Source code for jwt_allauth.password_change.serializers
from django.conf import settings
from django.contrib.auth.forms import SetPasswordForm
from django.utils.translation import gettext_lazy as _
from rest_framework import serializers
from jwt_allauth.tokens.models import RefreshTokenWhitelistModel
[docs]
class PasswordChangeSerializer(serializers.Serializer):
old_password = serializers.CharField(max_length=128, write_only=True)
new_password1 = serializers.CharField(max_length=128, write_only=True)
new_password2 = serializers.CharField(max_length=128, write_only=True)
set_password_form_class = SetPasswordForm
def __init__(self, *args, **kwargs):
self.old_password_field_enabled = getattr(
settings, 'OLD_PASSWORD_FIELD_ENABLED', True
)
self.logout_on_password_change = getattr(
settings, 'LOGOUT_ON_PASSWORD_CHANGE', True
)
super(PasswordChangeSerializer, self).__init__(*args, **kwargs)
if not self.old_password_field_enabled:
self.fields.pop('old_password')
self.request = self.context.get('request')
self.user = getattr(self.request, 'user', None)
[docs]
def validate_old_password(self, value):
invalid_password_conditions = (
self.old_password_field_enabled,
self.user,
not self.user.check_password(value)
)
if all(invalid_password_conditions):
err_msg = _("Your old password was entered incorrectly. Please enter it again.")
raise serializers.ValidationError(err_msg)
return value
[docs]
def validate(self, attrs):
self.set_password_form = self.set_password_form_class(
user=self.user, data=attrs
)
if not self.set_password_form.is_valid():
raise serializers.ValidationError(self.set_password_form.errors)
return attrs
[docs]
def save(self):
self.set_password_form.save()
if self.logout_on_password_change:
RefreshTokenWhitelistModel.objects.filter(user=self.request.user.id).exclude(
session=self.request.auth['session']
).delete()
else:
from django.contrib.auth import update_session_auth_hash
update_session_auth_hash(self.request, self.user)