make token validation in PasswordResetConfirmSerializer is the first thing to do in validate() method

2024-12-03 06:13:43 +03:00 · 2020-05-10 18:05:30 +02:00 · 2020-05-10 18:05:30 +02:00 · 5f137da930
commit 5f137da930
parent bffec48e01
1 changed files with 3 additions and 2 deletions
--- a/dj_rest_auth/serializers.py
+++ b/dj_rest_auth/serializers.py
@ -208,6 +208,9 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
    def validate(self, attrs):
        self._errors = {}

+        if not default_token_generator.check_token(self.user, attrs['token']):
+            raise ValidationError({'token': ['Invalid value']})
+
        # Decode the uidb64 to uid to get User object
        try:
            uid = force_text(uid_decoder(attrs['uid']))
@ -222,8 +225,6 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
        )
        if not self.set_password_form.is_valid():
            raise serializers.ValidationError(self.set_password_form.errors)
-        if not default_token_generator.check_token(self.user, attrs['token']):
-            raise ValidationError({'token': ['Invalid value']})

        return attrs