fix reset password token generator

2020-01-16 18:05:02 +03:00 · 2020-01-16 18:05:02 +03:00 · 391df439c6
commit 391df439c6
parent 881e4b11e2
2 changed files with 8 additions and 8 deletions
--- a/apps/account/models.py
+++ b/apps/account/models.py
@ -3,7 +3,6 @@ from datetime import datetime

 from django.conf import settings
 from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager
-from django.contrib.auth.tokens import default_token_generator as password_token_generator
 from django.core.mail import send_mail
 from django.db import models
 from django.template.loader import render_to_string, get_template
@ -243,7 +242,7 @@ class User(AbstractUser):
    @property
    def reset_password_token(self):
        """Make a token for finish signup."""
-        return password_token_generator.make_token(self)
+        return GMTokenGenerator(purpose=GMTokenGenerator.RESET_PASSWORD).make_token(self)

    @property
    def get_user_uidb64(self):
--- a/apps/account/views/web.py
+++ b/apps/account/views/web.py
@ -1,6 +1,5 @@
 """Web account views"""
 from django.conf import settings
-from django.contrib.auth.tokens import default_token_generator as password_token_generator
 from django.shortcuts import get_object_or_404
 from django.utils.encoding import force_text
 from django.utils.http import urlsafe_base64_decode
@ -10,6 +9,7 @@ from rest_framework.response import Response
 from account import tasks, models
 from account.serializers import web as serializers
 from utils import exceptions as utils_exceptions
+from utils.models import GMTokenGenerator
 from utils.views import JWTGenericViewMixin


@ -40,22 +40,23 @@ class PasswordResetConfirmView(JWTGenericViewMixin, generics.GenericAPIView):
    queryset = models.User.objects.active()

    def get_object(self):
-        """Override get_object method"""
+        """Overridden get_object method"""
        queryset = self.filter_queryset(self.get_queryset())
        uidb64 = self.kwargs.get('uidb64')

        user_id = force_text(urlsafe_base64_decode(uidb64))
        token = self.kwargs.get('token')

-        obj = get_object_or_404(queryset, id=user_id)
+        user = get_object_or_404(queryset, id=user_id)

-        if not password_token_generator.check_token(user=obj, token=token):
+        if not GMTokenGenerator(GMTokenGenerator.RESET_PASSWORD).check_token(
+                user, token):
            raise utils_exceptions.NotValidTokenError()

        # May raise a permission denied
-        self.check_object_permissions(self.request, obj)
+        self.check_object_permissions(self.request, user)

-        return obj
+        return user

    def patch(self, request, *args, **kwargs):
        """Implement PATCH method"""