implement password reset via hashed email address

6 years ago · 2206ef352e
6 changed files with 69 additions and 3 deletions
--- a/bam/admin.py
+++ b/bam/admin.py
@ -1,3 +1,17 @@
				@@ -1,3 +1,17 @@
 from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.models import User
+from .models import Account

-# Register your models here.
+
+class AccountInline(admin.StackedInline):
+    model = Account
+    can_delete = False
+
+
+class UserAdmin(BaseUserAdmin):
+    inlines = (AccountInline,)
+
+
+admin.site.unregister(User)
+admin.site.register(User, UserAdmin)
--- a/bam/forms.py
+++ b/bam/forms.py
@ -0,0 +1,13 @@
				@@ -0,0 +1,13 @@
+import hashlib
+from django.contrib.auth.forms import PasswordResetForm
+from bam.models import Account
+
+
+class HashedEmailPasswordResetForm(PasswordResetForm):
+    def get_users(self, email):
+        hashed_email = hashlib.sha256(bytes(email, 'utf-8')).hexdigest()
+        accounts = Account.objects.filter(hashed_email=hashed_email)
+        if accounts.count() > 0:
+            return (a.user for a in accounts if a.user.has_usable_password())
+        else:
+            return super().get_users(email)
--- a/bam/migrations/0001_initial.py
+++ b/bam/migrations/0001_initial.py
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+# Generated by Django 2.2 on 2019-04-28 10:12
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Account',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('hashed_email', models.CharField(max_length=128)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/bam/models.py
+++ b/bam/models.py
@ -1,3 +1,10 @@
				@@ -1,3 +1,10 @@
 from django.db import models
+from django.contrib.auth.models import User

-# Create your models here.
+
+class Account(models.Model):
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    hashed_email = models.CharField(max_length=128)
+
+    def __str__(self):
+        return '%s' % (self.user.username)
--- a/bam/urls.py
+++ b/bam/urls.py
@ -3,6 +3,7 @@ from django.urls import path
				@@ -3,6 +3,7 @@ from django.urls import path
 from django.urls import include
 from django.views.generic.base import RedirectView
 from bam.views import ProfileView
+from bam.forms import HashedEmailPasswordResetForm
 import django.contrib.auth.views as auth_views

 urlpatterns = [
@ -28,7 +29,8 @@ urlpatterns = [
				@@ -28,7 +29,8 @@ urlpatterns = [
         name='password_change_done'),
    path('password_reset/',
         auth_views.PasswordResetView.as_view(
-             template_name='bam/password_reset.html'
+             template_name='bam/password_reset.html',
+             form_class=HashedEmailPasswordResetForm
         ),
         name='password_reset'),
    path('password_reset_done/',
@ -51,4 +53,8 @@ urlpatterns = [
				@@ -51,4 +53,8 @@ urlpatterns = [
             template_name='bam/password_reset_complete.html'
         ),
         name='password_reset_complete'),
+
+    #path('password_reset_hashed/',
+    #     PasswordResetHashedView.as_view(),
+    #     name='password_reset_hashed'),
 ]
--- a/bam/views.py
+++ b/bam/views.py
@ -1,5 +1,6 @@
				@@ -1,5 +1,6 @@
 from django.views.generic.base import TemplateView
 from django.contrib.auth.mixins import LoginRequiredMixin

+
 class ProfileView(LoginRequiredMixin, TemplateView):
    template_name = 'bam/profile.html'