django-rest-auth/dj_rest_auth/views.py

from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth import login as django_login
from django.contrib.auth import logout as django_logout
from django.core.exceptions import ObjectDoesNotExist
from django.utils.decorators import method_decorator
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.debug import sensitive_post_parameters
from rest_framework import status
from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.response import Response
from rest_framework.views import APIView

from .app_settings import (JWTSerializer, LoginSerializer,
                           PasswordChangeSerializer,
                           PasswordResetConfirmSerializer,
                           PasswordResetSerializer, TokenSerializer,
                           UserDetailsSerializer, create_token, JWT_AUTH_COOKIE)
from .models import TokenModel
from .utils import jwt_encode

sensitive_post_parameters_m = method_decorator(
    sensitive_post_parameters(
        'password', 'old_password', 'new_password1', 'new_password2'
    )
)


class LoginView(GenericAPIView):
    """
    Check the credentials and return the REST Token
    if the credentials are valid and authenticated.
    Calls Django Auth login method to register User ID
    in Django session framework

    Accept the following POST parameters: username, password
    Return the REST Framework Token Object's key.
    """
    permission_classes = (AllowAny,)
    serializer_class = LoginSerializer
    token_model = TokenModel

    @sensitive_post_parameters_m
    def dispatch(self, *args, **kwargs):
        return super(LoginView, self).dispatch(*args, **kwargs)

    def process_login(self):
        django_login(self.request, self.user)

    def get_response_serializer(self):
        if getattr(settings, 'REST_USE_JWT', False):
            response_serializer = JWTSerializer
        else:
            response_serializer = TokenSerializer
        return response_serializer

    def login(self):
        self.user = self.serializer.validated_data['user']

        if getattr(settings, 'REST_USE_JWT', False):
            self.access_token, self.refresh_token = jwt_encode(self.user)
        else:
            self.token = create_token(self.token_model, self.user,
                                      self.serializer)

        if getattr(settings, 'REST_SESSION_LOGIN', True):
            self.process_login()

    def get_response(self):
        serializer_class = self.get_response_serializer()

        if getattr(settings, 'REST_USE_JWT', False):
            data = {
                'user': self.user,
                'access_token': self.access_token,
                'refresh_token': self.refresh_token
            }
            serializer = serializer_class(instance=data,
                                          context={'request': self.request})
        else:
            serializer = serializer_class(instance=self.token,
                                          context={'request': self.request})

        response = Response(serializer.data, status=status.HTTP_200_OK)
        if getattr(settings, 'REST_USE_JWT', False):
            from rest_framework_simplejwt.settings import api_settings as jwt_settings
            if JWT_AUTH_COOKIE:        #this needs to be added to simplejwt
                from datetime import datetime
                expiration = (datetime.utcnow() + jwt_settings.ACCESS_TOKEN_LIFETIME)
                response.set_cookie(JWT_AUTH_COOKIE,     #this needs to be added to simplejwt
                                    self.access_token,
                                    expires=expiration,
                                    httponly=True)
        return response

    def post(self, request, *args, **kwargs):
        self.request = request
        self.serializer = self.get_serializer(data=self.request.data,
                                              context={'request': request})
        self.serializer.is_valid(raise_exception=True)

        self.login()
        return self.get_response()


class LogoutView(APIView):
    """
    Calls Django logout method and delete the Token object
    assigned to the current User object.

    Accepts/Returns nothing.
    """
    permission_classes = (AllowAny,)

    def get(self, request, *args, **kwargs):
        if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False):
            response = self.logout(request)
        else:
            response = self.http_method_not_allowed(request, *args, **kwargs)

        return self.finalize_response(request, response, *args, **kwargs)

    def post(self, request, *args, **kwargs):
        return self.logout(request)

    def logout(self, request):
        try:
            request.user.auth_token.delete()
        except (AttributeError, ObjectDoesNotExist):
            pass
        if getattr(settings, 'REST_SESSION_LOGIN', True):
            django_logout(request)

        response = Response({"detail": _("Successfully logged out.")},
                            status=status.HTTP_200_OK)
        if getattr(settings, 'REST_USE_JWT', False):
            # from rest_framework_simplejwt.settings import api_settings as jwt_settings
            if JWT_AUTH_COOKIE:        #this needs to be added to simplejwt
                response.delete_cookie(JWT_AUTH_COOKIE)    #this needs to be added to simplejwt
        return response


class UserDetailsView(RetrieveUpdateAPIView):
    """
    Reads and updates UserModel fields
    Accepts GET, PUT, PATCH methods.

    Default accepted fields: username, first_name, last_name
    Default display fields: pk, username, email, first_name, last_name
    Read-only fields: pk, email

    Returns UserModel fields.
    """
    serializer_class = UserDetailsSerializer
    permission_classes = (IsAuthenticated,)

    def get_object(self):
        return self.request.user

    def get_queryset(self):
        """
        Adding this method since it is sometimes called when using
        django-rest-swagger
        """
        return get_user_model().objects.none()


class PasswordResetView(GenericAPIView):
    """
    Calls Django Auth PasswordResetForm save method.

    Accepts the following POST parameters: email
    Returns the success/fail message.
    """
    serializer_class = PasswordResetSerializer
    permission_classes = (AllowAny,)

    def post(self, request, *args, **kwargs):
        # Create a serializer with request.data
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        serializer.save()
        # Return the success message with OK HTTP status
        return Response(
            {"detail": _("Password reset e-mail has been sent.")},
            status=status.HTTP_200_OK
        )


class PasswordResetConfirmView(GenericAPIView):
    """
    Password reset e-mail link is confirmed, therefore
    this resets the user's password.

    Accepts the following POST parameters: token, uid,
        new_password1, new_password2
    Returns the success/fail message.
    """
    serializer_class = PasswordResetConfirmSerializer
    permission_classes = (AllowAny,)

    @sensitive_post_parameters_m
    def dispatch(self, *args, **kwargs):
        return super(PasswordResetConfirmView, self).dispatch(*args, **kwargs)

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(
            {"detail": _("Password has been reset with the new password.")}
        )


class PasswordChangeView(GenericAPIView):
    """
    Calls Django Auth SetPasswordForm save method.

    Accepts the following POST parameters: new_password1, new_password2
    Returns the success/fail message.
    """
    serializer_class = PasswordChangeSerializer
    permission_classes = (IsAuthenticated,)

    @sensitive_post_parameters_m
    def dispatch(self, *args, **kwargs):
        return super(PasswordChangeView, self).dispatch(*args, **kwargs)

    def post(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response({"detail": _("New password has been saved.")})
First commit. 2014-04-30 23:52:05 +04:00			`from django.conf import settings`
Add `get_queryset` method to UserDetailsView due to issue with Swagger #275 2016-12-21 22:40:18 +03:00			`from django.contrib.auth import get_user_model`
Fixes references to serializers + isort 2020-03-01 08:56:21 +03:00			`from django.contrib.auth import login as django_login`
			`from django.contrib.auth import logout as django_logout`
Fixed try/catch in logout view 2015-11-24 00:52:59 +03:00			`from django.core.exceptions import ObjectDoesNotExist`
Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`from django.utils.decorators import method_decorator`
Adds ugettext_lazy to more texts Also adds a first german translation. 2016-02-02 17:29:16 +03:00			`from django.utils.translation import ugettext_lazy as _`
Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`from django.views.decorators.debug import sensitive_post_parameters`
First commit. 2014-04-30 23:52:05 +04:00			`from rest_framework import status`
Update docstring for UserDetailsView and cleanup 2016-11-01 01:01:06 +03:00			`from rest_framework.generics import GenericAPIView, RetrieveUpdateAPIView`
Fixes references to serializers + isort 2020-03-01 08:56:21 +03:00			`from rest_framework.permissions import AllowAny, IsAuthenticated`
			`from rest_framework.response import Response`
			`from rest_framework.views import APIView`
First commit. 2014-04-30 23:52:05 +04:00
Fixes references to serializers + isort 2020-03-01 08:56:21 +03:00			`from .app_settings import (JWTSerializer, LoginSerializer,`
			`PasswordChangeSerializer,`
			`PasswordResetConfirmSerializer,`
			`PasswordResetSerializer, TokenSerializer,`
hopefully this should work? 2020-03-20 00:09:20 +03:00			`UserDetailsSerializer, create_token, JWT_AUTH_COOKIE)`
Add support for custom Token model 2016-01-01 00:10:52 +03:00			`from .models import TokenModel`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`from .utils import jwt_encode`

Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`sensitive_post_parameters_m = method_decorator(`
			`sensitive_post_parameters(`
			`'password', 'old_password', 'new_password1', 'new_password2'`
			`)`
			`)`

First commit. 2014-04-30 23:52:05 +04:00
appending all views with View 2015-08-07 13:54:45 +03:00			`class LoginView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Check the credentials and return the REST Token`
			`if the credentials are valid and authenticated.`
			`Calls Django Auth login method to register User ID`
			`in Django session framework`

			`Accept the following POST parameters: username, password`
			`Return the REST Framework Token Object's key.`
			`"""`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00			`serializer_class = LoginSerializer`
Add support for custom Token model 2016-01-01 00:10:52 +03:00			`token_model = TokenModel`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00
Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`@sensitive_post_parameters_m`
			`def dispatch(self, args, *kwargs):`
			`return super(LoginView, self).dispatch(args, *kwargs)`

Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`def process_login(self):`
			`django_login(self.request, self.user)`

* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`def get_response_serializer(self):`
			`if getattr(settings, 'REST_USE_JWT', False):`
			`response_serializer = JWTSerializer`
			`else:`
			`response_serializer = TokenSerializer`
			`return response_serializer`
First commit. 2014-04-30 23:52:05 +04:00
revised user details view 2014-10-02 13:18:23 +04:00			`def login(self):`
support django-rest-framework v3.0 2015-01-09 14:05:14 +03:00			`self.user = self.serializer.validated_data['user']`
fixed code quality 2016-03-01 14:51:01 +03:00
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`if getattr(settings, 'REST_USE_JWT', False):`
change standard auth stuff to work with simplejwt 2020-03-11 13:01:03 +03:00			`self.access_token, self.refresh_token = jwt_encode(self.user)`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`else:`
PEP8 cleanup and small text fixes 2016-12-22 01:08:56 +03:00			`self.token = create_token(self.token_model, self.user,`
			`self.serializer)`
Added tests for JWT, fixed merge issues 2016-02-16 08:42:18 +03:00
			`if getattr(settings, 'REST_SESSION_LOGIN', True):`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`self.process_login()`
Added tests for JWT, fixed merge issues 2016-02-16 08:42:18 +03:00
revised user details view 2014-10-02 13:18:23 +04:00			`def get_response(self):`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`serializer_class = self.get_response_serializer()`

			`if getattr(settings, 'REST_USE_JWT', False):`
			`data = {`
			`'user': self.user,`
change standard auth stuff to work with simplejwt 2020-03-11 13:01:03 +03:00			`'access_token': self.access_token,`
			`'refresh_token': self.refresh_token`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`}`
PEP8 cleanup and small text fixes 2016-12-22 01:08:56 +03:00			`serializer = serializer_class(instance=data,`
			`context={'request': self.request})`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00			`else:`
PEP8 cleanup and small text fixes 2016-12-22 01:08:56 +03:00			`serializer = serializer_class(instance=self.token,`
			`context={'request': self.request})`
* Added support for REST_USE_JWT * Added JWTSerializer * Added JWT encoding support, based on django-rest-framework-jwt * Tests for JWT authentication 2016-01-04 20:45:33 +03:00
LoginView.get_response modified in order to respect rest_framework_jwt.JWT_AUTH_COOKIE setting 2017-06-30 13:59:10 +03:00			`response = Response(serializer.data, status=status.HTTP_200_OK)`
changed for use w/ cookies 2020-03-19 21:37:35 +03:00			`if getattr(settings, 'REST_USE_JWT', False):`
			`from rest_framework_simplejwt.settings import api_settings as jwt_settings`
hopefully this should work? 2020-03-20 00:09:20 +03:00			`if JWT_AUTH_COOKIE: #this needs to be added to simplejwt`
			`from datetime import datetime`
			`expiration = (datetime.utcnow() + jwt_settings.ACCESS_TOKEN_LIFETIME)`
			`response.set_cookie(JWT_AUTH_COOKIE, #this needs to be added to simplejwt`
			`self.access_token,`
			`expires=expiration,`
			`httponly=True)`
LoginView.get_response modified in order to respect rest_framework_jwt.JWT_AUTH_COOKIE setting 2017-06-30 13:59:10 +03:00			`return response`
revised user details view 2014-10-02 13:18:23 +04:00
			`def post(self, request, args, *kwargs):`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00			`self.request = request`
Update configs and changelog for version 0.9.2 2017-10-02 22:52:33 +03:00			`self.serializer = self.get_serializer(data=self.request.data,`
			`context={'request': request})`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`self.serializer.is_valid(raise_exception=True)`
Increased test coverage (#229) * Added twitter login test * pep8 * Fixes missing backend attr issue * Refactored login process * pep8 * Added more tests for twitter social login 2016-07-18 08:06:28 +03:00
revised user details view 2014-10-02 13:18:23 +04:00			`self.login()`
			`return self.get_response()`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class LogoutView(APIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Calls Django logout method and delete the Token object`
			`assigned to the current User object.`

			`Accepts/Returns nothing.`
			`"""`
make all endpoints browsable 2014-11-12 12:33:29 +03:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
Allow logout on GET 2016-01-09 06:11:35 +03:00			`def get(self, request, args, *kwargs):`
Remove dependency on allauth for logout on GET 2016-12-01 04:39:57 +03:00			`if getattr(settings, 'ACCOUNT_LOGOUT_ON_GET', False):`
Change handling for logout on GET + Make it require allauth + Add a note to docs that it’s not a recommended setting 2016-11-27 14:35:11 +03:00			`response = self.logout(request)`
			`else:`
			`response = self.http_method_not_allowed(request, args, *kwargs)`
Allow logout on GET 2016-01-09 06:11:35 +03:00
			`return self.finalize_response(request, response, args, *kwargs)`

Handle extra args and kwargs in all POST endpoints This fixes compatibility with DRF's versioning 2017-10-25 03:14:12 +03:00			`def post(self, request, args, *kwargs):`
Allow logout on GET 2016-01-09 06:11:35 +03:00			`return self.logout(request)`

			`def logout(self, request):`
First commit. 2014-04-30 23:52:05 +04:00			`try:`
			`request.user.auth_token.delete()`
Fixed try/catch in logout view 2015-11-24 00:52:59 +03:00			`except (AttributeError, ObjectDoesNotExist):`
First commit. 2014-04-30 23:52:05 +04:00			`pass`
disable django_logout if REST_SESSION_LOGIN is False 2019-02-03 06:42:24 +03:00			`if getattr(settings, 'REST_SESSION_LOGIN', True):`
			`django_logout(request)`
First commit. 2014-04-30 23:52:05 +04:00
also for cookie deletion 2017-06-30 14:23:56 +03:00			`response = Response({"detail": _("Successfully logged out.")},`
			`status=status.HTTP_200_OK)`
changed for use w/ cookies 2020-03-19 21:37:35 +03:00			`if getattr(settings, 'REST_USE_JWT', False):`
hopefully this should work? 2020-03-20 00:09:20 +03:00			`# from rest_framework_simplejwt.settings import api_settings as jwt_settings`
			`if JWT_AUTH_COOKIE: #this needs to be added to simplejwt`
			`response.delete_cookie(JWT_AUTH_COOKIE) #this needs to be added to simplejwt`
also for cookie deletion 2017-06-30 14:23:56 +03:00			`return response`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class UserDetailsView(RetrieveUpdateAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
Update docstring for UserDetailsView and cleanup 2016-11-01 01:01:06 +03:00			`Reads and updates UserModel fields`
			`Accepts GET, PUT, PATCH methods.`

			`Default accepted fields: username, first_name, last_name`
			`Default display fields: pk, username, email, first_name, last_name`
			`Read-only fields: pk, email`
First commit. 2014-04-30 23:52:05 +04:00
Update docstring for UserDetailsView and cleanup 2016-11-01 01:01:06 +03:00			`Returns UserModel fields.`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
revised user details view 2014-10-02 13:18:23 +04:00			`serializer_class = UserDetailsSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (IsAuthenticated,)`
First commit. 2014-04-30 23:52:05 +04:00
revised user details view 2014-10-02 13:18:23 +04:00			`def get_object(self):`
			`return self.request.user`
First commit. 2014-04-30 23:52:05 +04:00
Add `get_queryset` method to UserDetailsView due to issue with Swagger #275 2016-12-21 22:40:18 +03:00			`def get_queryset(self):`
			`"""`
			`Adding this method since it is sometimes called when using`
			`django-rest-swagger`
			`"""`
			`return get_user_model().objects.none()`

First commit. 2014-04-30 23:52:05 +04:00
appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordResetView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Calls Django Auth PasswordResetForm save method.`

			`Accepts the following POST parameters: email`
			`Returns the success/fail message.`
			`"""`
			`serializer_class = PasswordResetSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`def post(self, request, args, *kwargs):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`# Create a serializer with request.data`
			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
First commit. 2014-04-30 23:52:05 +04:00
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
			`# Return the success message with OK HTTP status`
Flake8 style fixes 2015-04-28 11:22:08 +03:00			`return Response(`
'detail' keyword in success response messages 2016-03-31 11:58:14 +03:00			`{"detail": _("Password reset e-mail has been sent.")},`
Flake8 style fixes 2015-04-28 11:22:08 +03:00			`status=status.HTTP_200_OK`
			`)`
First commit. 2014-04-30 23:52:05 +04:00
Created AUTHORS, MANIFEST.in, and setup.py. + Revised README.md. + AutoPEP8 rest_auth python files. 2014-05-01 00:55:04 +04:00
appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordResetConfirmView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
Update API endpoints docs and docstring https://github.com/Tivix/django-rest-auth/issues/280 2016-12-08 03:12:01 +03:00			`Password reset e-mail link is confirmed, therefore`
			`this resets the user's password.`
First commit. 2014-04-30 23:52:05 +04:00
Update API endpoints docs and docstring https://github.com/Tivix/django-rest-auth/issues/280 2016-12-08 03:12:01 +03:00			`Accepts the following POST parameters: token, uid,`
			`new_password1, new_password2`
First commit. 2014-04-30 23:52:05 +04:00			`Returns the success/fail message.`
			`"""`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer_class = PasswordResetConfirmSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (AllowAny,)`
First commit. 2014-04-30 23:52:05 +04:00
Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`@sensitive_post_parameters_m`
			`def dispatch(self, args, *kwargs):`
			`return super(PasswordResetConfirmView, self).dispatch(args, *kwargs)`

Handle extra args and kwargs in all POST endpoints This fixes compatibility with DRF's versioning 2017-10-25 03:14:12 +03:00			`def post(self, request, args, *kwargs):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
PEP8 cleanup and small text fixes 2016-12-22 01:08:56 +03:00			`return Response(`
			`{"detail": _("Password has been reset with the new password.")}`
			`)`
First commit. 2014-04-30 23:52:05 +04:00

appending all views with View 2015-08-07 13:54:45 +03:00			`class PasswordChangeView(GenericAPIView):`
First commit. 2014-04-30 23:52:05 +04:00			`"""`
			`Calls Django Auth SetPasswordForm save method.`

			`Accepts the following POST parameters: new_password1, new_password2`
			`Returns the success/fail message.`
			`"""`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer_class = PasswordChangeSerializer`
define permission classes inside views 2014-10-24 17:52:07 +04:00			`permission_classes = (IsAuthenticated,)`
First commit. 2014-04-30 23:52:05 +04:00
Add `sensitive_post_parameters` decorator to several views 2016-12-31 23:55:19 +03:00			`@sensitive_post_parameters_m`
			`def dispatch(self, args, *kwargs):`
			`return super(PasswordChangeView, self).dispatch(args, *kwargs)`

Handle extra args and kwargs in all POST endpoints This fixes compatibility with DRF's versioning 2017-10-25 03:14:12 +03:00			`def post(self, request, args, *kwargs):`
bugfix, request.DATA is deprecated, replaced with request.data 2015-08-07 14:31:33 +03:00			`serializer = self.get_serializer(data=request.data)`
raise_exception=True for views 2015-11-23 17:04:56 +03:00			`serializer.is_valid(raise_exception=True)`
password reset and password change refactoring 2014-10-07 17:08:08 +04:00			`serializer.save()`
'detail' keyword in success response messages 2016-03-31 11:58:14 +03:00			`return Response({"detail": _("New password has been saved.")})`