def register(request):
if request.method == "POST":
#Usual test cases
if User.objects.filter(username=request.POST['user_reg']).exists():
return render(request, 'user/login.html',{'usr':"******"})
elif User.objects.filter(email=request.POST['email']).exists():
return render(request, 'user/login.html',{'usr':"******"})
elif request.POST['password'] != request.POST['password2']:
return render(request, 'user/login.html',{'pwd':" <h4 class='text-danger'>Both the passwords don't match.</h4>"})
else:
#Validate the password
try:
validate_password(request.POST['password'])
except ValidationError as e:
return render(request, 'user/login.html',{'pwd':password_validators_help_text_html()})
#Yay, new user
user = User.objects.create_user(request.POST['user_reg'],request.POST['email'],request.POST['password'])
#comm = Communities.objects.get(name='users')
profile = UserProfile(user=user)
profile.save()
user = authenticate(username=request.POST['user_reg'], password=request.POST['password'])
auth.login(request, user)
return render(request,'user/profile.html')
else:
return render(request,"user/login.html")
def handle(self, *args, **options):
self.stdout.write("Creating administrator user")
if User.objects.filter(username=USERNAME).exists():
self.stdout.write(self.style.NOTICE(
"User '{}' already exists".format(USERNAME)))
return
try:
email = settings.ADMINS[0][1]
except:
raise CommandError("ADMINS setting not defined properly")
try:
validate_password(options['password'],
User(username=USERNAME, email=email))
except ValidationError as err:
raise CommandError(' '.join(err.messages))
call_command('createsuperuser', interactive=False, verbosity=0,
username=USERNAME, email=email)
admin_user = User.objects.get(username=USERNAME)
admin_user.set_password(options['password'])
admin_user.save()
self.stdout.write(self.style.SUCCESS(
"Successfully created administrator user"
))
def change_forgotten_password(request, pk, token):
"""
POST /auth/change-password/user/token/ with CSRF and new password
will change forgotten password
"""
invalid_message = _("Form link is invalid. Please try again.")
expired_message = _("Your link has expired. Please request new one.")
try:
try:
user = User.objects.get(pk=pk, is_active=True)
except User.DoesNotExist:
raise PasswordChangeFailed(invalid_message)
if request.user.is_authenticated and request.user.id != user.id:
raise PasswordChangeFailed(invalid_message)
if not is_password_change_token_valid(user, token):
raise PasswordChangeFailed(invalid_message)
if user.requires_activation:
raise PasswordChangeFailed(expired_message)
if get_user_ban(user, request.cache_versions):
raise PasswordChangeFailed(expired_message)
except PasswordChangeFailed as e:
return Response({"detail": e.args[0]}, status=status.HTTP_400_BAD_REQUEST)
try:
new_password = request.data.get("password", "")
validate_password(new_password, user=user)
user.set_password(new_password)
user.save()
except ValidationError as e:
return Response({"detail": e.messages[0]}, status=status.HTTP_400_BAD_REQUEST)
return Response({"username": user.username})
def post(self, request, *args, **kwargs):
uidb64 = request.data.get("user_id")
token = request.data.get("token")
password = request.data.get("password")
if not (uidb64 and token and password):
raise ValidationError(
{"detail": "You have to provide user_id, token and password."}
)
user = self.get_user(uidb64)
if user is None:
raise ValidationError({"detail": "User does not exist."})
if not (
has_perm(user, "users.can_change_password")
or has_perm(user, "users.can_manage")
):
self.permission_denied(request)
if not default_token_generator.check_token(user, token):
raise ValidationError({"detail": "Invalid token."})
try:
validate_password(password, user=user)
except DjangoValidationError as errors:
raise ValidationError({"detail": " ".join(errors)})
user.set_password(password)
user.save()
return super().post(request, *args, **kwargs)
def clean_password2(self):
password1 = self.cleaned_data['password1']
password2 = self.cleaned_data['password2']
validate_password(password2)
if password1 != password2:
raise forms.ValidationError('password1 and password2 not equal!')
return password2
def clean(self):
if ("password" in self.cleaned_data
and "password_again" in self.cleaned_data):
if self.cleaned_data["password"] != self.cleaned_data["password_again"]:
self.add_error("password",
forms.ValidationError(_("Passwords don't match")))
self.add_error("password_again",
forms.ValidationError(_("Passwords don't match")))
if "email" in self.cleaned_data:
self.cleaned_data["username"] = self.get_username()
if "username" in self.cleaned_data:
username_exists = User.objects.filter(
username=self.cleaned_data["username"]).count()
if username_exists:
self.add_error("username", forms.ValidationError(
_("Please choose another display name")))
if "email" in self.cleaned_data:
email_exists = User.objects.filter(
email=self.cleaned_data["email"]).count()
if email_exists:
self.add_error("email", forms.ValidationError(
_("Please choose another email address")))
if "password" in self.cleaned_data:
validate_password(self.cleaned_data["password"])
return self.cleaned_data
def reset_password(self, request, pk=None):
"""
View to reset the password using the requested password.
If update_defualt_password=True is given, the new password will also be set
as the default_password.
"""
user = self.get_object()
password = request.data.get("password")
if not isinstance(password, str):
raise ValidationError({"detail": "Password has to be a string."})
update_default_password = request.data.get("update_default_password", False)
if not isinstance(update_default_password, bool):
raise ValidationError(
{"detail": "update_default_password has to be a boolean."}
)
try:
validate_password(password, user=request.user)
except DjangoValidationError as errors:
raise ValidationError({"detail": " ".join(errors)})
user.set_password(password)
if update_default_password:
user.default_password = password
user.save()
return Response({"detail": "Password successfully reset."})
def clean(self):
if ('password' not in self.cleaned_data or
'password_confirm' not in self.cleaned_data):
raise ValidationError(_('Favor informar senhas atuais ou novas'))
msg = _('As senhas não conferem.')
self.valida_igualdade(
self.cleaned_data['password'],
self.cleaned_data['password_confirm'],
msg)
if ('email' not in self.cleaned_data or
'email_confirm' not in self.cleaned_data):
raise ValidationError(_('Favor informar endereços de email'))
msg = _('Os emails não conferem.')
self.valida_igualdade(
self.cleaned_data['email'],
self.cleaned_data['email_confirm'],
msg)
email_existente = self.valida_email_existente()
if email_existente:
msg = _('Esse email já foi cadastrado.')
raise ValidationError(msg)
try:
validate_password(self.cleaned_data['password'])
except ValidationError as error:
raise ValidationError(error)
return self.cleaned_data
def post(self, request):
serializer = self.get_serializer(data=request.data)
if serializer.is_valid():
old_password = serializer.validated_data['old_password']
new_password = serializer.validated_data['new_password']
try:
if not FailedLoginAttempt.objects.is_locked_out(
request.user, request.auth.application):
if request.user.check_password(old_password):
FailedLoginAttempt.objects.delete_failed_attempts(
request.user, request.auth.application)
password_validation.validate_password(new_password, request.user)
request.user.set_password(new_password)
request.user.save()
return Response(status=status.HTTP_204_NO_CONTENT)
else:
FailedLoginAttempt.objects.add_failed_attempt(
request.user, request.auth.application)
errors = {'old_password': [_('You’ve entered an incorrect password')]}
except ValidationError as e:
errors = {'new_password': e.error_list}
else:
errors = serializer.errors
return Response(
data={'errors': errors},
status=status.HTTP_400_BAD_REQUEST,
)
def post(self, request):
user = request.user
# Check request data.
old_password = request.data.get('old_password')
new_password = request.data.get('new_password')
if not old_password or not new_password:
raise APIException(detail='You must provide both the old password and the new password.')
if not user.check_password(old_password):
raise APIException(detail='The old password is not correct.')
try:
password_validation.validate_password(new_password)
except ValidationError:
raise APIException(detail='The new password is not valid.')
# Update the user's password.
user.set_password(new_password)
user.save()
# Log in user with new password.
user = authenticate(username=user.username, password=new_password)
if user is not None and user.is_active:
login(request, user)
return Response()
def clean(self):
super(userRegisterForm, self).clean
username = self.cleaned_data.get('username')
firstname = self.cleaned_data.get('firstname')
middlename = self.cleaned_data.get('middlename')
lastname = self.cleaned_data.get('lastname')
password = self.cleaned_data.get('password')
email_address = self.cleaned_data.get('email_address')
if len(username) < 5:
self._errors['username'] = self.error_class(['UserName should be atleast five characters long'])
try:
validate_username(username)
except ValidationError as e:
self._errors['username'] = self.error_class([e])
if len(firstname) < 4:
self._errors['firstname'] = self.error_class(['First Name should be atleast four characters long'])
try:
validate_email(email_address)
except ValidationError as e:
self._errors['email_address'] = self.error_class([e])
try:
validate_password(password, self.data,None)
except ValidationError as e:
self._errors['password'] = self.error_class([e])
#validate_password(password,None,None )
return self.cleaned_data
def post(self, request):
messages = {'invalid_password': None, 'password_validations': None, 'success': None, 'other': None, 'mismatched':None}
try:
user = request.user
old_password = request.POST.get('old_password')
new_password = request.POST.get('new_password')
new_password2 = request.POST.get('new_password2')
if user.check_password(old_password) == False:
messages['invalid_password'] = _("Invalid password")
if new_password != new_password2:
messages['mismatched'] = _("New password and confirmation must match")
try:
validation.validate_password(new_password, user)
except ValidationError as val_err:
messages['password_validations'] = val_err.messages
if messages["invalid_password"] == None and messages["password_validations"] == None and messages["mismatched"] == None:
user.set_password(new_password)
user.save()
authenticated_user = authenticate(username=user.username, password=new_password)
login(request, authenticated_user)
messages['success'] = _('Password successfully updated')
except Exception as err:
messages['other'] = err
return JSONResponse(messages)
def create(self, request, *args, **kwargs):
try:
validate_password(request.data.get('password'))
except ValidationError as e:
logger.error('User creation failed: password did not validate.')
return Response({ 'message': '\n'.join(e.messages) }, 400)
try:
User.objects.get(username=request.data.get('username'))
logger.error('User creation failed: user already exists.')
return Response({ 'message': 'User already exists' }, 400)
except ObjectDoesNotExist:
pass
response = super().create(request, *args, **kwargs)
# Prep to send email.
user = User.objects.get(username=response.data['username'])
url = reverse('api:user-register', kwargs={'pk': user.id})
registration_url = request.build_absolute_uri(url)
try:
send_registration_email_to_user.delay(registration_url,
user.registration_code, user.email)
except Exception as e:
logger.error('An exception occurred while creating user. %s' % e)
return Response({
'description': 'User created. Registration Needed'
}, 201)
def post(self, request, *args, **kwargs):
form = self.form_class(request.POST)
if form.is_valid():
new_username = form.cleaned_data['username']
new_password = form.cleaned_data['password']
new_email = form.cleaned_data['email']
if get_user_model().objects.filter(username=new_username).exists():
messages.error(request, "Username not available, choose a different one")
return render(request, self.template_name, {'form' : form})
if new_email != '' and get_user_model().objects.filter(email=new_email).exists():
messages.error(request, "Email not available, choose a different one")
return render(request, self.template_name, {'form' : form})
#validate password
try:
validate_password(new_password)
except exceptions.ValidationError as e:
form.errors['password'] = list(e.messages)
return render(request, self.template_name, {'form' : form})
user = get_user_model().objects.create_user(username=new_username, password=new_password, email=new_email)
user = authenticate(username=new_username, password=new_password)
if user is not None:
login(request, user)
return redirect(reverse('chatdemo:profile'))
else:
return render(request, self.template_name, {'form' : form})
def clean(self):
new_password = self.cleaned_data['new_password']
new_password_again = self.cleaned_data['new_password_again']
old_password = self.cleaned_data['old_password']
if (new_password_again or new_password) and not old_password:
raise forms.ValidationError(
self.error_messages['old_password_required'],
code='old_password_required',)
if old_password:
if not self.instance.check_password(old_password):
raise forms.ValidationError(
self.error_messages['password_incorrect'],
code='password_incorrect',
)
if new_password and new_password_again:
if new_password != new_password_again:
raise forms.ValidationError(
self.error_messages['password_mismatch'],
code='password_mismatch',)
password_validation.validate_password(
new_password_again,
self.instance
)
else:
raise forms.ValidationError(
self.error_messages['new_password_repeat'],
code='new_password_repeat',
)
def clean_password(self, password):
"""
Validates a password. You can hook into this if you want to
restric the allowed password choices.
"""
validate_password(password)
return password
def clean_password2(self):
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Los Passwords no son iguales")
password_validation.validate_password(self.cleaned_data.get("password2"), self.instance)
return password2
def put(self, request, **kwargs):
token = request.data.get('token')
password = request.data.get('password')
matches = re.search(r'([0-9A-Za-z]+)-(.*)', token)
if not matches:
return Response(status=HTTP_404_NOT_FOUND)
uidb36 = matches.group(1)
key = matches.group(2)
if not (uidb36 and key):
return Response(status=HTTP_404_NOT_FOUND)
user = self._get_user(uidb36)
if user is None:
return Response(status=HTTP_404_NOT_FOUND)
if not default_token_generator.check_token(user, key):
return Response(status=HTTP_404_NOT_FOUND)
try:
validate_password(password)
except DjangoValidationError as e:
return Response(dict(password=e.messages), status=HTTP_400_BAD_REQUEST)
cache.set(backoff_cache_key(user.email, None), None)
user.set_password(password)
user.save()
return self.get_response()
def clean(self):
data = super().clean()
if self.errors:
return data
old_password = data.get('old_password', '')
new_password1 = data.get('new_password1', '')
new_password2 = data.get('new_password2', '')
if old_password and self.instance.pwd_created:
if not self.instance.check_password(old_password):
raise ValidationError("Senha atual informada não confere "
"com a senha armazenada")
if self.instance.check_password(new_password1):
raise ValidationError(
"Nova senha não pode ser igual à senha anterior")
if new_password1 != new_password2:
raise forms.ValidationError(
self.error_messages['password_mismatch'],
code='password_mismatch',
)
else:
if new_password1 and new_password2:
password_validation.validate_password(
new_password2, self.instance)
def validate_new_password(self, value):
"""Check new password."""
try:
password_validation.validate_password(value, self.instance)
except ValidationError as exc:
raise serializers.ValidationError(exc.messages[0])
return value
def create(self, validated_data):
user_data = validated_data.pop('user')
errors = {}
if 'username' not in user_data:
errors['username'] = ['This field is required.']
if 'password' not in user_data:
errors['password'] = ['This field is required.']
if len(errors) > 0:
raise serializers.ValidationError(errors)
if 'timezone' not in validated_data:
validated_data['timezone'] = 'UTC'
if validated_data['timezone'] not in pytz.all_timezones:
raise serializers.ValidationError({'timezone': ['Not a valid choice.']})
password = user_data.pop('password')
try:
password_validation.validate_password(password=password, user=User)
except exceptions.ValidationError as e:
raise serializers.ValidationError({'password': [e.message]})
user = User.objects.create(**user_data)
user.set_password(password)
user.save()
return SciriusUser.objects.create(user=user, **validated_data)
def validate_password(password):
"""
Validate password
"""
validate_password(password)
return password
def clean(self):
#rewriting clean method to check whether passwords match or not
cleaned_data=super(SignupForm,self).clean()
username=cleaned_data.get('username')
email=cleaned_data.get('email')
ps1=cleaned_data.get('password')
ps2=cleaned_data.get('verify_password')
if email=="":
self.add_error('email',"Please input your email!")
if ps1!=ps2:
msg="Password does not match!"
self.add_error('verify_password',msg)
# Save hashed password instead of password directly
encoded_password=make_password(ps1,make_salt())
cleaned_data['password']=encoded_password
# Make sure email is unique
if email and User.objects.filter(email=email).exclude(username=username).count():
msg="Email has been used!"
self.add_error('email',msg)
# Validate password
if ps1:
try:
validate_password(ps1,user=self)
cleaned_data['help_text']=None
except ValidationError:
cleaned_data['help_text']=password_validators_help_text_html()
self.add_error('password','Your password it too weak. Please choose another password')
return cleaned_data
def clean_password2(self):
password1 = self.cleaned_data.get('password1', '')
password2 = self.cleaned_data.get('password2', '')
if password1 != password2:
raise forms.ValidationError(
_("The two password fields didn't match."))
validate_password(password2, self.instance)
return password2
def clean_new_password2(self):
password1 = self.cleaned_data.get('new_password1')
password2 = self.cleaned_data.get('new_password2')
if password1 and password2:
if password1 != password2:
raise forms.ValidationError("The passwords do not match.")
password_validation.validate_password(password2)
return password2
def clean_password2(self):
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError(self.error_messages["password_mismatch"], code="password_mismatch")
self.instance.email = self.cleaned_data.get("email")
password_validation.validate_password(self.cleaned_data.get("password2"), self.instance)
return password2
def clean_password2(self):
# Check that the two password entries match
password = self.cleaned_data.get("password")
password2 = self.cleaned_data.get("password2")
if password and password2 and password != password2:
raise forms.ValidationError("Passwords don't match")
validate_password(password)
return password2
def clean_password2(self):
password1 = self.cleaned_data.get("password1")
password2 = self.cleaned_data.get("password2")
if password1 and password2:
if password1 != password2:
raise forms.ValidationError(self.error_messages["password_mismatch"], code="password_mismatch")
password_validation.validate_password(password2, self.user)
return password2
def clean_new_password2(self):
password1 = self.cleaned_data.get('new_password1')
password2 = self.cleaned_data.get('new_password2')
if password1 and password2:
if password1 != password2:
raise forms.ValidationError(_("The two password fields didn't match."), code='password_mismatch')
password_validation.validate_password(password2, self.user)
return password2
def clean_password_confirmation(self):
new_password = self.cleaned_data['new_password']
if new_password:
validate_password(new_password, self.instance.user)
password_confirmation = self.cleaned_data['password_confirmation']
if new_password != password_confirmation:
raise ValidationError("Password mismatch", code='invalid')
return password_confirmation
def validate_password(self, value):
password_validation.validate_password(value, self.instance)
return value
def clean_password1(self):
password1 = self.cleaned_data.get("password1")
email = self.cleaned_data.get("email")
validate_password(password1, User(username=email, email=email))
return password1
def validate_password(self, value):
if value is not None:
password_validation.validate_password(value)
return value
def handle(self, *args, **options):
username = options.get('username')
email = options.get('email')
password = options.get('password')
interactive = options.get('interactive')
verbosity = int(options.get('verbosity', 1))
# Validate initial inputs
if username is not None:
try:
username = username.strip()
validate_username(username)
except ValidationError as e:
self.stderr.write('\n'.join(e.messages))
username = None
if email is not None:
try:
email = email.strip()
validate_email(email)
except ValidationError as e:
self.stderr.write('\n'.join(e.messages))
email = None
if password is not None:
password = password.strip()
if password == '':
self.stderr.write("Error: Blank passwords aren't allowed.")
if not interactive:
if username and email and password:
# Call User manager's create_superuser using our wrapper
self.create_superuser(username, email, password, verbosity)
else:
try:
if hasattr(self.stdin, 'isatty') and not self.stdin.isatty():
raise NotRunningInTTYException("Not running in a TTY")
# Prompt for username/password, and any other required fields.
# Enclose this whole thing in a try/except to trap for a
# keyboard interrupt and exit gracefully.
while not username:
try:
message = force_str("Enter displayed username: "******"Enter e-mail address: ").strip()
validate_email(raw_value)
email = raw_value
except ValidationError as e:
self.stderr.write('\n'.join(e.messages))
while not password:
raw_value = getpass("Enter password: "******"Repeat password:"******"Error: Your passwords didn't match.")
# Don't validate passwords that don't match.
continue
if raw_value.strip() == '':
self.stderr.write("Error: Blank passwords aren't allowed.")
# Don't validate blank passwords.
continue
try:
validate_password(
raw_value, user=UserModel(username=username, email=email)
)
except ValidationError as e:
self.stderr.write('\n'.join(e.messages))
response = input('Bypass password validation and create user anyway? [y/N]: ')
if response.lower() != 'y':
continue
password = raw_value
# Call User manager's create_superuser using our wrapper
self.create_superuser(username, email, password, verbosity)
except KeyboardInterrupt:
self.stderr.write("\nOperation cancelled.")
sys.exit(1)
except NotRunningInTTYException:
self.stdout.write(
"Superuser creation skipped due to not running in a TTY. "
"You can run `manage.py createsuperuser` in your project "
"to create one manually."
)
def validate_password(self, value):
try:
validate_password(value)
except ValidationError as exc:
raise serializers.ValidationError(str(exc))
return value
def validate_password(self, data):
password_validation.validate_password(data)
return data
def clean_new_password(self):
data = self.cleaned_data['new_password']
if data:
validate_password(data, user=self.instance)
return data
def register_view(request):
reglink_id = request.GET.get('reglink_id', request.POST.get('reglink_id', ''))
try:
reglink = RegLink.objects.get(reglink_id=reglink_id)
reglink_usable = reglink.is_usable()
except RegLink.DoesNotExist:
reglink_usable = False
reglink = None
context = {
'can_register': True,
'done_registeration': False,
'warning': '',
'reglink_id': reglink_id,
}
if reglink_usable is False or request.method == 'GET':
if reglink_usable is False:
context['can_register'] = False
context['warning'] = 'Your registeration link is invalid! Please check again!'
return shortcuts.render(request, 'registration/register.html', context)
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
password2 = request.POST.get('password2', '')
email = request.POST.get('email', '')
email = email.strip()
info_valid = True
registeration_success = True
try:
validate_email(email)
except ValidationError:
context['warning'] += 'Invalid Email! <BR>'
info_valid = False
if password != password2:
context['warning'] += 'Your password didn\'t match! <BR>'
info_valid = False
try:
User.objects.get(username=username)
info_valid = False
context['warning'] += 'Your username has been used!<br>'
except User.DoesNotExist:
pass
try:
User.objects.get(email=email)
info_valid = False
context['warning'] += 'Your email has been used!<br>'
except User.DoesNotExist:
pass
try:
password_validation.validate_password(password)
except ValidationError as e:
context['warning'] += f'{"<br>".join(e.messages)}<BR>'
info_valid = False
try:
validators.UnicodeUsernameValidator()(username)
except ValidationError as e:
context['warning'] += f'{"<br>".join(e.messages)}<BR>'
info_valid = False
if info_valid:
user = User.objects.create(username=username, email=email)
user.set_password(password)
user.save()
else:
user = None
if user is None:
registeration_success = False
if registeration_success:
try:
UserProfile.objects.get(user=user)
except UserProfile.DoesNotExist:
UserProfile.objects.create(user=user)
reglink.is_used = True
reglink.save()
context['done_registeration'] = True
context['warning'] = ''
return shortcuts.render(request, 'registration/register.html', context)
else:
context['done_registeration'] = False
return shortcuts.render(request, 'registration/register.html', context)
def validate_password(self, password):
user = self.context['request'].user
validate_password(password, user=user)
return password
def validate_new_password(self, value):
# https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#django.contrib.auth.password_validation.validate_password
password_validation.validate_password(value)
return value
def new_password__is_valid(form, parsed_data, **_):
try:
validate_password(parsed_data, form.get_request().user)
return True, None
except ValidationError as e:
return False, ','.join(e)
def validate_old_password(self, value):
validate_password(
value, user=self.instance) # validate it is a real, acceptable pw
return value
def clean_password1(self):
password1 = self.cleaned_data['password1']
if password1:
password_validation.validate_password(password1)
return password1
def handle(self, *args, **options):
username = options[self.UserModel.USERNAME_FIELD]
database = options['database']
user_data = {}
verbose_field_name = self.username_field.verbose_name
try:
self.UserModel._meta.get_field(PASSWORD_FIELD)
except exceptions.FieldDoesNotExist:
pass
else:
# If not provided, create the user with an unusable password.
user_data[PASSWORD_FIELD] = None
try:
if options['interactive']:
# Same as user_data but with foreign keys as fake model
# instances instead of raw IDs.
fake_user_data = {}
if hasattr(self.stdin, 'isatty') and not self.stdin.isatty():
raise NotRunningInTTYException
default_username = get_default_username()
if username:
error_msg = self._validate_username(
username, verbose_field_name, database)
if error_msg:
self.stderr.write(error_msg)
username = None
elif username == '':
raise CommandError('%s cannot be blank.' %
capfirst(verbose_field_name))
# Prompt for username.
while username is None:
message = self._get_input_message(self.username_field,
default_username)
username = self.get_input_data(self.username_field,
message, default_username)
if username:
error_msg = self._validate_username(
username, verbose_field_name, database)
if error_msg:
self.stderr.write(error_msg)
username = None
continue
user_data[self.UserModel.USERNAME_FIELD] = username
fake_user_data[self.UserModel.USERNAME_FIELD] = (
self.username_field.remote_field.model(username)
if self.username_field.remote_field else username)
# Prompt for required fields.
for field_name in self.UserModel.REQUIRED_FIELDS:
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = options[field_name]
while user_data[field_name] is None:
message = self._get_input_message(field)
input_value = self.get_input_data(field, message)
user_data[field_name] = input_value
fake_user_data[field_name] = input_value
# Wrap any foreign keys in fake model instances
if field.remote_field:
fake_user_data[
field_name] = field.remote_field.model(
input_value)
# Prompt for a password if the model has one.
while PASSWORD_FIELD in user_data and user_data[
PASSWORD_FIELD] is None:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
self.stderr.write(
"Error: Your passwords didn't match.")
# Don't validate passwords that don't match.
continue
if password.strip() == '':
self.stderr.write(
"Error: Blank passwords aren't allowed.")
# Don't validate blank passwords.
continue
try:
validate_password(password2,
self.UserModel(**fake_user_data))
except exceptions.ValidationError as err:
self.stderr.write('\n'.join(err.messages))
response = input(
'Bypass password validation and create user anyway? [y/N]: '
)
if response.lower() != 'y':
continue
user_data[PASSWORD_FIELD] = password
else:
# Non-interactive mode.
# Use password from environment variable, if provided.
if PASSWORD_FIELD in user_data and 'DJANGO_SUPERUSER_PASSWORD' in os.environ:
user_data[PASSWORD_FIELD] = os.environ[
'DJANGO_SUPERUSER_PASSWORD']
# Use username from environment variable, if not provided in
# options.
if username is None:
username = os.environ.get(
'DJANGO_SUPERUSER_' +
self.UserModel.USERNAME_FIELD.upper())
if username is None:
raise CommandError('You must use --%s with --noinput.' %
self.UserModel.USERNAME_FIELD)
else:
error_msg = self._validate_username(
username, verbose_field_name, database)
if error_msg:
raise CommandError(error_msg)
user_data[self.UserModel.USERNAME_FIELD] = username
for field_name in self.UserModel.REQUIRED_FIELDS:
env_var = 'DJANGO_SUPERUSER_' + field_name.upper()
value = options[field_name] or os.environ.get(env_var)
if not value:
raise CommandError(
'You must use --%s with --noinput.' % field_name)
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(value, None)
self.UserModel._default_manager.db_manager(
database).create_superuser(**user_data)
if options['verbosity'] >= 1:
self.stdout.write("Superuser created successfully.")
except KeyboardInterrupt:
self.stderr.write('\nOperation cancelled.')
sys.exit(1)
except exceptions.ValidationError as e:
raise CommandError('; '.join(e.messages))
except NotRunningInTTYException:
self.stdout.write(
'Superuser creation skipped due to not running in a TTY. '
'You can run `manage.py createsuperuser` in your project '
'to create one manually.')
def clean_password(self):
password = self.cleaned_data.get("password")
validate_password(password)
return password
def validate_password(self, password):
password_validation.validate_password(password)
return password
def handle(self, *args, **options):
username = options[self.UserModel.USERNAME_FIELD]
database = options['database']
# If not provided, create the user with an unusable password
password = None
user_data = {}
# Same as user_data but with foreign keys as fake model instances
# instead of raw IDs.
fake_user_data = {}
# Do quick and dirty validation if --noinput
if not options['interactive']:
try:
if not username:
raise CommandError("You must use --%s with --noinput." %
self.UserModel.USERNAME_FIELD)
username = self.username_field.clean(username, None)
for field_name in self.UserModel.REQUIRED_FIELDS:
if options[field_name]:
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = field.clean(
options[field_name], None)
else:
raise CommandError(
"You must use --%s with --noinput." % field_name)
except exceptions.ValidationError as e:
raise CommandError('; '.join(e.messages))
else:
# Prompt for username/password, and any other required fields.
# Enclose this whole thing in a try/except to catch
# KeyboardInterrupt and exit gracefully.
default_username = get_default_username()
try:
if hasattr(self.stdin, 'isatty') and not self.stdin.isatty():
#raise NotRunningInTTYException("Not running in a TTY")
print "1"
# Get a username
verbose_field_name = self.username_field.verbose_name
while username is None:
input_msg = capfirst(verbose_field_name)
if default_username:
input_msg += " (leave blank to use '%s')" % default_username
username_rel = self.username_field.remote_field
input_msg = '%s%s: ' % (
input_msg, ' (%s.%s)' %
(username_rel.model._meta.object_name,
username_rel.field_name) if username_rel else '')
username = self.get_input_data(self.username_field,
input_msg, default_username)
if not username:
continue
if self.username_field.unique:
try:
self.UserModel._default_manager.db_manager(
database).get_by_natural_key(username)
except self.UserModel.DoesNotExist:
pass
else:
self.stderr.write(
"Error: That %s is already taken." %
verbose_field_name)
username = None
for field_name in self.UserModel.REQUIRED_FIELDS:
field = self.UserModel._meta.get_field(field_name)
user_data[field_name] = options[field_name]
while user_data[field_name] is None:
message = '%s%s: ' % (
capfirst(field.verbose_name),
' (%s.%s)' % (
field.remote_field.model._meta.object_name,
field.remote_field.field_name,
) if field.remote_field else '',
)
input_value = self.get_input_data(field, message)
user_data[field_name] = input_value
fake_user_data[field_name] = input_value
# Wrap any foreign keys in fake model instances
if field.remote_field:
fake_user_data[
field_name] = field.remote_field.model(
input_value)
# Get a password
while password is None:
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if password != password2:
self.stderr.write(
"Error: Your passwords didn't match.")
password = None
# Don't validate passwords that don't match.
continue
if password.strip() == '':
self.stderr.write(
"Error: Blank passwords aren't allowed.")
password = None
# Don't validate blank passwords.
continue
try:
validate_password(password2,
self.UserModel(**fake_user_data))
except exceptions.ValidationError as err:
self.stderr.write('\n'.join(err.messages))
password = None
except KeyboardInterrupt:
self.stderr.write("\nOperation cancelled.")
sys.exit(1)
except NotRunningInTTYException:
self.stdout.write(
"Superuser creation skipped due to not running in a TTY. "
"You can run `manage.py createsuperuser` in your project "
"to create one manually.")
if username:
user_data[self.UserModel.USERNAME_FIELD] = username
user_data['password'] = password
self.UserModel._default_manager.db_manager(
database).create_superuser(**user_data)
if options['verbosity'] >= 1:
self.stdout.write("Superuser created successfully.")
def validate_password(self, value):
"""
Method for validating password
"""
password_validation.validate_password(value)
return value
def validate(self, attrs):
validators.validate_password(attrs['password'])
return attrs
def validate_password(self, value):
validate_password(value)
return value
def validate_password(self, data):
validators.validate_password(password=data, user=User)
return data
def validate_new_password(self, value):
validate_password(value, user=self.instance)
return value
def clean_password_first(self):
password = self.cleaned_data['password1']
if password:
password_validation.validate_password(password)
return password
def validate_new_password(self, value):
password_validation.validate_password(value)
return value
def clean_password2(self):
password = self.cleaned_data.get('password2', None)
validate_password(password)
return password
def validate_new_password(self, data):
validators.validate_password(password=data, user=User)
user = self.context.get("user")
if user.check_password(data):
raise serializers.ValidationError("New password must be different")
return data
def validate_new_password(self, value):
validate_password(value, user=self.context["user"])
return value
def clean_new_password(self):
password = self.cleaned_data["new_password"]
if password:
validate_password(password, self.instance)
return password
def validate_new_password(self, password):
try:
password_validation.validate_password(password=password, user=User)
except exceptions.ValidationError as e:
raise serializers.ValidationError({'password': [str(e)]})
return password
def validate_new_password(self, value):
validate_password(value)
return value
# class UserSerializer(serializers.ModelSerializer):
# class Meta:
# model = User
# fields = ('id', 'email', 'firstname', 'lastname',
# 'about_me', 'avatar' )
# read_only_fields = ('id',)
# validators = [UniqueTogetherValidator(
# queryset=User.objects.all(),
# fields=('email',)
# )]
# class UserSerializer(serializers.ModelSerializer):
# class Meta:
# model = User
# fields = ('id', 'email', 'firstname', 'lastname',
# 'about_me', 'avatar' )
# class UserRegisterSerializer(serializers.Serializer):
# email = serializers.EmailField(required=True)
# password = serializers.CharField(required=True)
# password2 = serializers.CharField(required=True)
# def validate_email(self, validated_data):
# email = self.validated_data['email']
# qs = User.objects.filter(email=email)
# if qs.exists():
# raise serializers.ValidationError("email is taken")
# return email
# def validate_password2(self, validated_data):
# # Check that the two password entries match
# password1 = self.validated_data["password"]
# password2 = self.validated_data["password2"]
# if password1 and password2 and password1 != password2:
# raise serializers.ValidationError("Passwords don't match")
# return password2
# def validate_email(email):
# qs = User.objects.filter(email=email)
# if qs.exists():
# raise serializers.ValidationError("email is taken")
# return email
# def validate_password2(password, password2):
# if password and password2 and password != password2:
# raise serializers.ValidationError("Passwords don't match")
# return password2
# class UserRegisterSerializer(serializers.Serializer):
# email = serializers.EmailField(validators=[validate_email])
# password = serializers.CharField(required=True)
# password2 = serializers.CharField(required=True)
# # password2 = serializers.CharField(validators=[validate_password2])
# class UserRegisterSerializer(serializers.ModelSerializer):
# class Meta:
# model = User
# fields = ('email', 'password')
# def create(self, validated_data):
# user = super().create(validated_data)
# user.set_password(validated_data['password'])
# user.save()
# return user
