From 71528d8a2896894b72cc2194752a9e45eec4d61f Mon Sep 17 00:00:00 2001 From: Kuroshini Date: Thu, 10 Oct 2019 20:49:35 +0300 Subject: [PATCH] Password reset confirmation mechanics --- .../0010_user_password_confirmed.py | 18 +++++++++++++ apps/account/models.py | 20 ++++++++++++++ apps/account/serializers/web.py | 13 ++++++++++ apps/account/tasks.py | 11 ++++++++ apps/account/urls/common.py | 1 + apps/account/views/common.py | 26 +++++++++++++++++++ apps/authorization/serializers/common.py | 4 +-- apps/utils/models.py | 7 +++-- project/settings/base.py | 1 + .../account/password_confirm_email.html | 11 ++++++++ 10 files changed, 108 insertions(+), 4 deletions(-) create mode 100644 apps/account/migrations/0010_user_password_confirmed.py create mode 100644 project/templates/account/password_confirm_email.html diff --git a/apps/account/migrations/0010_user_password_confirmed.py b/apps/account/migrations/0010_user_password_confirmed.py new file mode 100644 index 00000000..5f369f3c --- /dev/null +++ b/apps/account/migrations/0010_user_password_confirmed.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2.4 on 2019-10-10 17:21 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('account', '0009_user_unconfirmed_email'), + ] + + operations = [ + migrations.AddField( + model_name='user', + name='password_confirmed', + field=models.BooleanField(default=True, verbose_name='is new password confirmed'), + ), + ] diff --git a/apps/account/models.py b/apps/account/models.py index 17df54ae..b4023816 100644 --- a/apps/account/models.py +++ b/apps/account/models.py @@ -63,6 +63,7 @@ class User(AbstractUser): unconfirmed_email = models.EmailField(_('unconfirmed email'), blank=True, null=True, default=None) email_confirmed = models.BooleanField(_('email status'), default=False) newsletter = models.NullBooleanField(default=True) + password_confirmed = models.BooleanField(_('is new password confirmed'), default=True, null=False) EMAIL_FIELD = 'email' USERNAME_FIELD = 'username' @@ -118,6 +119,10 @@ class User(AbstractUser): self.email_confirmed = True self.save() + def confirm_password(self): + self.password_confirmed = True + self.save() + def approve(self): """Set user is_active status to True""" self.is_active = True @@ -152,6 +157,11 @@ class User(AbstractUser): """Make a token for finish signup.""" return password_token_generator.make_token(self) + @property + def confirm_password_token(self): + """Make a token for new password confirmation """ + return GMTokenGenerator(purpose=GMTokenGenerator.CONFIRM_PASSWORD).make_token(self) + @property def get_user_uidb64(self): """Get base64 value for user by primary key identifier""" @@ -181,6 +191,16 @@ class User(AbstractUser): template_name=settings.RESETTING_TOKEN_TEMPLATE, context=context) + def confirm_password_template(self, country_code): + """Get confirm password template""" + context = {'token': self.confirm_password_token, + 'country_code': country_code} + context.update(self.base_template) + return render_to_string( + template_name=settings.CONFIRM_PASSWORD_TEMPLATE, + context=context, + ) + def confirm_email_template(self, country_code): """Get confirm email template""" context = {'token': self.confirm_email_token, diff --git a/apps/account/serializers/web.py b/apps/account/serializers/web.py index 8be73afa..f87c34b8 100644 --- a/apps/account/serializers/web.py +++ b/apps/account/serializers/web.py @@ -1,8 +1,10 @@ """Serializers for account web""" from django.contrib.auth import password_validation as password_validators +from django.conf import settings from rest_framework import serializers from account import models +from account import tasks from utils import exceptions as utils_exceptions from utils.methods import username_validator @@ -67,5 +69,16 @@ class PasswordResetConfirmSerializer(serializers.ModelSerializer): """Override update method""" # Update user password from instance instance.set_password(validated_data.get('password')) + instance.password_confirmed = False instance.save() + if settings.USE_CELERY: + tasks.send_reset_password_confirm.delay( + user_id=instance, + country_code=self.context.get('request').country_code, + ) + else: + tasks.send_reset_password_confirm( + user_id=instance, + country_code=self.context.get('request').country_code, + ) return instance diff --git a/apps/account/tasks.py b/apps/account/tasks.py index 03a231b3..3729c40c 100644 --- a/apps/account/tasks.py +++ b/apps/account/tasks.py @@ -22,6 +22,17 @@ def send_reset_password_email(user_id, country_code): f'DETAIL: Exception occurred for reset password: ' f'{user_id}') +@shared_task +def send_reset_password_confirm(user: models.User, country_code): + """ Send email to user for applying new password. """ + try: + user.send_email(subject=_('New password confirmation'), + message=user.confirm_password_template(country_code)) + except: + logger.error(f'METHOD_NAME: {send_reset_password_confirm.__name__}\n' + f'DETAIL: Exception occured for new passwordconfirmation', + f'{user.id}') + @shared_task def confirm_new_email_address(user_id, country_code): diff --git a/apps/account/urls/common.py b/apps/account/urls/common.py index 4ea2af66..a440c5bf 100644 --- a/apps/account/urls/common.py +++ b/apps/account/urls/common.py @@ -8,6 +8,7 @@ app_name = 'account' urlpatterns = [ path('user/', views.UserRetrieveUpdateView.as_view(), name='user-retrieve-update'), path('change-password/', views.ChangePasswordView.as_view(), name='change-password'), + path('change-password-confirm///', views.ConfirmPasswordView.as_view(), name='change-password'), path('email/confirm/', views.SendConfirmationEmailView.as_view(), name='send-confirm-email'), path('email/confirm///', views.ConfirmEmailView.as_view(), name='confirm-email'), ] diff --git a/apps/account/views/common.py b/apps/account/views/common.py index d29ce2bb..cb0d84d7 100644 --- a/apps/account/views/common.py +++ b/apps/account/views/common.py @@ -91,6 +91,32 @@ class ConfirmEmailView(JWTGenericViewMixin): else: raise utils_exceptions.UserNotFoundError() +class ConfirmPasswordView(JWTGenericViewMixin): + """View for applying newly set password""" + + permission_classes = (permissions.AllowAny,) + + def get(self, request, *args, **kwargs): + uidb64 = kwargs.get('uidb64') + token = kwargs.get('token') + uid = force_text(urlsafe_base64_decode(uidb64)) + user_qs = models.User.objects.filter(pk=uid) + if user_qs.exists(): + user = user_qs.first() + if not GMTokenGenerator(GMTokenGenerator.CONFIRM_PASSWORD).check_token( + user, token): + raise utils_exceptions.NotValidTokenError() + user.confirm_password() + tokens = user.create_jwt_tokens() + return self._put_cookies_in_response( + cookies=self._put_data_in_cookies( + access_token=tokens.get('access_token'), + refresh_token=tokens.get('refresh_token')), + response=Response(status=status.HTTP_200_OK)) + else: + raise utils_exceptions.UserNotFoundError() + + # Firebase Cloud Messaging class FCMDeviceViewSet(generics.GenericAPIView): diff --git a/apps/authorization/serializers/common.py b/apps/authorization/serializers/common.py index ed68ba9f..6be76a00 100644 --- a/apps/authorization/serializers/common.py +++ b/apps/authorization/serializers/common.py @@ -108,8 +108,8 @@ class LoginByUsernameOrEmailSerializer(SourceSerializerMixin, """Override validate method""" username_or_email = attrs.pop('username_or_email') password = attrs.pop('password') - user_qs = account_models.User.objects.filter(Q(username=username_or_email) | - Q(email=username_or_email)) + user_qs = account_models.User.objects.filter(password_confirmed=True)\ + .filter(Q(username=username_or_email) | Q(email=username_or_email)) if not user_qs.exists(): raise utils_exceptions.WrongAuthCredentials() else: diff --git a/apps/utils/models.py b/apps/utils/models.py index 4e6df35e..e5a39895 100644 --- a/apps/utils/models.py +++ b/apps/utils/models.py @@ -258,12 +258,14 @@ class GMTokenGenerator(PasswordResetTokenGenerator): RESET_PASSWORD = 1 CHANGE_PASSWORD = 2 CONFIRM_EMAIL = 3 + CONFIRM_PASSWORD = 4 TOKEN_CHOICES = ( CHANGE_EMAIL, RESET_PASSWORD, CHANGE_PASSWORD, - CONFIRM_EMAIL + CONFIRM_EMAIL, + CONFIRM_PASSWORD, ) def __init__(self, purpose: int): @@ -279,7 +281,8 @@ class GMTokenGenerator(PasswordResetTokenGenerator): self.purpose == self.CONFIRM_EMAIL: fields.extend([str(user.email_confirmed), str(user.email)]) elif self.purpose == self.RESET_PASSWORD or \ - self.purpose == self.CHANGE_PASSWORD: + self.purpose == self.CHANGE_PASSWORD or \ + self.purpose == self.CONFIRM_PASSWORD: fields.append(str(user.password)) return fields diff --git a/project/settings/base.py b/project/settings/base.py index 06f83811..7d9b8c05 100644 --- a/project/settings/base.py +++ b/project/settings/base.py @@ -405,6 +405,7 @@ PASSWORD_RESET_TIMEOUT_DAYS = 1 # TEMPLATES RESETTING_TOKEN_TEMPLATE = 'account/password_reset_email.html' CHANGE_EMAIL_TEMPLATE = 'account/change_email.html' +CONFIRM_PASSWORD_TEMPLATE = 'account/password_confirm_email.html' CONFIRM_EMAIL_TEMPLATE = 'authorization/confirm_email.html' NEWS_EMAIL_TEMPLATE = "news/news_email.html" diff --git a/project/templates/account/password_confirm_email.html b/project/templates/account/password_confirm_email.html new file mode 100644 index 00000000..29f27afb --- /dev/null +++ b/project/templates/account/password_confirm_email.html @@ -0,0 +1,11 @@ +{% load i18n %}{% autoescape off %} +{% blocktrans %}Confirm a password reset for your user account at {{ site_name }}.{% endblocktrans %} + +{% trans "Please go to the following page:" %} + +https://{{ country_code }}.{{ domain_uri }}/confirm-new-password/{{ uidb64 }}/{{ token }}/ + +{% trans "Thanks for using our site!" %} + +{% blocktrans %}The {{ site_name }} team{% endblocktrans %} +{% endautoescape %} \ No newline at end of file