gault-millau/apps/account/views/web.py

"""Web account views"""
from django.utils.encoding import force_text
from django.utils.http import urlsafe_base64_decode
from rest_framework import permissions
from rest_framework import status
from django.shortcuts import get_object_or_404
from rest_framework.response import Response

from account import models
from account.serializers import web as serializers
from utils import exceptions as utils_exceptions
from utils.models import gm_token_generator
from utils.views import (JWTCreateAPIView,
                         JWTGenericViewMixin)


# Password reset
class PasswordResetView(JWTCreateAPIView):
    """View for resetting user password"""
    serializer_class = serializers.PasswordResetSerializer
    queryset = models.ResetPasswordToken.objects.valid()


class PasswordResetConfirmView(JWTGenericViewMixin):
    """View for confirmation new password"""
    serializer_class = serializers.PasswordResetConfirmSerializer
    permission_classes = (permissions.AllowAny,)

    def get_queryset(self):
        """Override get_queryset method"""
        return models.ResetPasswordToken.objects.valid()

    def get_object(self):
        """Override get_object method
        """
        queryset = self.filter_queryset(self.get_queryset())
        uidb64 = self.kwargs.get('uid')

        uid = force_text(urlsafe_base64_decode(uidb64))
        token = self.kwargs.get('token')

        filter_kwargs = {'key': token, 'user_id': uid}
        obj = get_object_or_404(queryset, **filter_kwargs)

        if not gm_token_generator.check_token(user=obj.user, token=token):
            raise utils_exceptions.NotValidTokenError()

        # May raise a permission denied
        self.check_object_permissions(self.request, obj)

        return obj

    def put(self, request, *args, **kwargs):
        """Implement PUT method"""
        instance = self.get_object()
        serializer = self.get_serializer(instance=instance,
                                         data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(status=status.HTTP_200_OK)