Source code for rest_registration.api.views.reset_password

from django.http import Http404
from django.utils.translation import gettext as _
from rest_framework import serializers
from rest_framework.decorators import api_view, permission_classes

from rest_registration.api.serializers import PasswordConfirmSerializerMixin
from rest_registration.decorators import (
    api_view_serializer_class,
    api_view_serializer_class_getter
)
from rest_registration.exceptions import UserNotFound
from rest_registration.settings import registration_settings
from rest_registration.signers.reset_password import ResetPasswordSigner
from rest_registration.utils.responses import get_ok_response
from rest_registration.utils.users import get_user_by_verification_id
from rest_registration.utils.validation import (
    run_validators,
    validate_password_with_user_id,
    validate_user_password_confirm
)
from rest_registration.utils.verification import verify_signer_or_bad_request





class ResetPasswordSerializer(  # pylint: disable=abstract-method
        PasswordConfirmSerializerMixin,
        serializers.Serializer):
    user_id = serializers.CharField(required=True)
    timestamp = serializers.IntegerField(required=True)
    signature = serializers.CharField(required=True)
    password = serializers.CharField(required=True)

    def has_password_confirm_field(self):
        return registration_settings.RESET_PASSWORD_SERIALIZER_PASSWORD_CONFIRM

    def validate(self, attrs):
        validators = [
            validate_password_with_user_id,
        ]
        if self.has_password_confirm_field():
            validators.append(validate_user_password_confirm)
        run_validators(validators, attrs)
        return attrs


[docs]@api_view_serializer_class(ResetPasswordSerializer) @api_view(['POST']) @permission_classes(registration_settings.NOT_AUTHENTICATED_PERMISSION_CLASSES) def reset_password(request): ''' Reset password, given the signature and timestamp from the link. ''' process_reset_password_data(request.data, serializer_context={'request': request}) return get_ok_response(_("Reset password successful"))
def process_reset_password_data(input_data, serializer_context=None): if serializer_context is None: serializer_context = {} if not registration_settings.RESET_PASSWORD_VERIFICATION_ENABLED: raise Http404() serializer = ResetPasswordSerializer(data=input_data, context=serializer_context) serializer.is_valid(raise_exception=True) data = serializer.validated_data.copy() password = data.pop('password') data.pop('password_confirm', None) # We use the signer only for verification, therefore we don't need a base_url and # may set strict=False signer = ResetPasswordSigner(data, strict=False) verify_signer_or_bad_request(signer) user = get_user_by_verification_id(data['user_id'], require_verified=False) user.set_password(password) user.save()