def edit_user(request):
"""
Display forms for edit user
**Context**
user
set password form
notification
**Template:**
:template:`edit_user.html`
"""
user = User.objects.get(id=request.user.id)
form = PasswordChangeForm(None)
notification = None
if request.method == 'POST':
if request.POST.get('changePassword'):
form = PasswordChangeForm(user, request.POST)
if form.is_valid():
form.save()
notification = 'Hasło zostało zmienione! :)'
update_session_auth_hash(request, form.user)
elif request.POST.get('changeColor'):
embigo_user = EmbigoUser.objects.get(user=user)
embigo_user.color = request.POST.get('color')
embigo_user.save()
notification = 'Zmieniono kolor avatara! :)'
context = {
'user': request.user,
'form': form,
'notification': notification
}
return render(request, 'edit_user.html', context)
def reset_password(request):
logger.debug("in reset password")
error_message = ''
if request.method == 'POST':
form = Reset_Password_Form(request.POST)
if form.is_valid():
logger.debug(">>>>>>>>>>>>>>>>>>"+str(request.user))
if not request.user.is_anonymous():
user = VLAB_User.objects.get(email=request.user.email)
user.set_password(form.cleaned_data['password'])
user.save()
update_session_auth_hash(request, user)
return redirect('/vital') # change here to home page
else:
logger.debug(form.cleaned_data['user_email']+'-'+form.cleaned_data['activation_code'])
user = VLAB_User.objects.get(email=form.cleaned_data['user_email'])
if user.activation_code == int(form.cleaned_data['activation_code']):
user.set_password(form.cleaned_data['password'])
user.activation_code=None
user.save()
update_session_auth_hash(request, user)
return redirect('/vital') # change here to home page
else:
error_message = 'Please use the link sent to you in your email'
else:
user_email = request.GET.get('user_email', 'x')
activation_code = request.GET.get('activation_code', 'x')
form = Reset_Password_Form(initial={'user_email': user_email, 'activation_code':activation_code})
return render(request, 'vital/user_reset_password.html', {'form': form, 'error_message': error_message})
def password_change(request,
template_name='accounts/password_change_form.html',
post_change_redirect=None,
password_change_form=PasswordChangeForm,
current_app=None, extra_context=None):
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
# Updating the password logs out all other sessions for the user
# except the current one if
# django.contrib.auth.middleware.SessionAuthenticationMiddleware
# is enabled.
update_session_auth_hash(request, form.user)
return render(request,'accounts/password_change_form.html',
{'valid': True })
else:
form = password_change_form(user=request.user)
context = {
'form': form,
'title': _('Password change'),
}
if extra_context is not None:
context.update(extra_context)
if current_app is not None:
request.current_app = current_app
return TemplateResponse(request, template_name, context)
def put(self, request, username, format=None):
user = request.user
current_password = request.data.get('current_password', None)
if user.username == username:
if current_password is not None:
password_match = user.check_password(current_password)
if password_match:
new_password = request.data.get('new_password',None)
if new_password is not None:
user.set_password(new_password)
user.save()
update_session_auth_hash(request, request.user)
return Response(status=status.HTTP_200_OK)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
else:
return Response(status=status.HTTP_401_UNAUTHORIZED)
def change_password(self, form):
user = self.request.user
user.set_password(form.cleaned_data["password_new"])
user.save()
# required on Django >= 1.7 to keep the user authenticated
if hasattr(auth, "update_session_auth_hash"):
auth.update_session_auth_hash(self.request, user)
def settings(request):
user_form = profile_form = password_form = None
if request.method == "POST" and request.POST.get('form_type', None) == 'userProfile':
user_form = UserEditingForm(data=request.POST, instance=request.user)
profile_form = UserProfileEditingForm(data=request.POST, instance=request.user.userprofile)
if user_form.is_valid() and profile_form.is_valid():
user_form.save()
profile_form.save()
messages.success(request, 'Параметры успешно сохранены')
return HttpResponseRedirect(reverse('settings'))
if request.method == "POST" and request.POST.get('form_type', None) == 'password':
password_form = auth_forms.PasswordChangeForm(request.user, data=request.POST)
if password_form.is_valid():
password_form.save()
update_session_auth_hash(request, password_form.user)
messages.success(request, 'Пароль успешно изменён')
return HttpResponseRedirect(reverse('settings'))
if not user_form or not profile_form:
user_form = UserEditingForm(instance=request.user)
profile_form = UserProfileEditingForm(instance=request.user.userprofile)
if not password_form:
password_form = auth_forms.PasswordChangeForm(request.user)
return render(request, 'main/user/settings.html', {
'userForm': user_form,
'userProfileForm': profile_form,
'passwordForm': password_form,
})
def perfil_change_password(request):
"""
Funcion que permite modificar el password del usuario actual.
@type request: django.http.HttpRequest
@param request: Contiene informacion sobre la peticion actual
@type pk_usuario: string
@param pk_usuario: id del usuario con password a modificar
@rtype: django.http.HttpResponseRedirect
@return: Renderiza perfil_password_change.html para obtener el formulario o
redirecciona a la vista home del sistema.
"""
if request.method == 'POST':
user_detail = get_object_or_404(User, pk=request.user.id)
form = MyPasswordChangeForm(user_detail, request.POST)
if form.is_valid():
new_user = form.save()
update_session_auth_hash(request, user_detail)
return HttpResponseRedirect(reverse( 'user_profile'))
else:
user_detail = get_object_or_404(User, pk=request.user.id)
form = MyPasswordChangeForm(user_detail)
return render(request, 'perfil_password_change.html', locals())
def change_password(request):
context_dict = user_info(request)
user = request.user
if request.POST:
print request.POST
user_auth = authenticate(username=user, password=request.POST['current_password'])
pass1 = request.POST['new_password']
pass2 = request.POST['new_password2']
if user_auth:
if pass1 == pass2:
user.set_password(pass1)
user.save()
update_session_auth_hash(request, user)
return render(request, 'netdev/profile/confirm_password.html', context_dict)
else:
context_dict.update({'error2':True, 'pass':request.POST['current_password']})
else:
if pass1 == pass2:
context_dict.update({'error1':True, 'pass2':pass2})
else:
context_dict.update({'error1':True, 'error2':True})
return render(request, 'netdev/profile/change_password.html', context_dict)
def change_password(request):
if not password_management_enabled():
raise Http404
can_change_password = request.user.has_usable_password()
if can_change_password:
if request.method == 'POST':
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
form.save()
update_session_auth_hash(request, form.user)
messages.success(request, _("Your password has been changed successfully!"))
return redirect('wagtailadmin_account')
else:
form = PasswordChangeForm(request.user)
else:
form = None
return render(request, 'wagtailadmin/account/change_password.html', {
'form': form,
'can_change_password': can_change_password,
})
def logout_on_password_change(request, user):
# Since it is the default behavior of Django to invalidate all sessions on
# password change, this function actually has to preserve the session when
# logout isn't desired.
if (update_session_auth_hash is not None and
not app_settings.LOGOUT_ON_PASSWORD_CHANGE):
update_session_auth_hash(request, user)
def password_change(
request,
template_name="registration/password_change_form.html",
post_change_redirect=None,
password_change_form=PasswordChangeForm,
extra_context=None,
):
warnings.warn(
"The password_change() view is superseded by the " "class-based PasswordChangeView().",
RemovedInDjango21Warning,
stacklevel=2,
)
if post_change_redirect is None:
post_change_redirect = reverse("password_change_done")
else:
post_change_redirect = resolve_url(post_change_redirect)
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(post_change_redirect)
else:
form = password_change_form(user=request.user)
context = {"form": form, "title": _("Password change")}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context)
def post(self, request, *args, **kwargs):
if self.form.is_valid():
user = self.form.save()
update_session_auth_hash(request, user)
messages.success(request, _('The password has been updated.'))
return redirect(reverse('users:password', args=[self.user.pk]))
return self.render_to_response(self.get_context_data())
def password_change(request,
template_name='registration/password_change_form.html',
post_change_redirect=None,
password_change_form=PasswordChangeForm,
extra_context=None):
if post_change_redirect is None:
post_change_redirect = reverse('password_change_done')
else:
post_change_redirect = resolve_url(post_change_redirect)
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(post_change_redirect)
else:
form = password_change_form(user=request.user)
context = {
'form': form,
'title': _('Password change'),
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context)
def password_change(request,
template_name='vnoiusers/password_change.html',
post_change_redirect=None,
password_change_form=PasswordChangeForm,
current_app=None, extra_context=None):
if post_change_redirect is None:
post_change_redirect = reverse('user:password_change_done')
else:
post_change_redirect = resolve_url(post_change_redirect)
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
# Updating the password logs out all other sessions for the user
# except the current one if
# django.contrib.auth.middleware.SessionAuthenticationMiddleware
# is enabled.
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(post_change_redirect)
else:
form = password_change_form(user=request.user)
context = {
'form': form,
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context, current_app=current_app)
def form_valid(self, form):
form.save()
user = self.request.user
user.backend = 'django.contrib.auth.backends.ModelBackend'
update_session_auth_hash(request=self.request, user=user)
messages.success(request=self.request, message=pgettext_lazy(context=self.request.user.get_gender(), message='Your new password has been saved.'))
return super().form_valid(form)
def save(self, request, delete_session=False):
notify_account_activity(
self.user,
request,
'password',
password=self.user.password
)
# Change the password
password = self.cleaned_data["new_password1"]
self.user.set_password(password)
self.user.save(update_fields=['password'])
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, self.user)
# Change key for current session
request.session.cycle_key()
# Invalidate password reset codes
invalidate_reset_codes(self.user)
if delete_session:
request.session.flush()
messages.success(
request,
_('Your password has been changed.')
)
def form_valid(self, form):
messages.success(self.request, _('Your changes have been saved.'))
data = {}
for k in form.changed_data:
if k not in ('old_pw', 'new_pw_repeat'):
if 'new_pw' == k:
data['new_pw'] = True
else:
data[k] = form.cleaned_data[k]
msgs = []
if 'new_pw' in form.changed_data:
msgs.append(_('Your password has been changed.'))
if 'email' in form.changed_data:
msgs.append(_('Your email address has been changed to {email}.').format(email=form.cleaned_data['email']))
if msgs:
self.request.user.send_security_notice(msgs, email=form.cleaned_data['email'])
if self._old_email != form.cleaned_data['email']:
self.request.user.send_security_notice(msgs, email=self._old_email)
sup = super().form_valid(form)
self.request.user.log_action('pretix.user.settings.changed', user=self.request.user, data=data)
update_session_auth_hash(self.request, self.request.user)
return sup
def configuracion_admin(request):
editado = ''
modificado = ''
user = User.objects.get(email=request.user.email)
userF = UserChangeForm(instance=user)
modificarF = modificarContrasenaForm(user=user)
notificaciones = Notificacion.objects.all().order_by('created_at')[:10].reverse()
if request.POST:
userF = UserChangeForm(request.POST, instance=user)
modificarF = modificarContrasenaForm(user=request.user,data=request.POST)
if userF.is_valid():
userF.save()
editado = True
elif modificarF.is_valid():
modificarF.save()
update_session_auth_hash(request, modificadoF.user)
modificado = True
userF = UserChangeForm(instance=user)
modificarF = modificarContrasenaForm(user=user)
ctx={
'UserChangeForm':userF,
'modificarContrasenaForm': modificarF,
'editado':editado,
'modificado':modificado,
'notificaciones':notificaciones,
}
return render_to_response('administrador/configuracion/configuracion.html', ctx, context_instance=RequestContext(request))
def update(self, instance, validated_data):
instance.username = validated_data.get('username',
instance.username)
instance.first_name = validated_data.get('first_name',
instance.first_name)
instance.last_name = validated_data.get('last_name',
instance.last_name)
instance.save()
password = validated_data.get('password', None)
confirm_password = validated_data.get('confirm_password', None)
if password and confirm_password and password == confirm_password:
'''
This method explicitly sets the password and does not do
so in plain text
'''
instance.set_password(password)
instance.save()
'''
When a user's password is updated, their session authentication
hash must be explicitly updated. If we don't do this here, the
user will not be authenticated on their next request and will
have to log in again.'''
update_session_auth_hash(self.context.get('request'), instance)
return instance
def edit_pw(request, acctypeid, userid):
if request.POST:
i = UserProfile.objects.get(acc_type_id=acctypeid,
user_id=userid)
form = ValidatingPasswordChangeForm(user=i, data=request.POST)
#form = UserProfilePasswordForm(request.POST, instance=i)
if form.is_valid():
#password = form.cleaned_data['password']
if request.user.acc_type_id == 1:
parent_admin_id = request.user.parent_admin_id
parent_agency_id = None
elif request.user.acc_type_id == 2:
parent_admin_id = request.user.parent_admin_id
parent_agency_id = request.user.user_id
elif request.user.acc_type_id == 3:
parent_admin_id = request.user.parent_admin_id
parent_agency_id = request.user.user_id
form.save()
update_session_auth_hash(request, form.user)
return redirect('/account/list')
else:
return render(request, 'account_edit_pw.html',
{'form': form,
'acctypeid': int(acctypeid),
'userid': int(userid)})
else:
form = ValidatingPasswordChangeForm(
user=UserProfile.objects.get(acc_type_id=acctypeid,
user_id=userid)
)
return render(request, 'account_edit_pw.html',
{'form': form,
'acctypeid': int(acctypeid), 'userid': int(userid)})
def change_password(request):
if not account.password_management_enabled():
raise Http404
user = request.user
can_change_password = user.has_usable_password()
if not can_change_password:
form = None
if request.POST:
form = CFGOVPasswordChangeForm(user=user, data=request.POST)
if form.is_valid():
form.save()
update_session_auth_hash(request, form.user)
messages.success(request, _("Your password has been changed successfully!"))
return redirect('wagtailadmin_account')
else:
if '__all__' in form.errors:
for error in form.errors['__all__']:
messages.error(request, error)
else:
form = CFGOVPasswordChangeForm(user=request.user)
return render(request, 'wagtailadmin/account/change_password.html', {
'form': form,
'can_change_password': can_change_password,
})
def password_submit(request):
from django.contrib.auth import update_session_auth_hash
error_messages = []
tentative_password = request.POST['password']
repeat = request.POST['password_repeat']
if tentative_password != repeat:
error_messages.append('Entered Passwords do not match.')
try:
change_password(request.user, tentative_password)
update_session_auth_hash(request, request.user)
except inventory.exceptions.InvalidPasswordError as error:
message = error.message
error_messages.append(message)
if len(error_messages) == 0:
error_messages = ['Password Successfully Reset.']
#Redirect to the profile page
return profile_page(request, error_messages=error_messages)
def changepassword(request):
params = {}
try:
user = hmod.User.objects.get(id=request.session['user_id'])
except hmod.User.DoesNotExist:
return HttpResponseRedirect('/homepage/login/')
form = ChangePassword(request, initial={
'old_password': '',
'password': '',
'confirm': '',
})
if request.method == 'POST':
form = ChangePassword(request, request.POST)
if form.is_valid():
user.set_password(form.cleaned_data['password'])
user.save()
# form.save()
update_session_auth_hash(request, user)
request.session['user_id'] = user.id
return HttpResponse(True)
params['form'] = form
return templater.render_to_response(request, 'account_changepassword.html', params)
def change_profile(request, username):
if username != request.user.get_username():
return HttpResponseForbidden
old_email = get_object_or_404(User, username=username).email
profile_change_form = ProfileChangeForm(prefix='profile',
initial={'email': old_email})
passwd_change_form = PasswordChangeForm(username, prefix='passwd')
if request.method == 'POST':
if any(['profile' in key for key in request.POST.keys()]):
profile_change_form = ProfileChangeForm(request.POST, prefix='profile')
if profile_change_form.is_valid():
user = request.user
user.email = profile_change_form.cleaned_data['email']
user.save()
if any(['passwd' in key for key in request.POST.keys()]):
passwd_change_form = PasswordChangeForm(data=request.POST,
user=request.user, prefix='passwd')
if passwd_change_form.is_valid():
passwd_change_form.save()
auth.update_session_auth_hash(request, passwd_change_form.user)
return render(request, 'profile_change.html', {'form_profile': profile_change_form,
'form_passwd': passwd_change_form})
def password_change(request,
template_name='registration/password_change_form.html',
post_change_redirect=None,
password_change_form=PasswordChangeForm,
current_app=None, extra_context=None):
if post_change_redirect is None:
post_change_redirect = reverse('colab_edemocracia:profile')
else:
post_change_redirect = resolve_url(post_change_redirect)
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
messages.success(request, 'Senha alterada com sucesso!')
# Updating the password logs out all other sessions for the user
# except the current one if
# django.contrib.auth.middleware.SessionAuthenticationMiddleware
# is enabled.
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(post_change_redirect)
else:
form = password_change_form(user=request.user)
context = {
'form': form,
'title': 'Alterar senha',
}
if extra_context is not None:
context.update(extra_context)
if current_app is not None:
request.current_app = current_app
return TemplateResponse(request, template_name, context)
def password_change(request,
template_name='registration/password_change_form.html',
post_change_redirect=None,
password_change_form=PasswordChangeForm,
extra_context=None):
if not request.is_ajax():
if post_change_redirect is None:
post_change_redirect = reverse('password_change_done')
else:
post_change_redirect = resolve_url(post_change_redirect)
if request.method == "POST":
form = password_change_form(user=request.user, data=request.POST)
if form.is_valid():
form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, form.user)
# If we have an AJAX request then just return.
if request.is_ajax():
return JsonResponse({})
return HttpResponseRedirect(post_change_redirect)
elif request.is_ajax():
return JsonResponse(form.errors, status=400)
elif request.is_ajax():
return JsonResponse({'__all__': ['only POST']}, status=400)
else:
form = password_change_form(user=request.user)
context = {
'form': form,
'title': _('Password change'),
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context)
def form_valid(self, form):
form.save()
if update_session_auth_hash is not None and not app_settings.LOGOUT_ON_PASSWORD_CHANGE:
update_session_auth_hash(self.request, form.user)
get_adapter().add_message(self.request, messages.SUCCESS, "account/messages/password_changed.txt")
signals.password_changed.send(sender=self.request.user.__class__, request=self.request, user=self.request.user)
return super(PasswordChangeView, self).form_valid(form)
def settings(request):
context = {}
user = request.user
user_profile = UserProfile.objects.get(user=user)
# errors = []
# context['errors'] = errors
context['user'] = request.user
context['user_profile'] = user_profile
context['picture-src'] = ''
initial_data = { 'redirect_name': 'stream', 'result_type': 'stream' }
context['search_form'] = SearchForm(initial=initial_data)
if request.method == 'GET':
context['form'] = SetPasswordForm()
return render(request, 'settings.html', context)
form = SetPasswordForm(request.POST)
context['form'] = form
if not form.is_valid():
context['non_field_errors'] = form.non_field_errors()
return render(request, 'settings.html', context)
if not request.user.check_password(form.cleaned_data['password']):
context['incorrect_password'] = "******"
return render(request, 'settings.html', context)
form.save(username=request.user.username)
update_session_auth_hash(request, request.user)
return render(request, 'home.html', context)
def change_password_page(request):
state = ''
if request.user.is_authenticated():
user = request.user
if 'c_password' in request.POST and 'n_password' in request.POST:
c_password = request.POST.get('c_password')
n_password = request.POST.get('n_password')
validate = _validate_password(n_password, user)
auth_user = authenticate(username=user.username, password=c_password)
if auth_user is not None and validate:
u = User.objects.get(username=user.username)
u.set_password(n_password)
u.save()
update_session_auth_hash(request, u)
password_log = PasswordLog()
password_log.user = u
password_log.password = u.password
password_log.save()
state = 'password change success'
else:
state = 'wrong current password or \
entered a previously used password'
variables = {
'state': state,
}
return render(request, 'myapp/change_password.html', context=variables)
def edit(request):
try:
user = ExtendedUser.objects.get(id=request.user.id)
except ExtendedUser.DoesNotExist:
raise Http404("User does not exist")
if request.method == 'POST':
user.first_name = request.POST['first_name']
user.last_name = request.POST['last_name']
user.url = request.POST['url']
user.biography = request.POST['biography']
user.email = request.POST['email']
# Verify old password
if(user.check_password(request.POST['old_password'])):
# Check if password are the same / validate
if(passVerify(request)):
# Change password
user.set_password(request.POST['new_password1'])
update_session_auth_hash(request, user)
else:
print('password diffrent or fields blank!')
else:
print('error')
user.save()
return render(request, 'account/edit.html', {'content': user})
def restore_session(self, user_id, request):
return update_session_auth_hash(request, self.__user_entity.get_one_by_id(user_id))
def preferences(request):
if request.method == "POST":
form = PreferencesForm(request.POST)
form.user = request.user
if form.is_valid():
try:
newdata = form.cleaned_data
request.user.language = newdata["language"]
if "theme" in newdata:
request.user.theme = newdata["theme"]
request.user.pagesize = newdata["pagesize"]
if newdata["cur_password"]:
request.user.set_password(newdata["new_password1"])
# Updating the password logs out all other sessions for the user
# except the current one if
# django.contrib.auth.middleware.SessionAuthenticationMiddleware
# is enabled.
update_session_auth_hash(request, form.user)
request.user.save()
# Switch to the new theme and language immediately
if "theme" in newdata:
request.theme = newdata["theme"]
if newdata["language"] == "auto":
newdata[
"language"] = translation.get_language_from_request(
request)
if translation.get_language() != newdata["language"]:
translation.activate(newdata["language"])
request.LANGUAGE_CODE = translation.get_language()
messages.add_message(
request,
messages.INFO,
force_text(_("Successfully updated preferences")),
)
except Exception as e:
logger.error("Failure updating preferences: %s" % e)
messages.add_message(
request,
messages.ERROR,
force_text(_("Failure updating preferences")),
)
else:
pref = request.user
form = PreferencesForm({
"language": pref.language,
"theme": pref.theme,
"pagesize": pref.pagesize
})
LANGUAGE = User.languageList[0][1]
for l in User.languageList:
if l[0] == request.user.language:
LANGUAGE = l[1]
return render(
request,
"common/preferences.html",
context={
"title": _("My preferences"),
"form": form,
"THEMES": settings.THEMES,
"LANGUAGE": LANGUAGE,
},
)
def user_change_password(self, request, id, form_url=''):
if not self.has_change_permission(request):
raise PermissionDenied
user = self.get_object(request, unquote(id))
if user is None:
raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % {
'name': self.model._meta.verbose_name,
'key': escape(id),
})
if request.method == 'POST':
form = self.change_password_form(user, request.POST)
if form.is_valid():
form.save()
change_message = self.construct_change_message(request, form, None)
self.log_change(request, user, change_message)
msg = gettext('Password changed successfully.')
messages.success(request, msg)
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(
reverse(
'%s:%s_%s_change' % (
self.admin_site.name,
user._meta.app_label,
user._meta.model_name,
),
args=(user.pk,),
)
)
else:
form = self.change_password_form(user)
fieldsets = [(None, {'fields': list(form.base_fields)})]
adminForm = admin.helpers.AdminForm(form, fieldsets, {})
context = {
'title': _('Change password: %s') % escape(user.get_username()),
'adminForm': adminForm,
'form_url': form_url,
'form': form,
'is_popup': (IS_POPUP_VAR in request.POST or
IS_POPUP_VAR in request.GET),
'add': True,
'change': False,
'has_delete_permission': False,
'has_change_permission': True,
'has_absolute_url': False,
'opts': self.model._meta,
'original': user,
'save_as': False,
'show_save': True,
}
context.update(self.admin_site.each_context(request))
request.current_app = self.admin_site.name
return TemplateResponse(
request,
self.change_user_password_template or
'admin/auth/user/change_password.html',
context,
)
def post(self, request, **kwargs):
""" Reset learner password using passed token and new credentials """
reset_status = False
uidb36 = kwargs.get('uidb36')
token = kwargs.get('token')
has_required_values, uid_int = self._check_token_has_required_values(
uidb36, token)
if not has_required_values:
AUDIT_LOG.exception("Invalid password reset confirm token")
return Response({'reset_status': reset_status})
request.data._mutable = True # lint-amnesty, pylint: disable=protected-access
request.data['new_password1'] = normalize_password(
request.data['new_password1'])
request.data['new_password2'] = normalize_password(
request.data['new_password2'])
password = request.data['new_password1']
try:
user = User.objects.get(id=uid_int)
if not default_token_generator.check_token(user, token):
AUDIT_LOG.exception("Token validation failed")
return Response({'reset_status': reset_status})
validate_password(password, user=user)
form = SetPasswordForm(user, request.data)
if form.is_valid():
form.save()
reset_status = True
if 'is_account_recovery' in request.GET:
try:
old_primary_email = user.email
user.email = user.account_recovery.secondary_email
user.account_recovery.delete()
# emit an event that the user changed their secondary email to the primary email
tracker.emit(
SETTING_CHANGE_INITIATED, {
"setting": "email",
"old": old_primary_email,
"new": user.email,
"user_id": user.id,
})
user.save()
except ObjectDoesNotExist:
err = 'Account recovery process initiated without AccountRecovery instance for user {username}'
log.error(err.format(username=user.username))
# Handles clearing the failed login counter upon password reset.
if LoginFailures.is_feature_enabled():
LoginFailures.clear_lockout_counter(user)
send_password_reset_success_email(user, request)
update_session_auth_hash(request, user)
except ValidationError as err:
AUDIT_LOG.exception("Password validation failed")
error_status = {
'reset_status': reset_status,
'err_msg': ' '.join(err.messages)
}
return Response(error_status)
except Exception: # pylint: disable=broad-except
AUDIT_LOG.exception("Setting new password failed")
return Response({'reset_status': reset_status})
def perform_update(self, serializer):
instance = serializer.save()
self.set_password_if_needed(instance, serializer)
# if the user is updating their own password, ensure they don't get logged out
if self.request.user == instance:
update_session_auth_hash(self.request, instance)
def form_valid(self, form):
form.save()
messages.success(self.request,
_('Your password has been successfully updated'))
update_session_auth_hash(self.request, form.user)
return super(UserPasswordUpdateView, self).form_valid(form)
def logout_on_password_change(request, user):
# Since it is the default behavior of Django to invalidate all sessions on
# password change, this function actually has to preserve the session when
# logout isn't desired.
if not app_settings.LOGOUT_ON_PASSWORD_CHANGE:
update_session_auth_hash(request, user)
def user_change_password(self, request, id, form_url=""):
# this method currently seems like dark magic
user = self.get_object(request, unquote(id))
if not self.has_change_permission(request, user):
raise PermissionDenied
if user is None:
raise Http404(
_("%(name)s object with primary key %(key)r does not exist.") %
{
"name": self.model._meta.verbose_name,
"key": escape(id),
})
if request.method == "POST":
form = self.change_password_form(user, request.POST)
if form.is_valid():
form.save()
change_message = self.construct_change_message(
request, form, None)
self.log_change(request, user, change_message)
msg = gettext("Password changed successfully.")
messages.success(request, msg)
update_session_auth_hash(request, form.user)
return HttpResponseRedirect(
reverse(
"%s:%s_%s_change" % (
self.admin_site.name,
user._meta.app_label,
user._meta.model_name,
),
args=(user.pk, ),
))
else:
form = self.change_password_form(user)
fieldsets = [(None, {"fields": list(form.base_fields)})]
adminForm = admin.helpers.AdminForm(form, fieldsets, {})
context = {
"title":
_("Change password: %s") % escape(user.get_username()),
"adminForm":
adminForm,
"form_url":
form_url,
"form":
form,
"is_popup": (IS_POPUP_VAR in request.POST
or IS_POPUP_VAR in request.GET),
"add":
True,
"change":
False,
"has_delete_permission":
False,
"has_change_permission":
True,
"has_absolute_url":
False,
"opts":
self.model._meta,
"original":
user,
"save_as":
False,
"show_save":
True,
**self.admin_site.each_context(request),
}
request.current_app = self.admin_site.name
return TemplateResponse(
request,
self.change_user_password_template
or "admin/auth/user/change_password.html",
context,
)
def get(self, request: HttpRequest) -> HttpResponse:
"""Save data in the current flow to the currently pending user. If no user is pending,
a new user is created."""
if PLAN_CONTEXT_PROMPT not in self.executor.plan.context:
message = _("No Pending data.")
messages.error(request, message)
LOGGER.debug(message)
return self.executor.stage_invalid()
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
user_created = False
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
self.executor.plan.context[
PLAN_CONTEXT_AUTHENTICATION_BACKEND
] = class_to_path(ModelBackend)
LOGGER.debug(
"Created new user",
flow_slug=self.executor.flow.slug,
)
user_created = True
user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
# Before we change anything, check if the user is the same as in the request
# and we're updating a password. In that case we need to update the session hash
# Also check that we're not currently impersonating, so we don't update the session
should_update_seesion = False
if (
any("password" in x for x in data.keys())
and self.request.user.pk == user.pk
and SESSION_IMPERSONATE_USER not in self.request.session
):
should_update_seesion = True
for key, value in data.items():
setter_name = f"set_{key}"
# Check if user has a setter for this key, like set_password
if hasattr(user, setter_name):
setter = getattr(user, setter_name)
if callable(setter):
setter(value)
# User has this key already
elif hasattr(user, key):
setattr(user, key, value)
# Otherwise we just save it as custom attribute, but only if the value is prefixed with
# `attribute_`, to prevent accidentally saving values
else:
if not key.startswith("attribute_"):
LOGGER.debug("discarding key", key=key)
continue
user.attributes[key.replace("attribute_", "", 1)] = value
# Extra check to prevent flows from saving a user with a blank username
if user.username == "":
LOGGER.warning("Aborting write to empty username", user=user)
return self.executor.stage_invalid()
# Check if we're writing from a source, and save the source to the attributes
if PLAN_CONTEXT_SOURCES_CONNECTION in self.executor.plan.context:
if USER_ATTRIBUTE_SOURCES not in user.attributes or not isinstance(
user.attributes.get(USER_ATTRIBUTE_SOURCES), list
):
user.attributes[USER_ATTRIBUTE_SOURCES] = []
connection: UserSourceConnection = self.executor.plan.context[
PLAN_CONTEXT_SOURCES_CONNECTION
]
user.attributes[USER_ATTRIBUTE_SOURCES].append(connection.source.name)
user.save()
user_write.send(
sender=self, request=request, user=user, data=data, created=user_created
)
# Check if the password has been updated, and update the session auth hash
if should_update_seesion:
update_session_auth_hash(self.request, user)
LOGGER.debug("Updated session hash", user=user)
LOGGER.debug(
"Updated existing user",
user=user,
flow_slug=self.executor.flow.slug,
)
return self.executor.stage_ok()
def editview(request, action):
if request.user.is_authenticated():
request_data = None
context = {}
if request.method == 'POST':
request_data = request.POST
if action == 'password':
form = PasswordChangeForm(user=request.user, data=request_data)
context = {'form': form, 'action': 'Change password', 'edition': True}
elif action == 'settings':
tz = 'UTC'
if hasattr(request.user, 'sciriususer'):
tz = request.user.sciriususer.timezone
initial = {'timezone': tz}
if request.user.is_superuser:
form = UserSettingsForm(request_data, instance=request.user, initial=initial)
else:
form = NormalUserSettingsForm(request_data, instance=request.user, initial=initial)
context = {'form': form, 'action': 'Edit settings for ' + request.user.username, 'edition': True}
elif action == 'token':
initial = {}
token = Token.objects.filter(user=request.user)
if len(token):
initial['token'] = token[0]
form = TokenForm(request_data, initial=initial)
context = {'form': form, 'action': 'User token', 'edition': True}
else:
context = {'action': 'User settings', 'edition': False}
if request.method == 'POST':
orig_superuser = request.user.is_superuser
orig_staff = request.user.is_staff
if form.is_valid():
if action == 'token':
current_tokens = Token.objects.filter(user=request.user)
for token in current_tokens:
token.delete()
Token.objects.create(user=request.user)
UserAction.create(
action_type='edit_user_token',
comment=form.cleaned_data['comment'],
user=request.user,
other_user=request.user
)
return redirect('accounts_edit', action='token')
context['edition'] = False
context['action'] = 'User settings'
ruser = form.save(commit = False)
if not orig_superuser:
ruser.is_superuser = False
ruser.is_staff = orig_staff
ruser.save()
if action == 'password':
update_session_auth_hash(request, ruser)
UserAction.create(
action_type='edit_user_password',
comment=form.cleaned_data['comment'],
user=request.user,
other_user=request.user
)
if action == 'settings':
try:
sciriususer = ruser.sciriususer
sciriususer.timezone = form.cleaned_data['timezone']
except:
sciriususer = SciriusUser.objects.create(user = ruser, timezone = form.cleaned_data['timezone'])
UserAction.create(
action_type='edit_user',
comment=form.cleaned_data['comment'],
user=request.user,
other_user=request.user
)
sciriususer.save()
return scirius_render(request, 'accounts/edit.html', context)
def save(self):
self.set_password_form.save()
if VERSION[1] > 6 and not self.logout_on_password_change:
from django.contrib.auth import update_session_auth_hash
update_session_auth_hash(self.request, self.user)
def form_valid(self, form):
form.save()
update_session_auth_hash(self.request, form.user)
return super(ChangePasswordView, self).form_valid(form)
def password_reset_key_confirm(request, uid, token):
if request.method == "GET":
try:
user_password_reset_token = UserPasswordResetToken.objects.get(uid=uid, token=token)
except UserPasswordResetToken.DoesNotExist:
clue = {'message': texts.KEY_UNAVAILABLE}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
if user_password_reset_token is None \
or ((now() - user_password_reset_token.created) > timedelta(seconds=60 * 10)) \
or not (UserPasswordResetToken.objects.filter(
user_primary_email=user_password_reset_token.user_primary_email
).last() == user_password_reset_token):
clue = {'message': texts.KEY_EXPIRED}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
try:
uid = force_text(urlsafe_base64_decode(uid))
user = User.objects.get(pk=uid)
user_primary_email = user_password_reset_token.user_primary_email
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
user_primary_email = None
if user is None or user_primary_email is None:
clue = {'message': texts.KEY_EXPIRED}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
# 이러면 비밀번호 새로 입력할 창을 준다.
form = PasswordResetConfirmForm()
return render(request, 'authapp/password_reset_key_confirmed_and_reset.html', {'form': form})
# 여기선 새 패스워드 값을 받아서 처리한다.
elif request.method == "POST":
form = PasswordResetConfirmForm(request.POST)
if form.is_valid():
new_password = form.cleaned_data['password']
new_password_confirm = form.cleaned_data['password_confirm']
try:
with transaction.atomic():
try:
user_password_reset_token = UserPasswordResetToken.objects.get(uid=uid, token=token)
except UserPasswordResetToken.DoesNotExist:
clue = {'message': texts.KEY_UNAVAILABLE}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
if user_password_reset_token is None \
or ((now() - user_password_reset_token.created) > timedelta(seconds=60 * 10)) \
or not (UserPasswordResetToken.objects.filter(
user_primary_email=user_password_reset_token.user_primary_email
).last() == user_password_reset_token):
clue = {'message': texts.KEY_EXPIRED}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
try:
uid = force_text(urlsafe_base64_decode(uid))
user = User.objects.get(pk=uid)
user_primary_email = user_password_reset_token.user_primary_email
except (TypeError, ValueError, OverflowError, User.DoesNotExist):
user = None
user_primary_email = None
if user is None or user_primary_email is None:
clue = {'message': texts.KEY_EXPIRED}
return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue})
password_failure = password_failure_validate(user.userusername.username,
new_password,
new_password_confirm)
if password_failure:
clue_message = None
if password_failure is 1:
clue_message = texts.PASSWORD_NOT_THE_SAME
elif password_failure is 2:
clue_message = texts.PASSWORD_LENGTH_PROBLEM
elif password_failure is 3:
clue_message = texts.PASSWORD_EQUAL_USERNAME
elif password_failure is 4:
clue_message = texts.PASSWORD_BANNED
return render_with_clue_one_form(request, 'authapp/password_reset_key_confirmed_and_reset.html',
clue_message, PasswordResetConfirmForm())
user.set_password(new_password)
user.save()
user_primary_email.is_permitted = True
user_primary_email.save()
update_session_auth_hash(request, user)
return render(request, 'authapp/password_reset_completed.html')
except Exception:
return render_with_clue_one_form(request, 'authapp/password_reset_key_confirm_error.html',
texts.UNEXPECTED_ERROR, PasswordChangeForm())
def manageuseraction(request, user_id, action):
user = get_object_or_404(User, pk=user_id)
context = {'action': 'User actions', 'user': user}
if request.method == 'POST':
if not request.user.is_superuser:
context['error'] = 'Unsufficient permissions'
return scirius_render(request, 'accounts/user.html', context)
if action == "edit":
form = UserSettingsForm(request.POST, instance = user)
if form.is_valid():
form.save()
try:
sciriususer = user.sciriususer
sciriususer.timezone = form.cleaned_data['timezone']
except:
sciriususer = SciriusUser.objects.create(user = user, timezone = form.cleaned_data['timezone'])
sciriususer.save()
UserAction.create(
action_type='edit_user',
comment=form.cleaned_data['comment'],
user=request.user,
other_user=user
)
else:
context['error'] = 'Edition form is not valid'
context['form'] = form
elif action == 'password':
form = PasswordForm(request.POST)
if form.is_valid():
user.set_password(form.cleaned_data['password'])
user.save()
if user == request.user:
# If the user change his own password prevent the session to be invalidated
update_session_auth_hash(request, user)
UserAction.create(
action_type='edit_user_password',
comment=form.cleaned_data['comment'],
user=request.user,
other_user=user
)
else:
context['error'] = 'Password form is not valid'
elif action == "delete":
form = DeleteForm(request.POST)
if form.is_valid():
if request.POST.__contains__('confirm'):
user.delete()
UserAction.create(
action_type='delete_user',
comment=form.cleaned_data['comment'],
user=request.user,
old_user=user
)
return redirect('/accounts/manage/')
else:
context['error'] = 'Delete form is not valid'
return scirius_render(request, 'accounts/user.html', context)
if not request.user.is_superuser:
context['error'] = 'Unsufficient permissions'
context['user'] = get_object_or_404(User, pk=request.user.pk)
return scirius_render(request, 'accounts/user.html', context)
if action == "activate":
user.is_active = True
user.save()
context['current_action'] = 'Activate user %s' % user.username
elif action == "deactivate":
user.is_active = False
user.save()
context['current_action'] = 'Deactivate user %s' % user.username
elif action == "edit":
form = UserSettingsForm(instance = user)
try:
form.initial['timezone'] = user.sciriususer.timezone
except:
pass
context['form'] = form
context['current_action'] = 'Edit user %s' % user.username
return scirius_render(request, 'accounts/user.html', context)
elif action == "password":
form = PasswordForm()
context['form'] = form
context['current_action'] = 'Edit password for user %s' % user.username
return scirius_render(request, 'accounts/user.html', context)
elif action == "delete":
form = DeleteForm()
context = {'confirm_action': 'Delete user', 'user': user, 'action': 'delete', 'form': form}
return scirius_render(request, 'accounts/user.html', context)
context['current_action'] = 'User %s' % user.username
return scirius_render(request, 'accounts/user.html', context)
def form_valid(self, form):
response = super().form_valid(form)
update_session_auth_hash(self.request, self.request.user)
return response
def settings_page(request):
if not request.user.is_authenticated:
return redirect("Main:home_page")
if request.method == "POST":
user_profile = request.user.user_profile
if "bio" in list(request.POST.keys()):
user_profile.bio = request.POST["bio"]
user_profile.save()
messages.success(request, "Your biography has been successfully updated.")
elif "avatar" in list(request.FILES.keys()):
user_profile.avatar = request.FILES["avatar"]
user_profile.save()
messages.success(request, "Your avatar has been successfully updated.")
elif "banner" in list(request.FILES.keys()):
user_profile.banner = request.FILES["banner"]
user_profile.save()
messages.success(request, "Your banner has been successfully updated.")
else:
form = UserEditForm(request.POST, instance=request.user)
if form.is_valid():
form.save()
update_session_auth_hash(request, form.user)
messages.success(request, "Your account information has been successfully updated.")
else:
# messages.error(request, "An error has occurred while trying to save your account information.")
errors = json.loads(form.errors.as_json())
for msg in errors:
error_msg = errors[msg][0]["message"]
if errors[msg][0]["code"] != "":
error_msg = errors[msg][0]["code"].upper() + ": " + error_msg
messages.error(request, error_msg)
data = {
"msg": render_to_string(
"static_html/messages.html",
{
"messages": messages.get_messages(request),
},
)
}
response = HttpResponse(
json.dumps(data),
content_type="application/json",
)
response.status_code = 218
return response
data = {
"msg": render_to_string(
"static_html/messages.html",
{
"messages": messages.get_messages(request),
},
),
"settings": render_to_string(
"settings.html",
request=request
)
}
response = HttpResponse(
json.dumps(data),
content_type="application/json",
)
response.status_code = 200
return response
form = UserEditForm(instance=request.user)
return render(request, "settings.html", context={"form": form})
def user_info(request):
#user is the user you are loged in with
user = request.user
#args is the arguments that are sent to the template
args = {}
#checks if the user is loged inn
if user.is_authenticated:
#if the user clicks the submit button a POST request is sent
if request.method == 'POST':
#if the post request was from the update button
if "update_info" in request.POST:
#get the form from the post request
form = UpdateUser(request.POST)
#if the form is valid go into the if statement
if form.is_valid():
username = request.POST.get('username', '')
emailAddress = request.POST.get('email', '')
first_name = request.POST.get('first_name', '')
last_name = request.POST.get('last_name', '')
#only update the fields that are not empty
if username != '':
#set user.username to the post we got
user.username = username
#only update the fields that are not empty
if emailAddress != '':
#set user.email to the post we got
user.email = emailAddress
if first_name != '':
#set user.first_name to the post we got
user.first_name = first_name
if last_name != '':
#set user.last_name to the post we got
user.last_name = last_name
#save the new userinfo
user.save()
#rederect to the same page but now with updated info
return HttpResponseRedirect('../edit')
else:
#if the update button wasn't clicked, set the form empty
form = UpdateUser()
#if the post request was from the change password button
if "change_password" in request.POST:
#set change_password_form to the Password cahnge form and send the usr as a parameter
#so it knows witch user who want to change password
change_password_form = PasswordChangeForm(user, request.POST)
if change_password_form.is_valid():
change_password_form.save()
update_session_auth_hash(request, user)
return HttpResponseRedirect('../edit')
else:
#if the update button wasn't clicked, set the form empty
change_password_form = PasswordChangeForm(user)
args['form'] = form
args['change_password_form'] = change_password_form
else:
args['form'] = UpdateUser()
args['change_password_form'] = PasswordChangeForm(user)
return render(request, 'user/user.html', args)
else:
args['user'] = ''
return render(request, 'user/user.html', args)
def form_valid(self, form):
user = form.save()
update_session_auth_hash(self.request, user)
return HttpResponseRedirect(self.get_success_url())
def login_view(request):
"""
It handles login methods, return game master page if details are correct, also allows signup and change password
requests
:param request:
:return: Return game master page if login details are correct, allows create user and change passwords
"""
"""handle log in methods - button presses, handling user events, handling the database"""
# if sign up button pressed
if request.method == 'POST' and 'submit-signUp' in request.POST:
newUsername = request.POST['username']
newPassword = request.POST['password']
# check if username is used
u = auth_user.objects.get(username=newUsername)
if u is not None:
messages.error(request, 'Username already in use')
return render(request, 'app/signUp_page.html')
# if u is not None:
# if the user does not already exist
# set new user
print("making new user")
# if they are a superuser
if 'superuser' in request.POST:
newUser = auth_user.objects.create_user(username=newUsername,
password=newPassword,
is_superuser=True)
else:
newUser = auth_user.objects.create_user(username=newUsername,
password=newPassword,
is_superuser=False)
# save the user in the database
newUser.save()
# log user in
login(request, newUser)
messages.success(request, 'Successfully made new user')
return render(request, 'app/game_master_page.html')
# else:
# print("User already exists")
# messages.error(request, 'Username already exists')
# return render(request, 'app/game_master_page.html')
# if the submit button is pressed
if request.method == 'POST' and 'submit-logIn' in request.POST:
username = request.POST['username']
password = request.POST['password']
# authenticate that the username and password are correct
user = authenticate(username=username, password=password)
# if the user exists
if user is not None:
# log them in
login(request, user)
print("logged in")
messages.success(request, 'log in success')
route_list = Routes.objects.all()
questions = Questions.objects.all()
games = Gamecode.objects.all()
game_master_page(request)
return render(request, 'app/game_master_page.html', {
"route_list": route_list,
"questions": questions,
"games": games
})
else:
# report error
print("log in failure")
messages.error(request, 'log in failure')
return render(request, 'app/login_page.html')
# if the change password button is pressed
if request.method == 'POST' and 'submit-changePass' in request.POST:
# oldPass = request.POST['oldPass']
# retreive the data
newPass = request.POST['newPass']
valPass = request.POST['valPass']
# retrieve the current user
user = request.user
if user is not None:
# check the passwords match
if newPass == valPass:
# set the new password and save to database
user.set_password(newPass)
user.save()
update_session_auth_hash(request, user)
messages.success(request, 'password changed')
return render(request, 'app/manage_account.html')
else:
messages.error(request, 'passwords did not match')
return render(request, 'app/manage_account.html')
else:
# report errors
print("log in failure")
messages.error(request, 'log in failure')
return render(request, 'app/login_page.html')
if request.method == "POST" and 'submit-deleteAcc' in request.POST:
user = request.user
user.is_active = False
user.save()
messages.success(request, 'Account successfully deactivated')
return render(request, 'app/login_page.html')
print("did not get username or password")
messages.error(request, 'did not get username or password')
return render(request, 'app/login_page.html')
def personal_data(request):
context = dict()
context['messages'] = messages.get_messages(request)
if request.method == "POST" and 'profile_changes' in request.POST:
form = UserInfoForm(data=request.POST)
if form.is_valid():
request.user.first_name = form.data['first_name']
request.user.last_name = form.data['last_name']
if request.user.username != form.data['email']:
messages.add_message(
request,
messages.INFO,
u'Внимание! логин изменен на %s' % (form.data['email'], )
)
request.user.username = form.data['email']
request.user.save()
messages.add_message(
request,
messages.INFO,
u'Изменения сохранены'
)
return redirect('cabinet_personal_data')
elif request.method == "POST" and 'password_change' in request.POST:
old_password = request.POST.get('old_password')
new_password = request.POST.get('new_password')
confirm_new_password = request.POST.get('confirm_new_password')
if not request.user.check_password(old_password):
messages.add_message(
request,
messages.INFO,
u'Неверно введен текущий пароль'
)
return redirect('cabinet_personal_data')
if new_password != confirm_new_password:
messages.add_message(
request,
messages.INFO,
u'Введенные пароли не совпадают'
)
return redirect('cabinet_personal_data')
request.user.set_password(new_password)
request.user.save()
update_session_auth_hash(request, request.user)
messages.add_message(
request,
messages.INFO,
u'Пароль изменен'
)
return redirect('cabinet_personal_data')
else:
init_values = {
'first_name': request.user.first_name,
'last_name': request.user.last_name,
'email': request.user.username,
'password': '******',
}
form = UserInfoForm(initial=init_values)
context = {'form': form, 'masked_password': '******'}
return render(request, 'delivery_tracker/personal_data.html', context)
def logout_on_password_change(request, user):
if update_session_auth_hash is not None and not settings.LOGOUT_ON_PASSWORD_CHANGE:
update_session_auth_hash(request, user)
def save(self):
self.set_password_form.save()
update_session_auth_hash(self.request, self.user)
def change_password(self, form):
user = super(ChangePasswordView, self).change_password(form)
# required on Django >= 1.7 to keep the user authenticated
if hasattr(auth, "update_session_auth_hash"):
auth.update_session_auth_hash(self.request, user)
def form_valid(self, form):
response = super(UserChangePassword, self).form_valid(form)
update_session_auth_hash(self.request, self.request.user)
return response
def teacher_edit_account(request):
teacher = request.user.new_teacher
backup_tokens = 0
# For teachers using 2FA, find out how many backup tokens they have
if using_two_factor(request.user):
try:
backup_tokens = request.user.staticdevice_set.all(
)[0].token_set.count()
except Exception:
backup_tokens = 0
if request.method == 'POST':
form = TeacherEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email = False
# check not default value for CharField
if (data['password'] != ''):
teacher.new_user.set_password(data['password'])
teacher.new_user.save()
update_session_auth_hash(request, form.user)
teacher.title = data['title']
teacher.new_user.first_name = data['first_name']
teacher.new_user.last_name = data['last_name']
new_email = data['email']
if new_email != '' and new_email != teacher.new_user.email:
# new email to set and verify
changing_email = True
send_verification_email(request, teacher.new_user, new_email)
teacher.save()
teacher.new_user.save()
if changing_email:
logout(request)
messages.success(
request,
'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.'
)
return render(request, 'portal/email_verification_needed.html',
{
'userprofile': teacher.user,
'email': new_email
})
messages.success(
request,
'Your account details have been successfully changed.')
return HttpResponseRedirect(reverse_lazy('teacher_home'))
else:
form = TeacherEditAccountForm(request.user,
initial={
'title': teacher.title,
'first_name':
teacher.new_user.first_name,
'last_name':
teacher.new_user.last_name,
'school': teacher.school,
})
return render(request, 'portal/teach/teacher_edit_account.html', {
'form': form,
'backup_tokens': backup_tokens
})
def form_valid(self, form): form.save() update_session_auth_hash(self, request, form.user) return super(SettingView, self).form_valid(form)
def form_valid(self, form):
form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(self.request, form.user)
return super().form_valid(form)
def password_change(request, id):
if request.method == 'POST':
current_user = User.objects.get(id=id)
password_form = PasswordChangeForm(data=request.POST,
user=current_user)
if password_form.is_valid():
password_form.save()
messages.success(request, 'Password change successfully!')
update_session_auth_hash(request, password_form.user)
return redirect('profile')
else:
messages.warning(request, 'Try again!')
if current_user.is_depthead:
profile_value = Depthead.objects.get(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
elif current_user.is_teacher:
profile_value = Teacher.objects.get(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
else:
profile_value = Student.objects.get(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
return render(request, 'profile.html', context)
else:
current_user = User.objects.get(id=id)
if current_user.is_depthead:
profile_value = Depthead.objects.get(user=current_user)
password_form = PasswordChangeForm(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
elif current_user.is_teacher:
profile_value = Teacher.objects.get(user=current_user)
password_form = PasswordChangeForm(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
elif current_user.is_student:
profile_value = Student.objects.get(user=current_user)
password_form = PasswordChangeForm(user=current_user)
val = 'password_change'
context = {
'password_form': password_form,
'profile_value': profile_value,
'val': val,
}
return render(request, 'profile.html', context)
def json_change_settings(
request: HttpRequest,
user_profile: UserProfile,
full_name: str = REQ(default=""),
email: str = REQ(default=""),
old_password: str = REQ(default=""),
new_password: str = REQ(default="")
) -> HttpResponse:
if not (full_name or new_password or email):
return json_error(_("Please fill out all fields."))
if new_password != "":
return_data = {} # type: Dict[str, Any]
if email_belongs_to_ldap(user_profile.realm,
user_profile.delivery_email):
return json_error(_("Your Zulip password is managed in LDAP"))
if not authenticate(username=user_profile.delivery_email,
password=old_password,
realm=user_profile.realm,
return_data=return_data):
return json_error(_("Wrong password!"))
if not check_password_strength(new_password):
return json_error(_("New password is too weak!"))
do_change_password(user_profile, new_password)
# In Django 1.10, password changes invalidates sessions, see
# https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change
# for details. To avoid this logging the user out of their own
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
result = {} # type: Dict[str, Any]
new_email = email.strip()
if user_profile.delivery_email != new_email and new_email != '':
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
return json_error(
_("Email address changes are disabled in this organization."))
error, skipped = validate_email(user_profile, new_email)
if error:
return json_error(error)
if skipped:
return json_error(skipped)
do_start_email_change_process(user_profile, new_email)
result['account_email'] = _(
"Check your email for a confirmation link. ")
if user_profile.full_name != full_name and full_name.strip() != "":
if name_changes_disabled(
user_profile.realm) and not user_profile.is_realm_admin:
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
# Note that check_change_full_name strips the passed name automatically
result['full_name'] = check_change_full_name(
user_profile, full_name, user_profile)
return json_success(result)
def form_valid(self, form):
response = super().form_valid(form=form)
update_session_auth_hash(request=self.request, user=form.instance)
return response
