password reset email

2025-08-02 11:45:17 +02:00 · 2024-08-04 17:30:43 -04:00 · 2024-08-04 17:30:43 -04:00 · fd94f03008
commit fd94f03008
parent 12595483fc
8 changed files with 165 additions and 25 deletions
--- a/backend/server/users/forms.py
+++ b/backend/server/users/forms.py
@ -0,0 +1,50 @@
+from allauth.account.utils import (filter_users_by_email, user_pk_to_url_str, user_username)
+from allauth.utils import build_absolute_uri
+from allauth.account.adapter import get_adapter
+from allauth.account.forms import default_token_generator
+from allauth.account import app_settings
+from django.conf import settings
+
+from allauth.account.forms import ResetPasswordForm as AllAuthPasswordResetForm
+
+class CustomAllAuthPasswordResetForm(AllAuthPasswordResetForm):
+
+    def clean_email(self):
+        """
+        Invalid email should not raise error, as this would leak users
+        for unit test: test_password_reset_with_invalid_email
+        """
+        email = self.cleaned_data["email"]
+        email = get_adapter().clean_email(email)
+        self.users = filter_users_by_email(email, is_active=True)
+        return self.cleaned_data["email"]
+
+    def save(self, request, **kwargs):
+        email = self.cleaned_data['email']
+        token_generator = kwargs.get('token_generator', default_token_generator)
+
+        for user in self.users:
+            temp_key = token_generator.make_token(user)
+
+            path = f"custom_password_reset_url/{user_pk_to_url_str(user)}/{temp_key}/"
+            url = build_absolute_uri(request, path)
+     #Values which are passed to password_reset_key_message.txt
+            context = {
+                "frontend_url": settings.FRONTEND_URL,
+                "user": user,
+                "password_reset_url": url,
+                "request": request,
+                "path": path,
+                "temp_key": temp_key,
+                'user_pk': user_pk_to_url_str(user),
+            }
+
+            if app_settings.AUTHENTICATION_METHOD != app_settings.AuthenticationMethod.EMAIL:
+                context['username'] = user_username(user)
+            get_adapter(request).send_mail(
+                'account/email/password_reset_key', email, context
+            )
+
+        return self.cleaned_data['email']
+    
+
--- a/backend/server/users/serializers.py
+++ b/backend/server/users/serializers.py
@ -2,6 +2,8 @@ from rest_framework import serializers
 from django.contrib.auth import get_user_model

 from adventures.models import Adventure
+from users.forms import CustomAllAuthPasswordResetForm
+from dj_rest_auth.serializers import PasswordResetSerializer

 User = get_user_model()

@ -177,3 +179,13 @@ class CustomUserDetailsSerializer(UserDetailsSerializer):
            public_url = public_url.replace("'", "")
            representation['profile_pic'] = f"{public_url}/media/{instance.profile_pic.name}"
        return representation
+
+class MyPasswordResetSerializer(PasswordResetSerializer):
+
+    def validate_email(self, value):
+        # use the custom reset form
+        self.reset_form = CustomAllAuthPasswordResetForm(data=self.initial_data)
+        if not self.reset_form.is_valid():
+            raise serializers.ValidationError(self.reset_form.errors)
+
+        return value