From 18d26de9ce0421e5db52036d68b460fab5675a38 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Fri, 2 Feb 2024 15:40:52 +0100 Subject: [PATCH] fix reset password --- idhub/admin/views.py | 6 ++++-- idhub/urls.py | 19 ++----------------- idhub/views.py | 26 ++++++++++++++++++++++++-- 3 files changed, 30 insertions(+), 21 deletions(-) diff --git a/idhub/admin/views.py b/idhub/admin/views.py index 77c83b4..c4cac98 100644 --- a/idhub/admin/views.py +++ b/idhub/admin/views.py @@ -25,7 +25,7 @@ from django.contrib import messages from utils import credtools from idhub_auth.models import User from idhub_auth.forms import ProfileForm -from idhub.mixins import AdminView +from idhub.mixins import AdminView, Http403 from idhub.email.views import NotifyActivateUserByEmail from idhub.admin.forms import ( ImportForm, @@ -82,7 +82,9 @@ class DobleFactorAuthView(AdminView, View): url = reverse_lazy('idhub:admin_dashboard') def get(self, request, *args, **kwargs): - self.check_valid_user() + if not self.request.user.is_admin: + raise Http403() + if not self.request.session.get("2fauth"): return redirect(self.url) diff --git a/idhub/urls.py b/idhub/urls.py index d107b3f..30338b3 100644 --- a/idhub/urls.py +++ b/idhub/urls.py @@ -19,6 +19,7 @@ from django.views.generic import RedirectView from django.urls import path, reverse_lazy from .views import ( LoginView, + PasswordResetView, PasswordResetConfirmView, serve_did, DobleFactorSendView, @@ -34,16 +35,7 @@ urlpatterns = [ permanent=False)), path('login/', LoginView.as_view(), name='login'), path('logout/', auth_views.LogoutView.as_view(), name='logout'), - path('auth/password_reset/', - auth_views.PasswordResetView.as_view( - template_name='auth/password_reset.html', - email_template_name='auth/password_reset_email.txt', - html_email_template_name='auth/password_reset_email.html', - subject_template_name='auth/password_reset_subject.txt', - success_url=reverse_lazy('idhub:password_reset_done') - ), - name='password_reset' - ), + path('auth/password_reset/', PasswordResetView.as_view(), name='password_reset'), path('auth/password_reset/done/', auth_views.PasswordResetDoneView.as_view( template_name='auth/password_reset_done.html' @@ -53,13 +45,6 @@ urlpatterns = [ path('auth/reset///', PasswordResetConfirmView.as_view(), name='password_reset_confirm' ), - # path('auth/reset///', - # auth_views.PasswordResetConfirmView.as_view( - # template_name='auth/password_reset_confirm.html', - # success_url=reverse_lazy('idhub:password_reset_complete') - # ), - # name='password_reset_confirm' - # ), path('auth/reset/done/', auth_views.PasswordResetCompleteView.as_view( template_name='auth/password_reset_complete.html' diff --git a/idhub/views.py b/idhub/views.py index 9c2d595..b161633 100644 --- a/idhub/views.py +++ b/idhub/views.py @@ -1,4 +1,5 @@ import uuid +import logging from django.conf import settings from django.core.cache import cache @@ -16,6 +17,9 @@ from idhub.email.views import NotifyActivateUserByEmail from trustchain_idhub import settings +logger = logging.getLogger(__name__) + + class LoginView(auth_views.LoginView): template_name = 'auth/login.html' extra_context = { @@ -69,13 +73,31 @@ class PasswordResetConfirmView(auth_views.PasswordResetConfirmView): success_url = reverse_lazy('idhub:password_reset_complete') def form_valid(self, form): - password = form.cleaned_data.get("password") - user = form.get_user() + password = form.cleaned_data.get("new_password1") + user = form.user + user.set_password(password) user.set_encrypted_sensitive_data(password) user.save() return HttpResponseRedirect(self.success_url) +class PasswordResetView(auth_views.PasswordResetView): + template_name = 'auth/password_reset.html' + email_template_name = 'auth/password_reset_email.txt' + html_email_template_name = 'auth/password_reset_email.html' + subject_template_name = 'auth/password_reset_subject.txt' + success_url = reverse_lazy('idhub:password_reset_done') + + def form_valid(self, form): + try: + return super().form_valid(form) + except Exception as err: + logger.error(err) + # url_error = reverse_lazy('idhub:password_reset_error') + # return HttpResponseRedirect(url_error) + return HttpResponseRedirect(self.success_url) + + def serve_did(request, did_id): id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}' did = get_object_or_404(DID, did=id_did)