diff --git a/vibes_auth/viewsets.py b/vibes_auth/viewsets.py index 7f3739b3..ce13b17a 100644 --- a/vibes_auth/viewsets.py +++ b/vibes_auth/viewsets.py @@ -65,23 +65,24 @@ class UserViewSet( @action(detail=False, methods=["post"]) @method_decorator(ratelimit(key="ip", rate="2/h" if not DEBUG else "888/h")) def confirm_password_reset(self, request, *args, **kwargs): + serializer_data = None try: - data = ConfirmPasswordResetSerializer(request.data).data + serializer_data = ConfirmPasswordResetSerializer(request.data).data - if not compare_digest(data.get("password"), data.get("confirm_password")): + if not compare_digest(data.get("password"), serializer_data.get("confirm_password")): return Response( {"error": _("passwords do not match")}, status=status.HTTP_400_BAD_REQUEST, ) - uuid = urlsafe_base64_decode(data.get("uidb64")).decode() + uuid = urlsafe_base64_decode(serializer_data.get("uidb64")).decode() user = User.objects.get(pk=uuid) password_reset_token = PasswordResetTokenGenerator() - if not password_reset_token.check_token(user, data.get("token")): + if not password_reset_token.check_token(user, serializer_data.get("token")): return Response({"error": _("token is invalid!")}, status=status.HTTP_400_BAD_REQUEST) - user.set_password(data.get("password")) + user.set_password(serializer_data.get("password")) user.save() return Response({"message": _("password reset successfully")}, status=status.HTTP_200_OK) @@ -89,6 +90,7 @@ class UserViewSet( data = {"error": str(e)} if DEBUG: data["detail"] = str(traceback.format_exc()) + data["received"] = str(serializer_data) return Response(data, status=status.HTTP_400_BAD_REQUEST) @method_decorator(ratelimit(key="ip", rate="3/h" if not DEBUG else "888/h"))