diff --git a/alkatorapi/models.py b/alkatorapi/models.py
index be1aaf0..f9539f8 100644
--- a/alkatorapi/models.py
+++ b/alkatorapi/models.py
@@ -58,6 +58,7 @@ class Profile(models.Model):
first_name = models.CharField(max_length=120)
last_name = models.CharField(max_length=120)
phone = models.CharField(max_length=120, null=True, blank=True)
+ forgotten_password_code = models.CharField(max_length=120, null=True, blank=True)
address = models.CharField(max_length=255, null=True, blank=True)
def __str__(self):
diff --git a/alkatorapi/views.py b/alkatorapi/views.py
index cb04967..4d58427 100644
--- a/alkatorapi/views.py
+++ b/alkatorapi/views.py
@@ -15,6 +15,7 @@ from datetime import date, datetime, timedelta
from dateutil.relativedelta import relativedelta
from weasyprint import HTML
from urllib.parse import parse_qs
+import secrets
import requests
import json
import glob
@@ -70,21 +71,50 @@ def register_user(request):
return HttpResponse('{"success":"Úspěšná registrace!", "redirect":"/#"}', content_type='application/json')
+@csrf_exempt
+def forgotten_password(request):
+ if not request.POST['email']:
+ return HttpResponse('{"reason":"Email je povinný!"}', status=400, content_type='application/json')
+ if not request.POST['password1'] or not request.POST['password2']:
+ return HttpResponse('{"reason":"Heslo je povinné!"}', status=400, content_type='application/json')
+ if request.POST['password1'] != request.POST['password2']:
+ return HttpResponse('{"reason":"Hesla se neshodují!"}', status=400, content_type='application/json')
+ if not request.POST['code']:
+ return HttpResponse('{"reason":"Kód pro obnovení hesla je povinný!"}', status=400, content_type='application/json')
+ user = DjangoUser.objects.get(username=request.POST['email'])
+ if user.profile.forgotten_password_code != request.POST['code']:
+ return HttpResponse('{"reason":"Špatný kód!"}', status=400, content_type='application/json')
+ user.set_password(request.POST['password1'])
+ user.save()
+ auth_login(request, user)
+
+
@csrf_exempt
def login(request):
- try:
- user = authenticate(request, username=request.POST['email'], password=request.POST['password'])
- except MultiValueDictKeyError:
- return HttpResponse('{"reason":"Nezadané jméno nebo heslo!"}', status=400, content_type='application/json')
- if user is not None:
- auth_login(request, user)
- return HttpResponse('{"success":"Úspěšně přihlášen uživatel '+ user.email + '", "redirect":"/#"}', content_type='application/json')
+ if "forgotten_password" in request.POST:
+ email = request.POST["email"]
+ user = DjangoUser.objects.get(username=email)
+ code = secrets.token_urlsafe(10)
+ user.profile.forgotten_password_code = code
+ user.profile.save()
+ mail = EmailMessage("zapomenuté heslo v Alkátor Race", f"""{code}""", "info@alkator.cz", [request.POST["email"]])
+ mail.send()
+ return HttpResponse('{"success":"Úspěšně poslán kód pro obnovení hesla uživatele '+ user.email + '", "redirect":"/#forgotten_password"}', content_type='application/json')
else:
- return HttpResponse('{"reason":"Nesprávné jméno nebo heslo!"}', status=400, content_type='application/json')
+ try:
+ user = authenticate(request, username=request.POST['email'], password=request.POST['password'])
+ except MultiValueDictKeyError:
+ return HttpResponse('{"reason":"Nezadané jméno nebo heslo!"}', status=400, content_type='application/json')
+ if user is not None:
+ auth_login(request, user)
+ return HttpResponse('{"success":"Úspěšně přihlášen uživatel '+ user.email + '", "redirect":"/#"}', content_type='application/json')
+ else:
+ return HttpResponse('{"reason":"Nesprávné jméno nebo heslo!"}', status=400, content_type='application/json')
@csrf_exempt
def logout(request):
+
auth_logout(request)
return redirect("/#")
diff --git a/frontend/src/scripts/index.js b/frontend/src/scripts/index.js
index 8bf5293..43c1289 100644
--- a/frontend/src/scripts/index.js
+++ b/frontend/src/scripts/index.js
@@ -474,7 +474,7 @@ class Main extends Component {
-
+
@@ -493,6 +493,29 @@ class Main extends Component {
}
+ {this.state.page == "#forgotten_password" &&
+
+ }
{this.state.page == "#login" &&
+