def change_password(request): """ This view provides a user with a form to update their password. A successful update will redirect the user back to their profile with a success message. """ if request.method == 'GET': user = request.user new_password_form = ChangePasswordForm() context = {'new_password_form': new_password_form} return render(request, 'app/change_password.html', context) if request.method == 'POST': # get user instance used with form class instance (for validating unique fields) and volunteer instance user = CustomUser.objects.get(pk=request.user.id) old_password = request.POST['old_password'] new_password_form = ChangePasswordForm(data=request.POST, instance=user) # validate password using installed validators in settings.py try: validate_password(request.POST['password']) == None except ValidationError: # return to form with form instance and message context = {'new_password_form': new_password_form} messages.error(request, "Password change failed. New password too simple.") return render(request, 'app/change_password.html', context) # verify requesting user's email and old_password match authenticated_user = authenticate(email=user.email, password=old_password) # check data types in submission. if new_password_form.is_valid() and authenticated_user is not None: # Note that user instance is used here for updating (not posting) # Hash the password and update the user object user.set_password(request.POST['password']) user.save() # re-authenticate with new password authenticated_user = authenticate( email=user.email, password=request.POST['password']) login(request=request, user=authenticated_user) # return to user profile with success message after logging user in with new credentials messages.success(request, "Password changed successfully!") return HttpResponseRedirect(request.POST.get('next', '/profile')) else: # return to form with form instance and message context = {'new_password_form': new_password_form} messages.error( request, "Password change failed. Old password incorrect or new passwords don't match" ) return render(request, 'app/change_password.html', context)
def change_password(request): form = ChangePasswordForm(request.POST) if form.is_valid(): student = Students.objects.get(email=request.user) user = AuthUser.objects.get(username=request.user) if request.user.check_password( form.cleaned_data['old_password'] ) and form.cleaned_data['new_password'] == form.cleaned_data[ 'repeat_new_password']: student.password = form.cleaned_data[ 'new_password'] #not really needed request.user.set_password(form.cleaned_data['new_password']) request.user.save() student.save() return True return False