Moves landing views into directory

2021-10-16 11:45:55 -07:00
parent 86824ff1cb
commit 290039ac66
6 changed files with 8 additions and 6 deletions
--- a/bookwyrm/views/landing/password.py
+++ b/bookwyrm/views/landing/password.py
@ -0,0 +1,84 @@
+""" class views for password management """
+from django.contrib.auth import login
+from django.core.exceptions import PermissionDenied
+from django.shortcuts import redirect
+from django.template.response import TemplateResponse
+from django.utils.translation import gettext_lazy as _
+from django.views import View
+
+from bookwyrm import models
+from bookwyrm.emailing import password_reset_email
+
+
+# pylint: disable= no-self-use
+class PasswordResetRequest(View):
+    """forgot password flow"""
+
+    def get(self, request):
+        """password reset page"""
+        return TemplateResponse(
+            request,
+            "landing/password_reset_request.html",
+        )
+
+    def post(self, request):
+        """create a password reset token"""
+        email = request.POST.get("email")
+        try:
+            user = models.User.viewer_aware_objects(request.user).get(
+                email=email, email__isnull=False
+            )
+        except models.User.DoesNotExist:
+            data = {"error": _("No user with that email address was found.")}
+            return TemplateResponse(
+                request, "landing/password_reset_request.html", data
+            )
+
+        # remove any existing password reset cods for this user
+        models.PasswordReset.objects.filter(user=user).all().delete()
+
+        # create a new reset code
+        code = models.PasswordReset.objects.create(user=user)
+        password_reset_email(code)
+        data = {"message": _(f"A password reset link was sent to {email}")}
+        return TemplateResponse(request, "landing/password_reset_request.html", data)
+
+
+class PasswordReset(View):
+    """set new password"""
+
+    def get(self, request, code):
+        """endpoint for sending invites"""
+        if request.user.is_authenticated:
+            return redirect("/")
+        try:
+            reset_code = models.PasswordReset.objects.get(code=code)
+            if not reset_code.valid():
+                raise PermissionDenied()
+        except models.PasswordReset.DoesNotExist:
+            raise PermissionDenied()
+
+        return TemplateResponse(request, "landing/password_reset.html", {"code": code})
+
+    def post(self, request, code):
+        """allow a user to change their password through an emailed token"""
+        try:
+            reset_code = models.PasswordReset.objects.get(code=code)
+        except models.PasswordReset.DoesNotExist:
+            data = {"errors": ["Invalid password reset link"]}
+            return TemplateResponse(request, "landing/password_reset.html", data)
+
+        user = reset_code.user
+
+        new_password = request.POST.get("password")
+        confirm_password = request.POST.get("confirm-password")
+
+        if new_password != confirm_password:
+            data = {"errors": ["Passwords do not match"]}
+            return TemplateResponse(request, "landing/password_reset.html", data)
+
+        user.set_password(new_password)
+        user.save(broadcast=False, update_fields=["password"])
+        login(request, user)
+        reset_code.delete()
+        return redirect("/")