Merge branch 'release/1.3.11' into 'master'

Commit com a correção do problema com tokens para recuperar senhas See merge request !7

Merge branch 'release/1.3.11' into 'master'
Commit com a correção do problema com tokens para recuperar senhas See merge request !7
6fd07b3f · Marcos Felipe Barboza · 96ac544a · cf6b8135 · 6fd07b3f · 6fd07b3f
Commit 6fd07b3f authored Jun 04, 2020 by Marcos Felipe Barboza
4 changed files
--- a/portal/middleware.py
+++ b/portal/middleware.py
 import logging
 from datetime import timedelta, datetime
+from django.utils import timezone
 import portal.portal_constants as const
 import portal.views.views_auth as v_auth

@@ -38,7 +39,7 @@ class AutoLogout(object):

        try:
            # Check if session is expired due to inactivity.
-            if(datetime.utcnow() - request.session['last_activity'] >
+            if(timezone.now() - request.session['last_activity'] >
                    timedelta(0, const.AUTO_LOGOUT_DELAY, 0)):
                # Set log message.
                log_message = 'Auto logout due to no activity in the last %s seconds.' % const.AUTO_LOGOUT_DELAY
@@ -53,7 +54,7 @@ class AutoLogout(object):
            # Session is not expired.
            else:
                # Update last_activity.
-                request.session['last_activity'] = datetime.utcnow()
+                request.session['last_activity'] =  timezone.now()

        except Exception as exception:
            # Log exception.

--- a/portal/models/token.py
+++ b/portal/models/token.py
@@ -11,7 +11,7 @@ class UserPasswordResetToken(models.Model):
    # Defines token attribute.
    token = models.CharField(max_length=100)
    # Defines request date attribute.
-    request_date = models.DateTimeField(default=datetime.utcnow())
+    request_date = models.DateTimeField(default=timezone.now())


 class UserAccountActivationToken(models.Model):
@@ -22,4 +22,4 @@ class UserAccountActivationToken(models.Model):
    # Defines token attribute.
    token = models.CharField(max_length=100)
    # Defines request date attribute.
-    request_date = models.DateTimeField(default=datetime.utcnow())
+    request_date = models.DateTimeField(default=timezone.now())
--- a/portal/views/views_auth.py
+++ b/portal/views/views_auth.py
@@ -2,6 +2,7 @@ import hashlib
 import logging
 import uuid
 from datetime import datetime, timedelta
+from django.utils import timezone

 from django.template.loader import render_to_string
 from django.shortcuts import render, redirect
@@ -349,7 +350,7 @@ def password_reset_confirm(request, token):
                token=hashlib.sha256(token.encode('utf-8')).hexdigest())

            # Check token validity according to expiration period.
-            if(datetime.utcnow() < user_token.request_date +
+            if(timezone.now() < user_token.request_date +
                timedelta(days=const.TOKEN_EXPIRATION_TIME_DAYS,
                          seconds=const.TOKEN_EXPIRATION_TIME_SECONDS)):

@@ -464,7 +465,7 @@ def password_reset_form(request):
                token = uuid.uuid4().hex
                usr.token = hashlib.sha256(token.encode('utf-8')).hexdigest()
                # Set request_date as current time.
-                usr.request_date = datetime.utcnow()
+                usr.request_date = timezone.now()
                # Save usr object into database.
                usr.save()

@@ -554,7 +555,7 @@ def generate_session(request, member, cert_expired=False):
    request.session['member_privilege'] =\
        member.get(const.CH_MEMBER_PRIVILEGE, '')
    # Initialize member_logged flag.
-    request.session['last_activity'] = datetime.utcnow()
+    request.session['last_activity'] = timezone.now()

    # Defines session expiration.
    request.session.set_expiry(const.SESSION_EXPIRATION_TIME)

--- a/portal/views/views_members.py
+++ b/portal/views/views_members.py
@@ -3,6 +3,7 @@ import hashlib
 import logging
 import uuid
 from datetime import datetime, timedelta
+from django.utils import timezone

 from django.core.exceptions import PermissionDenied
 from django.template.loader import render_to_string
@@ -153,7 +154,7 @@ def account_activation(request, token):
        user_email = user_token.email

        # Check if token is expired.
-        if (datetime.utcnow() < request_date +
+         if (timezone.now() < request_date +
            timedelta(days=const.TOKEN_EXPIRATION_TIME_DAYS,
                      seconds=const.TOKEN_EXPIRATION_TIME_SECONDS)):
            # Lookup member in CH by email.
@@ -475,7 +476,7 @@ def generate_and_send_activation_token(email_address):
        token = uuid.uuid4().hex
        usr.token = hashlib.sha256(token.encode('utf-8')).hexdigest()
        # Set request_date as current time.
-        usr.request_date = datetime.utcnow()
+        usr.request_date = timezone.now()
        # Saves usr object into database.
        usr.save()