92 | return Response(UserSerializer(user).data) | |
| 93 | 93 | |||
| class UserLogout(APIView): | 94 | 94 | class UserLogout(APIView): | |
| """ | 95 | 95 | """ | |
| Logs out an authenticated user. | 96 | 96 | Authenticated user log out. | |
| """ | 97 | 97 | """ | |
| 98 | 98 | |||
| def post(self, request, format=None): | 99 | 99 | def post(self, request, format=None): | |
| logout(request, request.user) | 100 | 100 | """ | |
| 101 | Logs the authenticated user out. | |||
| 102 | """ | |||
| 103 | logout(request) | |||
| return Response(status=status.HTTP_204_NO_CONTENT) | 101 | 104 | return Response(status=status.HTTP_204_NO_CONTENT) | |
| 102 | 105 | |||
| 103 | 106 | |||
| class PasswordReset(APIView): | 104 | 107 | class PasswordReset(APIView): | |
| """ | 105 | 108 | """ | |
| Allows user to reset their password. | 106 | 109 | Allows user to reset their password. | |
| 110 | System sends an email to the user's email with a token that may be verified | |||
| 111 | to reset their password. | |||
| """ | 107 | 112 | """ | |
| 108 | 113 | |||
| def post(self, request, format=None): | 109 | 114 | def post(self, request, format=None): | |
| """ | 110 | 115 | """ | |
| Send a password reset token/link to the provided email. | 111 | 116 | Send a password reset token/link to the provided email. | |
| """ | 112 | 117 | """ | |
| if 'email' not in request.data: | 113 | 118 | if 'email' not in request.data: | |
| raise ValidationError('Email is required') | 114 | 119 | raise ValidationError('Email is required') | |
| 115 | 120 | |||
| email = request.data['email'] | 116 | 121 | email = request.data['email'] | |
| 117 | 122 | |||
| # Find the user since they are not logged in. | 118 | 123 | # Find the user since they are not logged in. | |
| try: | 119 | 124 | try: | |
| user = User.objects.get(email=email) | 120 | 125 | user = User.objects.get(email=email) | |
| except User.DoesNotExist: | 121 | 126 | except User.DoesNotExist: | |
| 127 | # Don't leak that email does not exist. | |||
| raise NotFound('Email does not exist') | 122 | 128 | raise NotFound('Email does not exist') | |
| 123 | 129 | |||
| token = default_token_generator.make_token(user) | 124 | 130 | token = default_token_generator.make_token(user) | |
| 125 | 131 | |||
| body = ''' | 126 | 132 | body = ''' | |
| Visit the following link to reset your password: | 127 | 133 | Visit the following link to reset your password: | |
| http://flashy.cards/app/reset_password/%d/%s | 128 | 134 | http://flashy.cards/app/reset_password/%d/%s | |
| 129 | 135 |