64 |
64 |
from .forms import passwords as passwords_forms
|
65 |
65 |
from .forms import profile as profile_forms
|
66 |
66 |
from .forms import registration as registration_forms
|
67 |
|
from .models import Lock
|
|
67 |
from .models import Lock, SMSCode
|
68 |
68 |
from .utils import crypto, hooks
|
69 |
69 |
from .utils import misc as utils_misc
|
70 |
70 |
from .utils import switch_user as utils_switch_user
|
71 |
71 |
from .utils.evaluate import make_condition_context
|
72 |
72 |
from .utils.service import get_service, set_home_url
|
73 |
|
from .utils.sms import SMSError, send_registration_sms, sms_ratelimit_key
|
|
73 |
from .utils.sms import SMSError, generate_code, send_registration_sms, sms_ratelimit_key
|
74 |
74 |
from .utils.view_decorators import enable_view_restriction
|
75 |
75 |
from .utils.views import csrf_token_check
|
76 |
76 |
|
... | ... | |
843 |
843 |
|
844 |
844 |
form_class = passwords_forms.PasswordResetForm
|
845 |
845 |
title = _('Password Reset')
|
|
846 |
code = None
|
846 |
847 |
|
847 |
848 |
def get_success_url(self):
|
848 |
|
return reverse('password_reset_instructions')
|
|
849 |
if not app_settings.A2_ACCEPT_PHONE_AUTHENTICATION or not self.code: # user input is email
|
|
850 |
return reverse('password_reset_instructions')
|
|
851 |
else: # user input is phone number
|
|
852 |
return reverse('input_registration_code', kwargs={'token': self.code.url_token})
|
849 |
853 |
|
850 |
854 |
def get_template_names(self):
|
851 |
855 |
return [
|
... | ... | |
877 |
881 |
)
|
878 |
882 |
email_field = 'email_or_username' if app_settings.A2_USER_CAN_RESET_PASSWORD_BY_USERNAME else 'email'
|
879 |
883 |
email = form.cleaned_data.get(email_field)
|
|
884 |
phone = form.cleaned_data.get('phone')
|
880 |
885 |
|
881 |
886 |
# if an email has already been sent, warn once before allowing resend
|
882 |
887 |
token = models.Token.objects.filter(
|
... | ... | |
896 |
901 |
return self.form_invalid(form)
|
897 |
902 |
self.request.session[resend_key] = False
|
898 |
903 |
|
899 |
|
if is_ratelimited(
|
900 |
|
self.request,
|
901 |
|
key='post:email',
|
902 |
|
group='pw-reset-email',
|
903 |
|
rate=app_settings.A2_EMAILS_ADDRESS_RATELIMIT,
|
904 |
|
increment=True,
|
905 |
|
):
|
906 |
|
self.request.journal.record('user.password.reset.failure', email=email)
|
907 |
|
form.add_error(
|
908 |
|
email_field,
|
909 |
|
_(
|
910 |
|
'Multiple emails have already been sent to this address. Further attempts are blocked,'
|
911 |
|
' please check your spam folder or try again later.'
|
912 |
|
),
|
913 |
|
)
|
914 |
|
return self.form_invalid(form)
|
915 |
|
if is_ratelimited(
|
916 |
|
self.request,
|
917 |
|
key='ip',
|
918 |
|
group='pw-reset-email',
|
919 |
|
rate=app_settings.A2_EMAILS_IP_RATELIMIT,
|
920 |
|
increment=True,
|
921 |
|
):
|
922 |
|
self.request.journal.record('user.password.reset.failure', email=email)
|
923 |
|
form.add_error(
|
924 |
|
email_field,
|
925 |
|
_(
|
926 |
|
'Multiple password reset attempts have already been made from this IP address. No further'
|
927 |
|
' email will be sent, please check your spam folder or try again later.'
|
928 |
|
),
|
929 |
|
)
|
930 |
|
return self.form_invalid(form)
|
|
904 |
if email:
|
|
905 |
if is_ratelimited(
|
|
906 |
self.request,
|
|
907 |
key='post:email',
|
|
908 |
group='pw-reset-email',
|
|
909 |
rate=app_settings.A2_EMAILS_ADDRESS_RATELIMIT,
|
|
910 |
increment=True,
|
|
911 |
):
|
|
912 |
self.request.journal.record('user.password.reset.failure', email=email)
|
|
913 |
form.add_error(
|
|
914 |
email_field,
|
|
915 |
_(
|
|
916 |
'Multiple emails have already been sent to this address. Further attempts are blocked,'
|
|
917 |
' please check your spam folder or try again later.'
|
|
918 |
),
|
|
919 |
)
|
|
920 |
return self.form_invalid(form)
|
|
921 |
if is_ratelimited(
|
|
922 |
self.request,
|
|
923 |
key='ip',
|
|
924 |
group='pw-reset-email',
|
|
925 |
rate=app_settings.A2_EMAILS_IP_RATELIMIT,
|
|
926 |
increment=True,
|
|
927 |
):
|
|
928 |
self.request.journal.record('user.password.reset.failure', email=email)
|
|
929 |
form.add_error(
|
|
930 |
email_field,
|
|
931 |
_(
|
|
932 |
'Multiple password reset attempts have already been made from this IP address. No further'
|
|
933 |
' email will be sent, please check your spam folder or try again later.'
|
|
934 |
),
|
|
935 |
)
|
|
936 |
return self.form_invalid(form)
|
|
937 |
form.save()
|
931 |
938 |
|
932 |
|
form.save()
|
933 |
|
self.request.session['reset_email'] = email
|
|
939 |
elif phone:
|
|
940 |
if is_ratelimited(
|
|
941 |
self.request,
|
|
942 |
key=sms_ratelimit_key,
|
|
943 |
group='pw-reset-sms',
|
|
944 |
rate=app_settings.A2_SMS_NUMBER_RATELIMIT,
|
|
945 |
increment=True,
|
|
946 |
):
|
|
947 |
form.add_error(
|
|
948 |
'phone',
|
|
949 |
_(
|
|
950 |
'Multiple SMSs have already been sent to this number. Further attempts are blocked,'
|
|
951 |
' try again later.'
|
|
952 |
),
|
|
953 |
)
|
|
954 |
return self.form_invalid(form)
|
|
955 |
if is_ratelimited(
|
|
956 |
self.request,
|
|
957 |
key='ip',
|
|
958 |
group='pw-reset-sms',
|
|
959 |
rate=app_settings.A2_SMS_IP_RATELIMIT,
|
|
960 |
increment=True,
|
|
961 |
):
|
|
962 |
form.add_error(
|
|
963 |
'email',
|
|
964 |
_(
|
|
965 |
'Multiple registration attempts have already been made from this IP address. No further'
|
|
966 |
' SMS will be sent for now, try again later.'
|
|
967 |
),
|
|
968 |
)
|
|
969 |
return self.form_invalid(form)
|
|
970 |
|
|
971 |
self.code, legitimate_request = form.save()
|
|
972 |
if not self.code:
|
|
973 |
if legitimate_request:
|
|
974 |
messages.error(
|
|
975 |
self.request,
|
|
976 |
_(
|
|
977 |
'Something went wrong while trying to send the SMS code to you. '
|
|
978 |
'Please contact your administrator and try again later.'
|
|
979 |
),
|
|
980 |
)
|
|
981 |
return utils_misc.redirect(self.request, reverse('auth_homepage'))
|
|
982 |
else:
|
|
983 |
self.code = generate_code(phone, kind=SMSCode.KIND_PASSWORD_LOST, fake=True)
|
|
984 |
if email:
|
|
985 |
self.request.session['reset_email'] = email
|
|
986 |
elif phone:
|
|
987 |
self.request.session['reset_phone'] = phone
|
934 |
988 |
return super().form_valid(form)
|
935 |
989 |
|
936 |
990 |
|
... | ... | |
1087 |
1141 |
if email:
|
1088 |
1142 |
return self.perform_email_registration(form, email)
|
1089 |
1143 |
|
1090 |
|
if settings.A2_ACCEPT_PHONE_AUTHENTICATION:
|
|
1144 |
if app_settings.A2_ACCEPT_PHONE_AUTHENTICATION:
|
1091 |
1145 |
phone = form.cleaned_data.pop('phone')
|
1092 |
1146 |
return self.perform_phone_registration(form, phone)
|
1093 |
1147 |
|
1094 |
|
-
|