implement password reset via hashed email address

bam/admin.py

@@ -1,3 +1,17 @@
 from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
+from django.contrib.auth.models import User
+from .models import Account
 
-# Register your models here.
+
+class AccountInline(admin.StackedInline):
+    model = Account
+    can_delete = False
+
+
+class UserAdmin(BaseUserAdmin):
+    inlines = (AccountInline,)
+
+
+admin.site.unregister(User)
+admin.site.register(User, UserAdmin)

bam/forms.py

@@ -0,0 +1,13 @@
+import hashlib
+from django.contrib.auth.forms import PasswordResetForm
+from bam.models import Account
+
+
+class HashedEmailPasswordResetForm(PasswordResetForm):
+    def get_users(self, email):
+        hashed_email = hashlib.sha256(bytes(email, 'utf-8')).hexdigest()
+        accounts = Account.objects.filter(hashed_email=hashed_email)
+        if accounts.count() > 0:
+            return (a.user for a in accounts if a.user.has_usable_password())
+        else:
+            return super().get_users(email)

bam/migrations/0001_initial.py

@@ -0,0 +1,25 @@
+# Generated by Django 2.2 on 2019-04-28 10:12
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Account',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('hashed_email', models.CharField(max_length=128)),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

bam/models.py

@@ -1,3 +1,10 @@
 from django.db import models
+from django.contrib.auth.models import User
 
-# Create your models here.
+
+class Account(models.Model):
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    hashed_email = models.CharField(max_length=128)
+
+    def __str__(self):
+        return '%s' % (self.user.username)

bam/urls.py

@@ -3,6 +3,7 @@ from django.urls import path
 from django.urls import include
 from django.views.generic.base import RedirectView
 from bam.views import ProfileView
+from bam.forms import HashedEmailPasswordResetForm
 import django.contrib.auth.views as auth_views
 
 urlpatterns = [
@@ -28,7 +29,8 @@ urlpatterns = [
          name='password_change_done'),
     path('password_reset/',
          auth_views.PasswordResetView.as_view(
-             template_name='bam/password_reset.html'
+             template_name='bam/password_reset.html',
+             form_class=HashedEmailPasswordResetForm
          ),
          name='password_reset'),
     path('password_reset_done/',
@@ -51,4 +53,8 @@ urlpatterns = [
              template_name='bam/password_reset_complete.html'
          ),
          name='password_reset_complete'),
+
+    #path('password_reset_hashed/',
+    #     PasswordResetHashedView.as_view(),
+    #     name='password_reset_hashed'),
 ]

bam/views.py

@@ -1,5 +1,6 @@
 from django.views.generic.base import TemplateView
 from django.contrib.auth.mixins import LoginRequiredMixin
 
+
 class ProfileView(LoginRequiredMixin, TemplateView):
     template_name = 'bam/profile.html'