From 1ea6cb0c0b1a8705c943a59fe28e541e15ef6e3d Mon Sep 17 00:00:00 2001
From: Zambom <erikzambom@hotmail.com>
Date: Mon, 26 Dec 2016 17:15:52 -0200
Subject: [PATCH] Adding password recovering

---
 amadeus/settings.py                                |  2 +-
 amadeus/templates/recover_pass_email_template.html | 27 +++++++++++++++++++++++++++
 users/forms.py                                     | 29 ++++++++++++++++++++++++++++-
 users/templates/users/forgot_password.html         | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 users/templates/users/login.html                   |  2 +-
 users/urls.py                                      |  2 ++
 users/views.py                                     | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 7 files changed, 203 insertions(+), 8 deletions(-)
 create mode 100644 amadeus/templates/recover_pass_email_template.html
 create mode 100644 users/templates/users/forgot_password.html

diff --git a/amadeus/settings.py b/amadeus/settings.py
index 1375de7..bea5236 100644
--- a/amadeus/settings.py
+++ b/amadeus/settings.py
@@ -180,7 +180,7 @@ LOGS_URL = 'logs/'
 
 # E-mail
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-DEFAULT_FROM_EMAIL = 'admin@admin.com'
+DEFAULT_FROM_EMAIL = 'admin@amadeus.com.br'
 
 # Messages
 from django.contrib.messages import constants as messages_constants
diff --git a/amadeus/templates/recover_pass_email_template.html b/amadeus/templates/recover_pass_email_template.html
new file mode 100644
index 0000000..9b99948
--- /dev/null
+++ b/amadeus/templates/recover_pass_email_template.html
@@ -0,0 +1,27 @@
+{% extends 'base.html' %}
+
+{% load i18n %}
+
+{% block nav %}
+{% endblock %}
+
+{% block breadcrumbs %}
+{% endblock %}
+
+{% block sidebar %}
+{% endblock sidebar %}
+
+{% autoescape off %}
+
+{% blocktrans %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktrans %}
+
+{% trans "Please go to the following page and choose a new password:" %}
+
+{% block reset_link %}
+    {{ domain }}{% url 'users:reset_password_confirm' uidb64=uid token=token %} 
+    <!--This is the only change from ` django/contrib/admin/templates/registration/password_reset_subject.html`. the url name is commented out in urls.py section. The view associated with the url is going to described later in this post. -->
+{% endblock %}
+
+{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
+
+{% endautoescape %}
\ No newline at end of file
diff --git a/users/forms.py b/users/forms.py
index 8aa0c87..23b8658 100644
--- a/users/forms.py
+++ b/users/forms.py
@@ -3,12 +3,25 @@ from django import forms
 from django.utils.translation import ugettext_lazy as _
 from rolepermissions.shortcuts import assign_role
 from django.contrib.auth import update_session_auth_hash
+from django.core.validators import validate_email
+from django.core.exceptions import ValidationError
 from .models import User
 
 class Validation(forms.ModelForm):
 	MIN_PASS_LENGTH = 8
 	MAX_UPLOAD_SIZE = 2*1024*1024
 
+	def clean_email(self):
+		email = self.cleaned_data.get('email', '')
+
+		try:
+			validate_email( email )
+			return email
+		except ValidationError:
+			self._errors['email'] = [_('You must insert an email address')]
+			
+			return ValueError
+
 	def clean_image(self):
 		image = self.cleaned_data.get('image', False)
 
@@ -170,4 +183,18 @@ class ChangePassForm(Validation):
 		}
 		widgets = {
 			'password': forms.PasswordInput
-		}
\ No newline at end of file
+		}
+
+class PassResetRequest(forms.Form):
+	email = forms.CharField(label = _('Email'), max_length = 254)
+
+	def clean_email(self):
+		email = self.cleaned_data.get('email', '')
+
+		try:
+			validate_email( email )
+			return email
+		except ValidationError:
+			self._errors['email'] = [_('You must insert an email address')]
+			
+			return ValueError		
\ No newline at end of file
diff --git a/users/templates/users/forgot_password.html b/users/templates/users/forgot_password.html
new file mode 100644
index 0000000..6b1a9f6
--- /dev/null
+++ b/users/templates/users/forgot_password.html
@@ -0,0 +1,84 @@
+{% extends 'base.html' %}
+
+{% load static i18n %}
+{% load widget_tweaks %}
+
+{% block nav %}
+{% endblock %}
+
+{% block breadcrumbs %}
+{% endblock %}
+
+{% block sidebar %}
+{% endblock sidebar %}
+
+{% block content %}
+	<div class="row">
+		<div class="col-sm-7 col-sm-offset-4 col-md-6 col-md-offset-4 col-xs-8 col-xs-offset-3 col-lg-6 col-lg-offset-4  col-xl-6 col-xl-offset-4 ">
+			<div class="col-sm-9 col-sm-offset-2 col-md-8 col-md-offset-2 col-xs-9 col-xs-offset-2  col-lg-8 col-lg-offset-2  col-xl-8 col-xl-offset-2">
+				<img src="{% static 'img/amadeus.png' %}" class="img-responsive center-block logo-login " alt="logo amadeus">
+			</div>
+		</div>
+	</div>
+	<div class="row">
+		<div class="col-lg-8 col-lg-offset-3 col-md-8 col-md-offset-3 col-sm-9 col-sm-offset-3 col-xs-10 col-xs-offset-2">
+    		{% if messages %}
+    			{% for message in messages %}
+    				<div class="alert alert-{{ message.tags }} alert-dismissible" role="alert">
+      					<button type="button" class="close" data-dismiss="alert" aria-label="Close">
+        					<span aria-hidden="true">&times;</span>
+      					</button>
+      					<p>{{ message }}</p>
+    				</div>
+    			{% endfor %}
+    		{% endif %}
+    		<div class="card">
+      			<div class="card-block">
+        			<div class="row">
+          				<div class="col-md-12 text-center">
+            				<h2 style="color:#43a251"><strong> {% trans 'Forgot Password' %} </strong></h2>
+            				<p>{% trans 'Enter your email below (the one used to access the platform) to recover your password' %}</p>
+          				</div>
+        			</div>
+        			
+        			<form id="form-reset" method="post" action="">
+          				{% csrf_token %}
+          				{% for field in form %}
+          					<div class="col-md-10 col-md-offset-1">
+	          					<div class="form-group{% if form.has_error %} has-error {% endif %}">
+	          						{% if field.field.required %}
+										<label for="{{ field.auto_id }}" class="control-label">{{ field.label }} <span>*</span></label>
+									{% else %}
+										<label for="{{ field.auto_id }}" class="control-label">{{ field.label }}</label>
+									{% endif %}
+									{% render_field field class='form-control' %}
+									<span id="helpBlock" class="help-block">{{ field.help_text }}</span>
+									{% if field.errors %}
+										<div class="alert alert-danger alert-dismissible" role="alert">
+						  					<button type="button" class="close" data-dismiss="alert" aria-label="Close">
+						  						<span aria-hidden="true">&times;</span>
+												</button>
+											<ul>
+												{% for error in field.errors %}
+													<li>{{ error }}</li>
+												{% endfor %}
+											</ul>
+										</div>
+									{% endif %}
+	            				</div>
+	            			</div>
+          				{% endfor %}
+        			</form>
+        			<div class="row">
+          				<div class="col-md-5 col-xs-6 col-sm-6 col-lg-5 col-lg-offset-1 col-md-offset-1 text-center">
+            				<button type="submit" class="btn btn-success btn-raised btn-block" form="form-reset" style="position: initial;"> {% trans 'Recover' %} </button>
+          				</div>
+          				<div class="col-md-5 col-xs-6 col-sm-6 col-lg-5 text-center">
+            				<a class="btn btn-default btn-raised btn-block" href="{% url 'users:login' %}" formaction="#" style="position: initial;">{% trans 'Back' %}</a>
+          				</div>
+        			</div>
+        		</div>
+      		</div>
+    	</div>
+  	</div>
+{% endblock %}
\ No newline at end of file
diff --git a/users/templates/users/login.html b/users/templates/users/login.html
index 178d7f3..b794965 100644
--- a/users/templates/users/login.html
+++ b/users/templates/users/login.html
@@ -65,7 +65,7 @@
         </div>
         <div class="row">
           <div class="col-md-offset-1 col-md-10 text-right forgotPassword">
-            <a href="#">{% trans 'Forgot your password?' %}</a>
+            <a href="{% url 'users:forgot_pass' %}">{% trans 'Forgot your password?' %}</a>
           </div>
         </div>
       </div>
diff --git a/users/urls.py b/users/urls.py
index 01b8252..41f05f6 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -7,6 +7,8 @@ urlpatterns = [
 	url(r'^login/$', views.login, name='login'),
 	url(r'^logout/$', auth_views.logout, {'next_page': 'users:login'}, name='logout'),
 	url(r'^signup/$', views.RegisterUser.as_view(), name = 'signup'),
+	url(r'^forgot_password/$', views.ForgotPassword.as_view(), name = 'forgot_pass'),
+	url(r'^reset_password_confirm/(?P<uidb64>[0-9A-Za-z]+)-(?P<token>.+)/$', views.ForgotPassword.as_view(), name = 'reset_password_confirm'), 
 	url(r'^$', views.UsersListView.as_view(), name = 'manage'),
 	url(r'^create/$', views.CreateView.as_view(), name = 'create'),
 	url(r'^edit/(?P<email>[\w.%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4})/$', views.UpdateView.as_view(), name='update'),
diff --git a/users/views.py b/users/views.py
index aea0707..e05f3d7 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,6 +1,4 @@
-from django.http import Http404
 from django.shortcuts import get_object_or_404,redirect, render
-from django.db.models import Q
 from django.views import generic
 from django.contrib import messages
 from rolepermissions.mixins import HasRoleMixin
@@ -10,11 +8,17 @@ from django.core.urlresolvers import reverse, reverse_lazy
 from django.utils.translation import ugettext_lazy as _
 from rolepermissions.shortcuts import assign_role
 from rolepermissions.verifications import has_role
-from itertools import chain
-from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 
 from .models import User
-from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm
+from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm, PassResetRequest
+
+#RECOVER PASS IMPORTS
+from django.contrib.auth.tokens import default_token_generator
+from django.core.mail import send_mail
+from django.conf import settings
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
+from django.template import loader
 
 #API IMPORTS
 from rest_framework import viewsets
@@ -342,6 +346,57 @@ class RegisterUser(generic.edit.CreateView):
 
 		return super(RegisterUser, self).form_valid(form)
 
+class ForgotPassword(generic.FormView):
+	template_name = "users/forgot_password.html"
+	success_url = reverse_lazy('users:login')
+	form_class = PassResetRequest
+
+	def get_context_data(self, **kwargs):
+		context = super(ForgotPassword, self).get_context_data(**kwargs)
+		context['title'] = _('Forgot Password')
+
+		return context
+
+	def post(self, request, *args, **kwargs):
+		form = self.get_form()
+
+		if form.is_valid():
+			email = form.cleaned_data['email']
+
+			users = User.objects.filter(email = email)
+
+			if users.exists():
+				for user in users:
+					c = {
+						'email': user.email,
+						'domain': 'amadeus.com.br', #or your domain
+						'site_name': 'Amadeus',
+						'uid': urlsafe_base64_encode(force_bytes(user.pk)),
+						'user': user,
+						'token': default_token_generator.make_token(user),
+						'protocol': 'http',
+					}
+
+					subject_template_name='registration/password_reset_subject.txt'
+					email_template_name = 'recover_pass_email_template.html'
+					
+					subject = loader.render_to_string(subject_template_name, c)
+	                # Email subject *must not* contain newlines
+					subject = ''.join(subject.splitlines())
+					email = loader.render_to_string(email_template_name, c)
+					
+					send_mail(subject, email, settings.DEFAULT_FROM_EMAIL , [user.email], fail_silently=False)
+
+				result = self.form_valid(form)
+				messages.success(request, _("An email has been sent to the informed address. Please check its inbox to continue reseting password."))
+				
+				return result
+		
+		result = self.form_invalid(form)
+		messages.error(request, _('No user is associated with this email address'))
+		
+		return result
+
 def login(request):
 	context = {}
 	context['title'] = _('Log In')
--
libgit2 0.21.2