phzhik/gault-millau
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix reset password token generator

Browse Source
This commit is contained in:
Anatoly 2020-01-16 18:05:02 +03:00
parent 881e4b11e2
commit 391df439c6
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/account/models.py
View File

@ -3,7 +3,6 @@ from datetime import datetime
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager from django.contrib.auth.models import AbstractUser, UserManager as BaseUserManager
from django.contrib.auth.tokens import default_token_generator as password_token_generator
from django.core.mail import send_mail from django.core.mail import send_mail
from django.db import models from django.db import models
from django.template.loader import render_to_string, get_template from django.template.loader import render_to_string, get_template
@ -243,7 +242,7 @@ class User(AbstractUser):
@property @property
def reset_password_token(self): def reset_password_token(self):
"""Make a token for finish signup.""" """Make a token for finish signup."""
return password_token_generator.make_token(self) return GMTokenGenerator(purpose=GMTokenGenerator.RESET_PASSWORD).make_token(self)
@property @property
def get_user_uidb64(self): def get_user_uidb64(self):

13
apps/account/views/web.py
View File

@ -1,6 +1,5 @@
"""Web account views""" """Web account views"""
from django.conf import settings from django.conf import settings
from django.contrib.auth.tokens import default_token_generator as password_token_generator
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from django.utils.encoding import force_text from django.utils.encoding import force_text
from django.utils.http import urlsafe_base64_decode from django.utils.http import urlsafe_base64_decode
@ -10,6 +9,7 @@ from rest_framework.response import Response
from account import tasks, models from account import tasks, models
from account.serializers import web as serializers from account.serializers import web as serializers
from utils import exceptions as utils_exceptions from utils import exceptions as utils_exceptions
from utils.models import GMTokenGenerator
from utils.views import JWTGenericViewMixin from utils.views import JWTGenericViewMixin
@ -40,22 +40,23 @@ class PasswordResetConfirmView(JWTGenericViewMixin, generics.GenericAPIView):
queryset = models.User.objects.active() queryset = models.User.objects.active()
def get_object(self): def get_object(self):
"""Override get_object method""" """Overridden get_object method"""
queryset = self.filter_queryset(self.get_queryset()) queryset = self.filter_queryset(self.get_queryset())
uidb64 = self.kwargs.get('uidb64') uidb64 = self.kwargs.get('uidb64')
user_id = force_text(urlsafe_base64_decode(uidb64)) user_id = force_text(urlsafe_base64_decode(uidb64))
token = self.kwargs.get('token') token = self.kwargs.get('token')
obj = get_object_or_404(queryset, id=user_id) user = get_object_or_404(queryset, id=user_id)
if not password_token_generator.check_token(user=obj, token=token): if not GMTokenGenerator(GMTokenGenerator.RESET_PASSWORD).check_token(
user, token):
raise utils_exceptions.NotValidTokenError() raise utils_exceptions.NotValidTokenError()
# May raise a permission denied # May raise a permission denied
self.check_object_permissions(self.request, obj) self.check_object_permissions(self.request, user)
return obj return user
def patch(self, request, *args, **kwargs): def patch(self, request, *args, **kwargs):
"""Implement PATCH method""" """Implement PATCH method"""