From cbbcd3e65a40aebb112a409368fbcbf581d07353 Mon Sep 17 00:00:00 2001 From: Pablo Silva Date: Thu, 21 Nov 2024 16:58:01 +0000 Subject: [PATCH] Remove old password reset files --- src/users/forms.py | 8 -- .../users/invalid-recovering-email.jinja2 | 22 ---- .../jinja2/users/recover-edit-password.jinja2 | 31 ----- .../jinja2/users/recover-password-code.jinja2 | 31 ----- .../jinja2/users/recover-password.jinja2 | 46 -------- .../users/wrong-verification-code.jinja2 | 22 ---- src/users/services/__init__.py | 1 + src/users/services/email_service.py | 35 ------ src/users/services/encrypt_service.py | 24 ---- src/users/services/user_service.py | 23 ---- src/users/views.py | 107 +----------------- 11 files changed, 4 insertions(+), 346 deletions(-) delete mode 100644 src/users/jinja2/users/invalid-recovering-email.jinja2 delete mode 100644 src/users/jinja2/users/recover-edit-password.jinja2 delete mode 100644 src/users/jinja2/users/recover-password-code.jinja2 delete mode 100644 src/users/jinja2/users/recover-password.jinja2 delete mode 100644 src/users/jinja2/users/wrong-verification-code.jinja2 delete mode 100644 src/users/services/email_service.py delete mode 100644 src/users/services/encrypt_service.py delete mode 100644 src/users/services/user_service.py diff --git a/src/users/forms.py b/src/users/forms.py index 172bfee1..7fb3b6ec 100644 --- a/src/users/forms.py +++ b/src/users/forms.py @@ -171,14 +171,6 @@ def clean(self): return cleaned_data -class RecoverPasswordForm(forms.Form): - username_or_email = forms.CharField(label="username / email", max_length="50") - - -class RecoverPasswordCodeForm(forms.Form): - verification_code = forms.CharField(label="Verification code", max_length="200") - - class UploadMarkerForm(forms.ModelForm): def __init__(self, *args, **kwargs): super(UploadMarkerForm, self).__init__(*args, **kwargs) diff --git a/src/users/jinja2/users/invalid-recovering-email.jinja2 b/src/users/jinja2/users/invalid-recovering-email.jinja2 deleted file mode 100644 index c83aeafa..00000000 --- a/src/users/jinja2/users/invalid-recovering-email.jinja2 +++ /dev/null @@ -1,22 +0,0 @@ -{% extends '/core/arviewer.jinja2' %} - -{% block content %} - -
- - - -
-{% endblock %} \ No newline at end of file diff --git a/src/users/jinja2/users/recover-edit-password.jinja2 b/src/users/jinja2/users/recover-edit-password.jinja2 deleted file mode 100644 index 1d0068a9..00000000 --- a/src/users/jinja2/users/recover-edit-password.jinja2 +++ /dev/null @@ -1,31 +0,0 @@ -{% extends '/core/arviewer.jinja2' %} - -{% block content %} - -
- - - -
-{% endblock %} \ No newline at end of file diff --git a/src/users/jinja2/users/recover-password-code.jinja2 b/src/users/jinja2/users/recover-password-code.jinja2 deleted file mode 100644 index 79fa95ad..00000000 --- a/src/users/jinja2/users/recover-password-code.jinja2 +++ /dev/null @@ -1,31 +0,0 @@ -{% extends '/core/arviewer.jinja2' %} - -{% block content %} - -
- - - -
-{% endblock %} \ No newline at end of file diff --git a/src/users/jinja2/users/recover-password.jinja2 b/src/users/jinja2/users/recover-password.jinja2 deleted file mode 100644 index 1d8efac2..00000000 --- a/src/users/jinja2/users/recover-password.jinja2 +++ /dev/null @@ -1,46 +0,0 @@ -{% extends '/core/arviewer.jinja2' %} - -{% block extra_css%} - -{% endblock %} - -{% block extra_js%} - - {% if recaptcha_enabled %} - - - {% endif %} -{% endblock %} - -{% block content %} -
- - -
-{% endblock %} \ No newline at end of file diff --git a/src/users/jinja2/users/wrong-verification-code.jinja2 b/src/users/jinja2/users/wrong-verification-code.jinja2 deleted file mode 100644 index b3a8ddaf..00000000 --- a/src/users/jinja2/users/wrong-verification-code.jinja2 +++ /dev/null @@ -1,22 +0,0 @@ -{% extends '/core/arviewer.jinja2' %} - -{% block content %} - -
- - - -
-{% endblock %} \ No newline at end of file diff --git a/src/users/services/__init__.py b/src/users/services/__init__.py index e69de29b..f79e22ec 100644 --- a/src/users/services/__init__.py +++ b/src/users/services/__init__.py @@ -0,0 +1 @@ +from .recaptcha_service import * \ No newline at end of file diff --git a/src/users/services/email_service.py b/src/users/services/email_service.py deleted file mode 100644 index fd23ec18..00000000 --- a/src/users/services/email_service.py +++ /dev/null @@ -1,35 +0,0 @@ -import smtplib -from email.mime.multipart import MIMEMultipart -from email.mime.text import MIMEText - -from django.conf import settings - - -class EmailService: - def __init__(self, email_message): - self.smtp_server = settings.SMTP_SERVER - self.smtp_port = settings.SMTP_PORT - self.smtp_user = settings.SMTP_USER - self.smtp_password = settings.SMTP_PASSWORD - self.jandig_email = settings.SMTP_SENDER_MAIL - self.email_message = email_message - - def send_email_to_recover_password(self, multipart_message): - email_server = smtplib.SMTP(self.smtp_server, self.smtp_port) - email_server.starttls() - email_server.login(self.smtp_user, self.smtp_password) - email_server.sendmail( - multipart_message["From"], - multipart_message["To"], - multipart_message.as_string(), - ) - email_server.quit() - - def build_multipart_message(self, user_email): - multipart_message = MIMEMultipart("alternative") - multipart_message["From"] = f"Jandig <{self.jandig_email}>" - multipart_message["To"] = "{}".format(user_email) - multipart_message["Subject"] = "Recover Password" - - multipart_message.attach(MIMEText(self.email_message, "plain")) - return multipart_message diff --git a/src/users/services/encrypt_service.py b/src/users/services/encrypt_service.py deleted file mode 100644 index 6a8e0d1d..00000000 --- a/src/users/services/encrypt_service.py +++ /dev/null @@ -1,24 +0,0 @@ -import hashlib -import secrets -from datetime import datetime - - -class EncryptService: - def generate_verification_code(self, email): - datetime_now = datetime.now() - _year = datetime_now.year - _month = datetime_now.month - _day = datetime_now.day - _hour = datetime_now.hour - _minute = datetime_now.minute - _second = datetime_now.second - _microsec = datetime_now.microsecond - - today = f"{_year}{_month}{_day}{_hour}{_minute}{_second}{_microsec}" - decrypt_code = str(today) + (email * 4) + secrets.token_hex(16) - verification_code = self.generate_hash_code(decrypt_code) - return verification_code - - def generate_hash_code(self, decrypt_code): - hash_code = hashlib.sha256(bytes(decrypt_code, encoding="utf-8")) - return hash_code.hexdigest() diff --git a/src/users/services/user_service.py b/src/users/services/user_service.py deleted file mode 100644 index b79df83e..00000000 --- a/src/users/services/user_service.py +++ /dev/null @@ -1,23 +0,0 @@ -import logging - -from django.contrib.auth.models import User - -log = logging.getLogger("ej") - - -class UserService: - def get_user_email(self, username_or_email): - if "@" in username_or_email: - return username_or_email - user = User.objects.get(username=username_or_email) - log.warning(user) - return user.email - - def check_if_username_or_email_exist(self, username_or_email): - if "@" in username_or_email: - if not User.objects.filter(email=username_or_email).exists(): - return False - else: - if not User.objects.filter(username=username_or_email).exists(): - return False - return True diff --git a/src/users/views.py b/src/users/views.py index 80658a18..8ffba392 100644 --- a/src/users/views.py +++ b/src/users/views.py @@ -8,6 +8,8 @@ login, update_session_auth_hash, ) + +from django.utils.translation import gettext_lazy as _ from django.contrib.auth.decorators import login_required from django.contrib.auth.forms import SetPasswordForm from django.http import Http404, JsonResponse @@ -22,14 +24,12 @@ ExhibitForm, PasswordChangeForm, ProfileForm, - RecoverPasswordCodeForm, - RecoverPasswordForm, SignupForm, UploadMarkerForm, UploadObjectForm, ) from .models import Profile -from .services import ( EmailService,EncryptService ,BOT_SCORE, create_assessment, UserService) +from .services import (BOT_SCORE, create_assessment) from django.urls import reverse_lazy from django.contrib.auth.views import PasswordResetView from django.contrib.messages.views import SuccessMessageMixin @@ -84,107 +84,6 @@ class ResetPasswordView(SuccessMessageMixin, PasswordResetView): "please make sure you've entered the address you registered with, and check your spam folder.") success_url = reverse_lazy('home') -def recover_password(request): - if request.method == "POST": - if settings.RECAPTCHA_ENABLED: - recaptcha_token = request.POST.get("g-recaptcha-response") - assessment = create_assessment( - token=recaptcha_token, recaptcha_action="recover_password" - ) - score = assessment.get("riskAnalysis", {}).get("score", -1) - if score <= BOT_SCORE: - return redirect("home") - - recover_password_form = RecoverPasswordForm(request.POST) - - if recover_password_form.is_valid(): - username_or_email = recover_password_form.cleaned_data.get( - "username_or_email" - ) - user_service = UserService() - username_or_email_is_valid = user_service.check_if_username_or_email_exist( - username_or_email - ) - if not username_or_email_is_valid: - return redirect("invalid_recovering_email_or_username") - - global global_recovering_email - global_recovering_email = user_service.get_user_email(username_or_email) - - global global_verification_code - encrypt_service = EncryptService() - global_verification_code = encrypt_service.generate_verification_code( - global_recovering_email - ) - - build_message_and_send_to_user(global_recovering_email) - - return redirect("recover-code") - - recover_password_form = RecoverPasswordForm() - return render( - request, - "users/recover-password.jinja2", - { - "form": recover_password_form, - "recaptcha_enabled": settings.RECAPTCHA_ENABLED, - "recaptcha_site_key": settings.RECAPTCHA_SITE_KEY, - }, - ) - - -def build_message_and_send_to_user(email): - message = f"You have requested a new password. This is your verification code: {global_verification_code}\nCopy it and put into the field." - email_service = EmailService(message) - multipart_message = email_service.build_multipart_message(email) - email_service.send_email_to_recover_password(multipart_message) - - -def recover_code(request): - if request.method == "POST": - form = RecoverPasswordCodeForm(request.POST) - - if form.is_valid(): - code = form.cleaned_data.get("verification_code") - - log.warning("Inserido: %s", code) - log.warning("Correto: %s", global_verification_code) - - if code == global_verification_code: - global recover_password_user - recover_password_user = User.objects.get(email=global_recovering_email) - return redirect("recover-edit-password") - - return redirect("wrong-verification-code") - return redirect("home") - - form = RecoverPasswordCodeForm() - return render(request, "users/recover-password-code.jinja2", {"form": form}) - - -def recover_edit_password(request): - if request.method == "POST": - form = SetPasswordForm(recover_password_user, data=request.POST) - - if form.is_valid(): - form.save() - - return redirect("login") - else: - form = SetPasswordForm(recover_password_user) - - return render(request, "users/recover-edit-password.jinja2", {"form": form}) - - -@require_http_methods(["GET"]) -def wrong_verification_code(request): - return render(request, "users/wrong-verification-code.jinja2") - - -@require_http_methods(["GET"]) -def invalid_recovering_email_or_username(request): - return render(request, "users/invalid-recovering-email.jinja2") - @login_required @require_http_methods(["GET"])