Add Code Password Reset to the Bootstrapper #343
Conversation
eliasbiagioninc
force-pushed
the
feature/reset-password-with-code
branch
from
c3e6443 to
a63e1e1
Compare
There was a problem hiding this comment.
This File was removed in previous PR
https://github.com/thinknimble/tn-spa-bootstrapper/pull/342/files#diff-aac3f44fc0f22c134fc34e8d62146d1783fab4e5f5329fba6da74e9d2ef56a4a
I don't think this should be added back 🤔
| return ( | ||
| <MultiPlatformSafeAreaView safeAreaClassName="h-full mt-5"> | ||
| <View className="w-full content-center mx-auto py-10 bg-slate-200 rounded-lg items-center px-4"> | ||
| <Text textClassName="text-black text-3xl" variant="bold"> |
There was a problem hiding this comment.
| <Text textClassName="text-black text-3xl" variant="bold"> | |
| <Text className="text-primary-bold text-black text-3xl"> |
| @@ -0,0 +1,64 @@ | |||
| import { MultiPlatformSafeAreaView } from '@components/multi-platform-safe-area-view' | |||
| import { BounceableWind } from '@components/styled' | |||
| import { Text } from '@components/text' | |||
There was a problem hiding this comment.
| import { Text } from '@components/text' | |
| import { Text } from 'react-native' |
| @@ -14,3 +14,30 @@ export const customFonts = { | |||
| [`${baseFamily}-MediumItalic` as const]: require(`../../assets/fonts/${baseFamily}-MediumItalic.${fontFormat}`), | |||
| [`${baseFamily}-Regular` as const]: require(`../../assets/fonts/${baseFamily}-Regular.${fontFormat}`), | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
We removed this in a previous PR.
|
|
||
| @property | ||
| def is_valid(self): | ||
| return not (self.is_used | (self.created > now() + timedelta(minutes=settings.RESET_PASSWORD_CODE_VALIDITY_MINUTES))) |
There was a problem hiding this comment.
if a code is used, wouldn't we just delete the model instance?
| self.context.get("user") | ||
| .reset_password_codes.filter(created__gte=(timezone.now() - timedelta(minutes=settings.RESET_PASSWORD_CODE_VALIDITY_MINUTES))) | ||
| .first() | ||
| ) |
There was a problem hiding this comment.
shouldn't they only ever have a single code at any moment? If it expires, then it fails validation.
If they request a new one, the old one should be deleted.
| from .dispatchers import new_reset_password_code_created_ds | ||
|
|
||
| # Logger | ||
| logger = logging.getLogger(__name__) |
There was a problem hiding this comment.
we know it's a logger. No need for a code comment
| email = kwargs.get("email") | ||
| user = User.objects.filter(email=email).first() | ||
| if not user: | ||
| raise ValidationError(detail={"non_field_errors": ["User not found with that email"]}) |
There was a problem hiding this comment.
Security issue. Someone could use this to determine what users are in the DB.
I would just fail validation with a generic error. The error should be the same regardless of the reason (ex: bad code vs bad email)
What this does
Switch from password reset email links to 7-digit codes for resetting passwords. Discussion Add Code Password Reset to the Bootstrapper
Checklist
How to test
Add user steps to achieve desired functionality for this feature.