version 0.0.5.8: fixed method to reset password (until without confirmation), unfinished confirm method

2019-08-11 20:51:50 +03:00 · 2019-08-11 20:51:50 +03:00 · 7c27757874
commit 7c27757874
parent cfc6e05595
5 changed files with 35 additions and 17 deletions
--- a/apps/account/models.py
+++ b/apps/account/models.py
@ -126,7 +126,6 @@ class ResetPasswordToken(PlatformMixin, ProjectBaseMixin):
                             on_delete=models.CASCADE,
                             verbose_name=_('The User which is associated to '
                                            'this password reset token'))
-
    # Key field, though it is not the primary key of the model
    key = models.CharField(max_length=255,
                           verbose_name=_('Key'))
@ -176,18 +175,18 @@ class ResetPasswordToken(PlatformMixin, ProjectBaseMixin):
        """Get reset password template"""
        return render_to_string(
            template_name=self.RESETTING_TOKEN_TEMPLATE_NAME,
-            context={'token': self.key})
+            context={'token': self.key,
+                     'domain_uri': settings.DOMAIN_URI})

    def send_reset_password_request(self):
        """Method to reset user password"""
        subject = _('Password resetting')
-
-        # Remove access token and revoke refresh tokens
-        self.user.remove_access_tokens(source=[Application.MOBILE,
-                                               Application.WEB])
-        # Make user temporarily unavailable
-        self.user.change_status(switcher=False)
-
        # Send an email with url for resetting a password
        self.user.send_email(subject=subject,
                             message=self.get_reset_password_template())
+
+    def confirm_reset_password_request(self):
+        """Method to confirm reset user passwrod request"""
+        # Remove access token and revoke refresh tokens
+        self.user.remove_access_tokens(source=[Application.MOBILE,
+                                               Application.WEB])
--- a/apps/account/serializers/web.py
+++ b/apps/account/serializers/web.py
@ -1,7 +1,17 @@
+from django.contrib.auth import password_validation as password_validators
 from rest_framework import serializers


-class PasswordResetSerializer(serializers.Serializer):
+class PasswordResetConfirmSerializer(serializers.Serializer):
    """Serializer for reset password"""

-    password = serializers.CharField()
+    password = serializers.CharField(write_only=True)
+
+    def validate_password(self, data):
+        """Custom password validation"""
+        try:
+            password_validators.validate_password(password=data)
+        except serializers.ValidationError as e:
+            raise serializers.ValidationError(str(e))
+        else:
+            return data
--- a/apps/account/urls/web.py
+++ b/apps/account/urls/web.py
@ -1,4 +1,5 @@
 """Web account URLs"""
+from django.contrib.auth.urls import urlpatterns as django_urls
 from django.urls import path

 from account.urls import common as common_views
@ -9,7 +10,10 @@ app_name = 'account'
 urlpatterns_api = [
    path('reset-password/', views.PasswordResetView.as_view(),
         name='password-reset'),
+    path('reset-password/<str:token>/confirm', views.PasswordResetConfirmView.as_view(),
+         name='password-reset-confirm'),
 ]

 urlpatterns = urlpatterns_api + \
-              common_views.urlpatterns
+              common_views.urlpatterns + \
+              django_urls
--- a/apps/account/views/web.py
+++ b/apps/account/views/web.py
@ -1,5 +1,4 @@
 """Web account views"""
-from rest_framework import permissions
 from rest_framework import status, generics
 from rest_framework.response import Response

@ -12,9 +11,6 @@ from utils import exceptions as utils_exceptions
 class PasswordResetView(generics.GenericAPIView):
    """View for resetting user password"""

-    permission_classes = (permissions.IsAuthenticated,)
-    serializer_class = serializers.PasswordResetSerializer
-
    def post(self, request, *args, **kwargs):
        """Post-method for password resetting"""
        user = request.user
@ -29,3 +25,12 @@ class PasswordResetView(generics.GenericAPIView):
            return Response(status=status.HTTP_200_OK)
        except:
            raise utils_exceptions.EmailSendingError(user.email)
+
+
+class PasswordResetConfirmView(generics.GenericAPIView):
+    """View for confirmation new password"""
+
+    serializer_class = serializers.PasswordResetConfirmSerializer
+
+    def post(self, request, *args, **kwargs):
+        """Post method to confirm user change password request"""
--- a/project/templates/account/password_reset_email.html
+++ b/project/templates/account/password_reset_email.html
@ -3,7 +3,7 @@

 {% trans "Please go to the following page and choose a new password:" %}
 {% block reset_link %}
-http://{{ settings.DOMAIN_URI }}{% url 'web:account:password-reset-confirm' token=token %}
+http://{{ domain_uri }}{% url 'web:account:password-reset-confirm' token=token %}
 {% endblock %}
 {% trans 'Your username, in case you’ve forgotten:' %} {{ user.get_username }}