jumpserver/apps/authentication/api/password.py

107 lines
4.0 KiB
Python
Raw Normal View History

2023-10-07 05:07:47 +00:00
import time
2023-07-24 03:52:25 +00:00
from django.core.cache import cache
from django.http import HttpResponseRedirect
2023-07-24 03:52:25 +00:00
from django.shortcuts import reverse
from django.template.loader import render_to_string
from django.utils.translation import gettext as _
from rest_framework.generics import CreateAPIView
from rest_framework.permissions import AllowAny
2023-07-24 03:52:25 +00:00
from rest_framework.response import Response
2023-10-07 05:07:47 +00:00
from authentication.errors import PasswordInvalid, IntervalTooShort
2023-07-24 03:52:25 +00:00
from authentication.mixins import AuthMixin
from authentication.mixins import authenticate
from authentication.serializers import (
PasswordVerifySerializer, ResetPasswordCodeSerializer
)
2023-07-24 03:52:25 +00:00
from common.permissions import IsValidUser
from common.utils import get_object_or_none
from common.utils.random import random_string
from common.utils.verify_code import SendAndVerifyCodeUtil
from settings.utils import get_login_title
from users.models import User
class UserResetPasswordSendCodeApi(CreateAPIView):
permission_classes = (AllowAny,)
serializer_class = ResetPasswordCodeSerializer
@staticmethod
def is_valid_user(**kwargs):
user = get_object_or_none(User, **kwargs)
if not user:
err_msg = _('User does not exist: {}').format(_("No user matched"))
return None, err_msg
if not user.is_local:
err_msg = _(
'The user is from {}, please go to the corresponding system to change the password'
).format(user.get_source_display())
return None, err_msg
return user, None
2023-10-07 05:07:47 +00:00
@staticmethod
def safe_send_code(token, code, target, form_type, content):
token_sent_key = '{}_send_at'.format(token)
token_send_at = cache.get(token_sent_key, 0)
if token_send_at:
raise IntervalTooShort(60)
SendAndVerifyCodeUtil(target, code, backend=form_type, **content).gen_and_send_async()
cache.set(token_sent_key, int(time.time()), 60)
2023-10-07 05:07:47 +00:00
def prepare_code_data(self, user_info, serializer):
username = user_info.get('username')
form_type = serializer.validated_data['form_type']
target = serializer.validated_data[form_type]
if form_type == 'sms':
query_key = 'phone'
target = target.lstrip('+')
else:
query_key = form_type
user, err = self.is_valid_user(username=username, **{query_key: target})
if not user:
2023-10-07 05:07:47 +00:00
raise ValueError(err)
2023-10-07 05:07:47 +00:00
code = random_string(6, lower=False, upper=False)
subject = '%s: %s' % (get_login_title(), _('Forgot password'))
context = {
'user': user, 'title': subject, 'code': code,
}
message = render_to_string('authentication/_msg_reset_password_code.html', context)
2023-10-07 05:07:47 +00:00
content = {'subject': subject, 'message': message}
return code, target, form_type, content
def create(self, request, *args, **kwargs):
token = request.GET.get('token')
user_info = cache.get(token)
if not user_info:
return HttpResponseRedirect(reverse('authentication:forgot-previewing'))
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
try:
code, target, form_type, content = self.prepare_code_data(user_info, serializer)
except ValueError as e:
return Response({'error': str(e)}, status=400)
self.safe_send_code(token, code, target, form_type, content)
return Response({'data': 'ok'}, status=200)
class UserPasswordVerifyApi(AuthMixin, CreateAPIView):
permission_classes = (IsValidUser,)
serializer_class = PasswordVerifySerializer
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
password = serializer.validated_data['password']
user = self.request.user
user = authenticate(request=request, username=user.username, password=password)
if not user:
raise PasswordInvalid
self.mark_password_ok(user)
return Response()