def post(self, request):
serializer = ChangePasswordInputSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
change_form_map = {
'password1': 'new_password',
'password2': 'new_password',
'oldpassword': '******'
}
change_form_input = map_serializer_to_form(serializer.validated_data,
change_form_map)
with transaction.atomic(), clear_messages(request):
user = request.user
if not user.has_usable_password():
raise PermissionDenied(_("This account is disabled."))
change_form = ChangePasswordForm(user=user, data=change_form_input)
form_valid_or_raise(change_form, change_form_map)
change_form.save()
logout(request, all_tokens=True) # logout all other sessions
if allauth_settings.LOGOUT_ON_PASSWORD_CHANGE:
# maybe logout current session too
logout(request)
logout_on_password_change(request, user) # make allauth happy
signals.password_changed.send(sender=user.__class__,
request=request,
user=user)
return Response({})
def get_or_process_password_form(request):
form = ChangePasswordForm(data=request.POST or None, user=request.user)
if form.is_valid():
form.save()
logout_on_password_change(request, form.user)
get_adapter(request).add_message(
request, messages.SUCCESS, 'account/messages/password_changed.txt')
return form
def settings_password(request):
if request.method == 'POST':
form = ChangePasswordForm(request.user, request.POST)
if form.is_valid():
form.save()
# Prevent user logout by Django when password changed
logout_on_password_change(request, form.user)
messages.success(request, _('Password is changed'))
return redirect('users:settings_password')
else:
form = ChangePasswordForm(request.user)
return render(request, 'users/settings_password.html', {'form': form})
def settings_password(request):
if request.method == 'POST':
form = ChangePasswordForm(request.user, request.POST)
if form.is_valid():
form.save()
# Prevent user logout by Django when password changed
logout_on_password_change(request, form.user)
messages.success(request, _('Password is changed'))
return redirect('users:settings_password')
else:
form = ChangePasswordForm(request.user)
return render(request, 'users/settings_password.html', {'form': form})
def update_account(request):
user = request.user
if request.method == 'POST':
submit_value = request.POST.get('submit')
if submit_value not in ('email', 'resend', 'cancel', 'password'):
raise Http404
if submit_value == 'email':
email_form = ChangeEmailForm(request.user, request.POST)
if email_form.is_valid():
email = email_form.cleaned_data['email']
EmailAddress.objects.add_email(request, user, email, confirm=True)
return HttpResponseRedirect(reverse('account_email_verification_sent'))
else:
email_form = ChangeEmailForm(request.user)
if submit_value == 'resend':
user.new_email.send_confirmation()
if submit_value == 'cancel':
user.new_email.delete()
if submit_value == 'password':
password_form = ChangePasswordForm(request.user, request.POST)
if password_form.is_valid():
password_form.save()
# Prevent user logout by Django when password changed
logout_on_password_change(request, password_form.user)
messages.success(request, _('Password is changed'))
return redirect('users:update_account')
else:
password_form = ChangePasswordForm(request.user)
else:
email_form = ChangeEmailForm(request.user, initial={'email': request.user.email})
password_form = ChangePasswordForm(request.user)
return render(request, 'users/account_update.html', {'email_form': email_form, 'password_form': password_form})
def form_valid(self, form):
if 'info' in self.request.POST:
logger.debug("form: info success")
dmm.notifications.success(self.request,
"Info successfully updated")
email = self.request.user.emailaddress_set.get(primary=True)
if form.cleaned_data["email"] != email.email:
email.change(self.request, form.cleaned_data["email"])
get_adapter(self.request).add_message(
self.request, messages.INFO, 'account/messages/'
'email_confirmation_sent.txt', {'email': email})
return super().form_valid(form)
elif 'password' in self.request.POST:
logger.debug("form: password success")
form.save()
logout_on_password_change(self.request, form.user)
get_adapter(self.request).add_message(
self.request, messages.SUCCESS,
'account/messages/password_set.txt')
allauth.account.signals.password_set.send(
sender=self.request.user.__class__,
request=self.request,
user=self.request.user)
return HttpResponseRedirect(self.get_success_url())