def edit_user(request): """ Display forms for edit user **Context** user set password form notification **Template:** :template:`edit_user.html` """ user = User.objects.get(id=request.user.id) form = PasswordChangeForm(None) notification = None if request.method == 'POST': if request.POST.get('changePassword'): form = PasswordChangeForm(user, request.POST) if form.is_valid(): form.save() notification = 'Hasło zostało zmienione! :)' update_session_auth_hash(request, form.user) elif request.POST.get('changeColor'): embigo_user = EmbigoUser.objects.get(user=user) embigo_user.color = request.POST.get('color') embigo_user.save() notification = 'Zmieniono kolor avatara! :)' context = { 'user': request.user, 'form': form, 'notification': notification } return render(request, 'edit_user.html', context)
def reset_password(request): logger.debug("in reset password") error_message = '' if request.method == 'POST': form = Reset_Password_Form(request.POST) if form.is_valid(): logger.debug(">>>>>>>>>>>>>>>>>>"+str(request.user)) if not request.user.is_anonymous(): user = VLAB_User.objects.get(email=request.user.email) user.set_password(form.cleaned_data['password']) user.save() update_session_auth_hash(request, user) return redirect('/vital') # change here to home page else: logger.debug(form.cleaned_data['user_email']+'-'+form.cleaned_data['activation_code']) user = VLAB_User.objects.get(email=form.cleaned_data['user_email']) if user.activation_code == int(form.cleaned_data['activation_code']): user.set_password(form.cleaned_data['password']) user.activation_code=None user.save() update_session_auth_hash(request, user) return redirect('/vital') # change here to home page else: error_message = 'Please use the link sent to you in your email' else: user_email = request.GET.get('user_email', 'x') activation_code = request.GET.get('activation_code', 'x') form = Reset_Password_Form(initial={'user_email': user_email, 'activation_code':activation_code}) return render(request, 'vital/user_reset_password.html', {'form': form, 'error_message': error_message})
def password_change(request, template_name='accounts/password_change_form.html', post_change_redirect=None, password_change_form=PasswordChangeForm, current_app=None, extra_context=None): if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. update_session_auth_hash(request, form.user) return render(request,'accounts/password_change_form.html', {'valid': True }) else: form = password_change_form(user=request.user) context = { 'form': form, 'title': _('Password change'), } if extra_context is not None: context.update(extra_context) if current_app is not None: request.current_app = current_app return TemplateResponse(request, template_name, context)
def put(self, request, username, format=None): user = request.user current_password = request.data.get('current_password', None) if user.username == username: if current_password is not None: password_match = user.check_password(current_password) if password_match: new_password = request.data.get('new_password',None) if new_password is not None: user.set_password(new_password) user.save() update_session_auth_hash(request, request.user) return Response(status=status.HTTP_200_OK) else: return Response(status=status.HTTP_400_BAD_REQUEST) else: return Response(status=status.HTTP_400_BAD_REQUEST) else: return Response(status=status.HTTP_400_BAD_REQUEST) else: return Response(status=status.HTTP_401_UNAUTHORIZED)
def change_password(self, form): user = self.request.user user.set_password(form.cleaned_data["password_new"]) user.save() # required on Django >= 1.7 to keep the user authenticated if hasattr(auth, "update_session_auth_hash"): auth.update_session_auth_hash(self.request, user)
def settings(request): user_form = profile_form = password_form = None if request.method == "POST" and request.POST.get('form_type', None) == 'userProfile': user_form = UserEditingForm(data=request.POST, instance=request.user) profile_form = UserProfileEditingForm(data=request.POST, instance=request.user.userprofile) if user_form.is_valid() and profile_form.is_valid(): user_form.save() profile_form.save() messages.success(request, 'Параметры успешно сохранены') return HttpResponseRedirect(reverse('settings')) if request.method == "POST" and request.POST.get('form_type', None) == 'password': password_form = auth_forms.PasswordChangeForm(request.user, data=request.POST) if password_form.is_valid(): password_form.save() update_session_auth_hash(request, password_form.user) messages.success(request, 'Пароль успешно изменён') return HttpResponseRedirect(reverse('settings')) if not user_form or not profile_form: user_form = UserEditingForm(instance=request.user) profile_form = UserProfileEditingForm(instance=request.user.userprofile) if not password_form: password_form = auth_forms.PasswordChangeForm(request.user) return render(request, 'main/user/settings.html', { 'userForm': user_form, 'userProfileForm': profile_form, 'passwordForm': password_form, })
def perfil_change_password(request): """ Funcion que permite modificar el password del usuario actual. @type request: django.http.HttpRequest @param request: Contiene informacion sobre la peticion actual @type pk_usuario: string @param pk_usuario: id del usuario con password a modificar @rtype: django.http.HttpResponseRedirect @return: Renderiza perfil_password_change.html para obtener el formulario o redirecciona a la vista home del sistema. """ if request.method == 'POST': user_detail = get_object_or_404(User, pk=request.user.id) form = MyPasswordChangeForm(user_detail, request.POST) if form.is_valid(): new_user = form.save() update_session_auth_hash(request, user_detail) return HttpResponseRedirect(reverse( 'user_profile')) else: user_detail = get_object_or_404(User, pk=request.user.id) form = MyPasswordChangeForm(user_detail) return render(request, 'perfil_password_change.html', locals())
def change_password(request): context_dict = user_info(request) user = request.user if request.POST: print request.POST user_auth = authenticate(username=user, password=request.POST['current_password']) pass1 = request.POST['new_password'] pass2 = request.POST['new_password2'] if user_auth: if pass1 == pass2: user.set_password(pass1) user.save() update_session_auth_hash(request, user) return render(request, 'netdev/profile/confirm_password.html', context_dict) else: context_dict.update({'error2':True, 'pass':request.POST['current_password']}) else: if pass1 == pass2: context_dict.update({'error1':True, 'pass2':pass2}) else: context_dict.update({'error1':True, 'error2':True}) return render(request, 'netdev/profile/change_password.html', context_dict)
def change_password(request): if not password_management_enabled(): raise Http404 can_change_password = request.user.has_usable_password() if can_change_password: if request.method == 'POST': form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): form.save() update_session_auth_hash(request, form.user) messages.success(request, _("Your password has been changed successfully!")) return redirect('wagtailadmin_account') else: form = PasswordChangeForm(request.user) else: form = None return render(request, 'wagtailadmin/account/change_password.html', { 'form': form, 'can_change_password': can_change_password, })
def logout_on_password_change(request, user): # Since it is the default behavior of Django to invalidate all sessions on # password change, this function actually has to preserve the session when # logout isn't desired. if (update_session_auth_hash is not None and not app_settings.LOGOUT_ON_PASSWORD_CHANGE): update_session_auth_hash(request, user)
def password_change( request, template_name="registration/password_change_form.html", post_change_redirect=None, password_change_form=PasswordChangeForm, extra_context=None, ): warnings.warn( "The password_change() view is superseded by the " "class-based PasswordChangeView().", RemovedInDjango21Warning, stacklevel=2, ) if post_change_redirect is None: post_change_redirect = reverse("password_change_done") else: post_change_redirect = resolve_url(post_change_redirect) if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: form = password_change_form(user=request.user) context = {"form": form, "title": _("Password change")} if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def post(self, request, *args, **kwargs): if self.form.is_valid(): user = self.form.save() update_session_auth_hash(request, user) messages.success(request, _('The password has been updated.')) return redirect(reverse('users:password', args=[self.user.pk])) return self.render_to_response(self.get_context_data())
def password_change(request, template_name='registration/password_change_form.html', post_change_redirect=None, password_change_form=PasswordChangeForm, extra_context=None): if post_change_redirect is None: post_change_redirect = reverse('password_change_done') else: post_change_redirect = resolve_url(post_change_redirect) if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: form = password_change_form(user=request.user) context = { 'form': form, 'title': _('Password change'), } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def password_change(request, template_name='vnoiusers/password_change.html', post_change_redirect=None, password_change_form=PasswordChangeForm, current_app=None, extra_context=None): if post_change_redirect is None: post_change_redirect = reverse('user:password_change_done') else: post_change_redirect = resolve_url(post_change_redirect) if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: form = password_change_form(user=request.user) context = { 'form': form, } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context, current_app=current_app)
def form_valid(self, form): form.save() user = self.request.user user.backend = 'django.contrib.auth.backends.ModelBackend' update_session_auth_hash(request=self.request, user=user) messages.success(request=self.request, message=pgettext_lazy(context=self.request.user.get_gender(), message='Your new password has been saved.')) return super().form_valid(form)
def save(self, request, delete_session=False): notify_account_activity( self.user, request, 'password', password=self.user.password ) # Change the password password = self.cleaned_data["new_password1"] self.user.set_password(password) self.user.save(update_fields=['password']) # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, self.user) # Change key for current session request.session.cycle_key() # Invalidate password reset codes invalidate_reset_codes(self.user) if delete_session: request.session.flush() messages.success( request, _('Your password has been changed.') )
def form_valid(self, form): messages.success(self.request, _('Your changes have been saved.')) data = {} for k in form.changed_data: if k not in ('old_pw', 'new_pw_repeat'): if 'new_pw' == k: data['new_pw'] = True else: data[k] = form.cleaned_data[k] msgs = [] if 'new_pw' in form.changed_data: msgs.append(_('Your password has been changed.')) if 'email' in form.changed_data: msgs.append(_('Your email address has been changed to {email}.').format(email=form.cleaned_data['email'])) if msgs: self.request.user.send_security_notice(msgs, email=form.cleaned_data['email']) if self._old_email != form.cleaned_data['email']: self.request.user.send_security_notice(msgs, email=self._old_email) sup = super().form_valid(form) self.request.user.log_action('pretix.user.settings.changed', user=self.request.user, data=data) update_session_auth_hash(self.request, self.request.user) return sup
def configuracion_admin(request): editado = '' modificado = '' user = User.objects.get(email=request.user.email) userF = UserChangeForm(instance=user) modificarF = modificarContrasenaForm(user=user) notificaciones = Notificacion.objects.all().order_by('created_at')[:10].reverse() if request.POST: userF = UserChangeForm(request.POST, instance=user) modificarF = modificarContrasenaForm(user=request.user,data=request.POST) if userF.is_valid(): userF.save() editado = True elif modificarF.is_valid(): modificarF.save() update_session_auth_hash(request, modificadoF.user) modificado = True userF = UserChangeForm(instance=user) modificarF = modificarContrasenaForm(user=user) ctx={ 'UserChangeForm':userF, 'modificarContrasenaForm': modificarF, 'editado':editado, 'modificado':modificado, 'notificaciones':notificaciones, } return render_to_response('administrador/configuracion/configuracion.html', ctx, context_instance=RequestContext(request))
def update(self, instance, validated_data): instance.username = validated_data.get('username', instance.username) instance.first_name = validated_data.get('first_name', instance.first_name) instance.last_name = validated_data.get('last_name', instance.last_name) instance.save() password = validated_data.get('password', None) confirm_password = validated_data.get('confirm_password', None) if password and confirm_password and password == confirm_password: ''' This method explicitly sets the password and does not do so in plain text ''' instance.set_password(password) instance.save() ''' When a user's password is updated, their session authentication hash must be explicitly updated. If we don't do this here, the user will not be authenticated on their next request and will have to log in again.''' update_session_auth_hash(self.context.get('request'), instance) return instance
def edit_pw(request, acctypeid, userid): if request.POST: i = UserProfile.objects.get(acc_type_id=acctypeid, user_id=userid) form = ValidatingPasswordChangeForm(user=i, data=request.POST) #form = UserProfilePasswordForm(request.POST, instance=i) if form.is_valid(): #password = form.cleaned_data['password'] if request.user.acc_type_id == 1: parent_admin_id = request.user.parent_admin_id parent_agency_id = None elif request.user.acc_type_id == 2: parent_admin_id = request.user.parent_admin_id parent_agency_id = request.user.user_id elif request.user.acc_type_id == 3: parent_admin_id = request.user.parent_admin_id parent_agency_id = request.user.user_id form.save() update_session_auth_hash(request, form.user) return redirect('/account/list') else: return render(request, 'account_edit_pw.html', {'form': form, 'acctypeid': int(acctypeid), 'userid': int(userid)}) else: form = ValidatingPasswordChangeForm( user=UserProfile.objects.get(acc_type_id=acctypeid, user_id=userid) ) return render(request, 'account_edit_pw.html', {'form': form, 'acctypeid': int(acctypeid), 'userid': int(userid)})
def change_password(request): if not account.password_management_enabled(): raise Http404 user = request.user can_change_password = user.has_usable_password() if not can_change_password: form = None if request.POST: form = CFGOVPasswordChangeForm(user=user, data=request.POST) if form.is_valid(): form.save() update_session_auth_hash(request, form.user) messages.success(request, _("Your password has been changed successfully!")) return redirect('wagtailadmin_account') else: if '__all__' in form.errors: for error in form.errors['__all__']: messages.error(request, error) else: form = CFGOVPasswordChangeForm(user=request.user) return render(request, 'wagtailadmin/account/change_password.html', { 'form': form, 'can_change_password': can_change_password, })
def password_submit(request): from django.contrib.auth import update_session_auth_hash error_messages = [] tentative_password = request.POST['password'] repeat = request.POST['password_repeat'] if tentative_password != repeat: error_messages.append('Entered Passwords do not match.') try: change_password(request.user, tentative_password) update_session_auth_hash(request, request.user) except inventory.exceptions.InvalidPasswordError as error: message = error.message error_messages.append(message) if len(error_messages) == 0: error_messages = ['Password Successfully Reset.'] #Redirect to the profile page return profile_page(request, error_messages=error_messages)
def changepassword(request): params = {} try: user = hmod.User.objects.get(id=request.session['user_id']) except hmod.User.DoesNotExist: return HttpResponseRedirect('/homepage/login/') form = ChangePassword(request, initial={ 'old_password': '', 'password': '', 'confirm': '', }) if request.method == 'POST': form = ChangePassword(request, request.POST) if form.is_valid(): user.set_password(form.cleaned_data['password']) user.save() # form.save() update_session_auth_hash(request, user) request.session['user_id'] = user.id return HttpResponse(True) params['form'] = form return templater.render_to_response(request, 'account_changepassword.html', params)
def change_profile(request, username): if username != request.user.get_username(): return HttpResponseForbidden old_email = get_object_or_404(User, username=username).email profile_change_form = ProfileChangeForm(prefix='profile', initial={'email': old_email}) passwd_change_form = PasswordChangeForm(username, prefix='passwd') if request.method == 'POST': if any(['profile' in key for key in request.POST.keys()]): profile_change_form = ProfileChangeForm(request.POST, prefix='profile') if profile_change_form.is_valid(): user = request.user user.email = profile_change_form.cleaned_data['email'] user.save() if any(['passwd' in key for key in request.POST.keys()]): passwd_change_form = PasswordChangeForm(data=request.POST, user=request.user, prefix='passwd') if passwd_change_form.is_valid(): passwd_change_form.save() auth.update_session_auth_hash(request, passwd_change_form.user) return render(request, 'profile_change.html', {'form_profile': profile_change_form, 'form_passwd': passwd_change_form})
def password_change(request, template_name='registration/password_change_form.html', post_change_redirect=None, password_change_form=PasswordChangeForm, current_app=None, extra_context=None): if post_change_redirect is None: post_change_redirect = reverse('colab_edemocracia:profile') else: post_change_redirect = resolve_url(post_change_redirect) if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() messages.success(request, 'Senha alterada com sucesso!') # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. update_session_auth_hash(request, form.user) return HttpResponseRedirect(post_change_redirect) else: form = password_change_form(user=request.user) context = { 'form': form, 'title': 'Alterar senha', } if extra_context is not None: context.update(extra_context) if current_app is not None: request.current_app = current_app return TemplateResponse(request, template_name, context)
def password_change(request, template_name='registration/password_change_form.html', post_change_redirect=None, password_change_form=PasswordChangeForm, extra_context=None): if not request.is_ajax(): if post_change_redirect is None: post_change_redirect = reverse('password_change_done') else: post_change_redirect = resolve_url(post_change_redirect) if request.method == "POST": form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, form.user) # If we have an AJAX request then just return. if request.is_ajax(): return JsonResponse({}) return HttpResponseRedirect(post_change_redirect) elif request.is_ajax(): return JsonResponse(form.errors, status=400) elif request.is_ajax(): return JsonResponse({'__all__': ['only POST']}, status=400) else: form = password_change_form(user=request.user) context = { 'form': form, 'title': _('Password change'), } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def form_valid(self, form): form.save() if update_session_auth_hash is not None and not app_settings.LOGOUT_ON_PASSWORD_CHANGE: update_session_auth_hash(self.request, form.user) get_adapter().add_message(self.request, messages.SUCCESS, "account/messages/password_changed.txt") signals.password_changed.send(sender=self.request.user.__class__, request=self.request, user=self.request.user) return super(PasswordChangeView, self).form_valid(form)
def settings(request): context = {} user = request.user user_profile = UserProfile.objects.get(user=user) # errors = [] # context['errors'] = errors context['user'] = request.user context['user_profile'] = user_profile context['picture-src'] = '' initial_data = { 'redirect_name': 'stream', 'result_type': 'stream' } context['search_form'] = SearchForm(initial=initial_data) if request.method == 'GET': context['form'] = SetPasswordForm() return render(request, 'settings.html', context) form = SetPasswordForm(request.POST) context['form'] = form if not form.is_valid(): context['non_field_errors'] = form.non_field_errors() return render(request, 'settings.html', context) if not request.user.check_password(form.cleaned_data['password']): context['incorrect_password'] = "******" return render(request, 'settings.html', context) form.save(username=request.user.username) update_session_auth_hash(request, request.user) return render(request, 'home.html', context)
def change_password_page(request): state = '' if request.user.is_authenticated(): user = request.user if 'c_password' in request.POST and 'n_password' in request.POST: c_password = request.POST.get('c_password') n_password = request.POST.get('n_password') validate = _validate_password(n_password, user) auth_user = authenticate(username=user.username, password=c_password) if auth_user is not None and validate: u = User.objects.get(username=user.username) u.set_password(n_password) u.save() update_session_auth_hash(request, u) password_log = PasswordLog() password_log.user = u password_log.password = u.password password_log.save() state = 'password change success' else: state = 'wrong current password or \ entered a previously used password' variables = { 'state': state, } return render(request, 'myapp/change_password.html', context=variables)
def edit(request): try: user = ExtendedUser.objects.get(id=request.user.id) except ExtendedUser.DoesNotExist: raise Http404("User does not exist") if request.method == 'POST': user.first_name = request.POST['first_name'] user.last_name = request.POST['last_name'] user.url = request.POST['url'] user.biography = request.POST['biography'] user.email = request.POST['email'] # Verify old password if(user.check_password(request.POST['old_password'])): # Check if password are the same / validate if(passVerify(request)): # Change password user.set_password(request.POST['new_password1']) update_session_auth_hash(request, user) else: print('password diffrent or fields blank!') else: print('error') user.save() return render(request, 'account/edit.html', {'content': user})
def restore_session(self, user_id, request): return update_session_auth_hash(request, self.__user_entity.get_one_by_id(user_id))
def preferences(request): if request.method == "POST": form = PreferencesForm(request.POST) form.user = request.user if form.is_valid(): try: newdata = form.cleaned_data request.user.language = newdata["language"] if "theme" in newdata: request.user.theme = newdata["theme"] request.user.pagesize = newdata["pagesize"] if newdata["cur_password"]: request.user.set_password(newdata["new_password1"]) # Updating the password logs out all other sessions for the user # except the current one if # django.contrib.auth.middleware.SessionAuthenticationMiddleware # is enabled. update_session_auth_hash(request, form.user) request.user.save() # Switch to the new theme and language immediately if "theme" in newdata: request.theme = newdata["theme"] if newdata["language"] == "auto": newdata[ "language"] = translation.get_language_from_request( request) if translation.get_language() != newdata["language"]: translation.activate(newdata["language"]) request.LANGUAGE_CODE = translation.get_language() messages.add_message( request, messages.INFO, force_text(_("Successfully updated preferences")), ) except Exception as e: logger.error("Failure updating preferences: %s" % e) messages.add_message( request, messages.ERROR, force_text(_("Failure updating preferences")), ) else: pref = request.user form = PreferencesForm({ "language": pref.language, "theme": pref.theme, "pagesize": pref.pagesize }) LANGUAGE = User.languageList[0][1] for l in User.languageList: if l[0] == request.user.language: LANGUAGE = l[1] return render( request, "common/preferences.html", context={ "title": _("My preferences"), "form": form, "THEMES": settings.THEMES, "LANGUAGE": LANGUAGE, }, )
def user_change_password(self, request, id, form_url=''): if not self.has_change_permission(request): raise PermissionDenied user = self.get_object(request, unquote(id)) if user is None: raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % { 'name': self.model._meta.verbose_name, 'key': escape(id), }) if request.method == 'POST': form = self.change_password_form(user, request.POST) if form.is_valid(): form.save() change_message = self.construct_change_message(request, form, None) self.log_change(request, user, change_message) msg = gettext('Password changed successfully.') messages.success(request, msg) update_session_auth_hash(request, form.user) return HttpResponseRedirect( reverse( '%s:%s_%s_change' % ( self.admin_site.name, user._meta.app_label, user._meta.model_name, ), args=(user.pk,), ) ) else: form = self.change_password_form(user) fieldsets = [(None, {'fields': list(form.base_fields)})] adminForm = admin.helpers.AdminForm(form, fieldsets, {}) context = { 'title': _('Change password: %s') % escape(user.get_username()), 'adminForm': adminForm, 'form_url': form_url, 'form': form, 'is_popup': (IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET), 'add': True, 'change': False, 'has_delete_permission': False, 'has_change_permission': True, 'has_absolute_url': False, 'opts': self.model._meta, 'original': user, 'save_as': False, 'show_save': True, } context.update(self.admin_site.each_context(request)) request.current_app = self.admin_site.name return TemplateResponse( request, self.change_user_password_template or 'admin/auth/user/change_password.html', context, )
def post(self, request, **kwargs): """ Reset learner password using passed token and new credentials """ reset_status = False uidb36 = kwargs.get('uidb36') token = kwargs.get('token') has_required_values, uid_int = self._check_token_has_required_values( uidb36, token) if not has_required_values: AUDIT_LOG.exception("Invalid password reset confirm token") return Response({'reset_status': reset_status}) request.data._mutable = True # lint-amnesty, pylint: disable=protected-access request.data['new_password1'] = normalize_password( request.data['new_password1']) request.data['new_password2'] = normalize_password( request.data['new_password2']) password = request.data['new_password1'] try: user = User.objects.get(id=uid_int) if not default_token_generator.check_token(user, token): AUDIT_LOG.exception("Token validation failed") return Response({'reset_status': reset_status}) validate_password(password, user=user) form = SetPasswordForm(user, request.data) if form.is_valid(): form.save() reset_status = True if 'is_account_recovery' in request.GET: try: old_primary_email = user.email user.email = user.account_recovery.secondary_email user.account_recovery.delete() # emit an event that the user changed their secondary email to the primary email tracker.emit( SETTING_CHANGE_INITIATED, { "setting": "email", "old": old_primary_email, "new": user.email, "user_id": user.id, }) user.save() except ObjectDoesNotExist: err = 'Account recovery process initiated without AccountRecovery instance for user {username}' log.error(err.format(username=user.username)) # Handles clearing the failed login counter upon password reset. if LoginFailures.is_feature_enabled(): LoginFailures.clear_lockout_counter(user) send_password_reset_success_email(user, request) update_session_auth_hash(request, user) except ValidationError as err: AUDIT_LOG.exception("Password validation failed") error_status = { 'reset_status': reset_status, 'err_msg': ' '.join(err.messages) } return Response(error_status) except Exception: # pylint: disable=broad-except AUDIT_LOG.exception("Setting new password failed") return Response({'reset_status': reset_status})
def perform_update(self, serializer): instance = serializer.save() self.set_password_if_needed(instance, serializer) # if the user is updating their own password, ensure they don't get logged out if self.request.user == instance: update_session_auth_hash(self.request, instance)
def form_valid(self, form): form.save() messages.success(self.request, _('Your password has been successfully updated')) update_session_auth_hash(self.request, form.user) return super(UserPasswordUpdateView, self).form_valid(form)
def logout_on_password_change(request, user): # Since it is the default behavior of Django to invalidate all sessions on # password change, this function actually has to preserve the session when # logout isn't desired. if not app_settings.LOGOUT_ON_PASSWORD_CHANGE: update_session_auth_hash(request, user)
def user_change_password(self, request, id, form_url=""): # this method currently seems like dark magic user = self.get_object(request, unquote(id)) if not self.has_change_permission(request, user): raise PermissionDenied if user is None: raise Http404( _("%(name)s object with primary key %(key)r does not exist.") % { "name": self.model._meta.verbose_name, "key": escape(id), }) if request.method == "POST": form = self.change_password_form(user, request.POST) if form.is_valid(): form.save() change_message = self.construct_change_message( request, form, None) self.log_change(request, user, change_message) msg = gettext("Password changed successfully.") messages.success(request, msg) update_session_auth_hash(request, form.user) return HttpResponseRedirect( reverse( "%s:%s_%s_change" % ( self.admin_site.name, user._meta.app_label, user._meta.model_name, ), args=(user.pk, ), )) else: form = self.change_password_form(user) fieldsets = [(None, {"fields": list(form.base_fields)})] adminForm = admin.helpers.AdminForm(form, fieldsets, {}) context = { "title": _("Change password: %s") % escape(user.get_username()), "adminForm": adminForm, "form_url": form_url, "form": form, "is_popup": (IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET), "add": True, "change": False, "has_delete_permission": False, "has_change_permission": True, "has_absolute_url": False, "opts": self.model._meta, "original": user, "save_as": False, "show_save": True, **self.admin_site.each_context(request), } request.current_app = self.admin_site.name return TemplateResponse( request, self.change_user_password_template or "admin/auth/user/change_password.html", context, )
def get(self, request: HttpRequest) -> HttpResponse: """Save data in the current flow to the currently pending user. If no user is pending, a new user is created.""" if PLAN_CONTEXT_PROMPT not in self.executor.plan.context: message = _("No Pending data.") messages.error(request, message) LOGGER.debug(message) return self.executor.stage_invalid() data = self.executor.plan.context[PLAN_CONTEXT_PROMPT] user_created = False if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User() self.executor.plan.context[ PLAN_CONTEXT_AUTHENTICATION_BACKEND ] = class_to_path(ModelBackend) LOGGER.debug( "Created new user", flow_slug=self.executor.flow.slug, ) user_created = True user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] # Before we change anything, check if the user is the same as in the request # and we're updating a password. In that case we need to update the session hash # Also check that we're not currently impersonating, so we don't update the session should_update_seesion = False if ( any("password" in x for x in data.keys()) and self.request.user.pk == user.pk and SESSION_IMPERSONATE_USER not in self.request.session ): should_update_seesion = True for key, value in data.items(): setter_name = f"set_{key}" # Check if user has a setter for this key, like set_password if hasattr(user, setter_name): setter = getattr(user, setter_name) if callable(setter): setter(value) # User has this key already elif hasattr(user, key): setattr(user, key, value) # Otherwise we just save it as custom attribute, but only if the value is prefixed with # `attribute_`, to prevent accidentally saving values else: if not key.startswith("attribute_"): LOGGER.debug("discarding key", key=key) continue user.attributes[key.replace("attribute_", "", 1)] = value # Extra check to prevent flows from saving a user with a blank username if user.username == "": LOGGER.warning("Aborting write to empty username", user=user) return self.executor.stage_invalid() # Check if we're writing from a source, and save the source to the attributes if PLAN_CONTEXT_SOURCES_CONNECTION in self.executor.plan.context: if USER_ATTRIBUTE_SOURCES not in user.attributes or not isinstance( user.attributes.get(USER_ATTRIBUTE_SOURCES), list ): user.attributes[USER_ATTRIBUTE_SOURCES] = [] connection: UserSourceConnection = self.executor.plan.context[ PLAN_CONTEXT_SOURCES_CONNECTION ] user.attributes[USER_ATTRIBUTE_SOURCES].append(connection.source.name) user.save() user_write.send( sender=self, request=request, user=user, data=data, created=user_created ) # Check if the password has been updated, and update the session auth hash if should_update_seesion: update_session_auth_hash(self.request, user) LOGGER.debug("Updated session hash", user=user) LOGGER.debug( "Updated existing user", user=user, flow_slug=self.executor.flow.slug, ) return self.executor.stage_ok()
def editview(request, action): if request.user.is_authenticated(): request_data = None context = {} if request.method == 'POST': request_data = request.POST if action == 'password': form = PasswordChangeForm(user=request.user, data=request_data) context = {'form': form, 'action': 'Change password', 'edition': True} elif action == 'settings': tz = 'UTC' if hasattr(request.user, 'sciriususer'): tz = request.user.sciriususer.timezone initial = {'timezone': tz} if request.user.is_superuser: form = UserSettingsForm(request_data, instance=request.user, initial=initial) else: form = NormalUserSettingsForm(request_data, instance=request.user, initial=initial) context = {'form': form, 'action': 'Edit settings for ' + request.user.username, 'edition': True} elif action == 'token': initial = {} token = Token.objects.filter(user=request.user) if len(token): initial['token'] = token[0] form = TokenForm(request_data, initial=initial) context = {'form': form, 'action': 'User token', 'edition': True} else: context = {'action': 'User settings', 'edition': False} if request.method == 'POST': orig_superuser = request.user.is_superuser orig_staff = request.user.is_staff if form.is_valid(): if action == 'token': current_tokens = Token.objects.filter(user=request.user) for token in current_tokens: token.delete() Token.objects.create(user=request.user) UserAction.create( action_type='edit_user_token', comment=form.cleaned_data['comment'], user=request.user, other_user=request.user ) return redirect('accounts_edit', action='token') context['edition'] = False context['action'] = 'User settings' ruser = form.save(commit = False) if not orig_superuser: ruser.is_superuser = False ruser.is_staff = orig_staff ruser.save() if action == 'password': update_session_auth_hash(request, ruser) UserAction.create( action_type='edit_user_password', comment=form.cleaned_data['comment'], user=request.user, other_user=request.user ) if action == 'settings': try: sciriususer = ruser.sciriususer sciriususer.timezone = form.cleaned_data['timezone'] except: sciriususer = SciriusUser.objects.create(user = ruser, timezone = form.cleaned_data['timezone']) UserAction.create( action_type='edit_user', comment=form.cleaned_data['comment'], user=request.user, other_user=request.user ) sciriususer.save() return scirius_render(request, 'accounts/edit.html', context)
def save(self): self.set_password_form.save() if VERSION[1] > 6 and not self.logout_on_password_change: from django.contrib.auth import update_session_auth_hash update_session_auth_hash(self.request, self.user)
def form_valid(self, form): form.save() update_session_auth_hash(self.request, form.user) return super(ChangePasswordView, self).form_valid(form)
def password_reset_key_confirm(request, uid, token): if request.method == "GET": try: user_password_reset_token = UserPasswordResetToken.objects.get(uid=uid, token=token) except UserPasswordResetToken.DoesNotExist: clue = {'message': texts.KEY_UNAVAILABLE} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) if user_password_reset_token is None \ or ((now() - user_password_reset_token.created) > timedelta(seconds=60 * 10)) \ or not (UserPasswordResetToken.objects.filter( user_primary_email=user_password_reset_token.user_primary_email ).last() == user_password_reset_token): clue = {'message': texts.KEY_EXPIRED} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) try: uid = force_text(urlsafe_base64_decode(uid)) user = User.objects.get(pk=uid) user_primary_email = user_password_reset_token.user_primary_email except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None user_primary_email = None if user is None or user_primary_email is None: clue = {'message': texts.KEY_EXPIRED} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) # 이러면 비밀번호 새로 입력할 창을 준다. form = PasswordResetConfirmForm() return render(request, 'authapp/password_reset_key_confirmed_and_reset.html', {'form': form}) # 여기선 새 패스워드 값을 받아서 처리한다. elif request.method == "POST": form = PasswordResetConfirmForm(request.POST) if form.is_valid(): new_password = form.cleaned_data['password'] new_password_confirm = form.cleaned_data['password_confirm'] try: with transaction.atomic(): try: user_password_reset_token = UserPasswordResetToken.objects.get(uid=uid, token=token) except UserPasswordResetToken.DoesNotExist: clue = {'message': texts.KEY_UNAVAILABLE} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) if user_password_reset_token is None \ or ((now() - user_password_reset_token.created) > timedelta(seconds=60 * 10)) \ or not (UserPasswordResetToken.objects.filter( user_primary_email=user_password_reset_token.user_primary_email ).last() == user_password_reset_token): clue = {'message': texts.KEY_EXPIRED} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) try: uid = force_text(urlsafe_base64_decode(uid)) user = User.objects.get(pk=uid) user_primary_email = user_password_reset_token.user_primary_email except (TypeError, ValueError, OverflowError, User.DoesNotExist): user = None user_primary_email = None if user is None or user_primary_email is None: clue = {'message': texts.KEY_EXPIRED} return render(request, 'authapp/password_reset_key_confirm_error.html', {'clue': clue}) password_failure = password_failure_validate(user.userusername.username, new_password, new_password_confirm) if password_failure: clue_message = None if password_failure is 1: clue_message = texts.PASSWORD_NOT_THE_SAME elif password_failure is 2: clue_message = texts.PASSWORD_LENGTH_PROBLEM elif password_failure is 3: clue_message = texts.PASSWORD_EQUAL_USERNAME elif password_failure is 4: clue_message = texts.PASSWORD_BANNED return render_with_clue_one_form(request, 'authapp/password_reset_key_confirmed_and_reset.html', clue_message, PasswordResetConfirmForm()) user.set_password(new_password) user.save() user_primary_email.is_permitted = True user_primary_email.save() update_session_auth_hash(request, user) return render(request, 'authapp/password_reset_completed.html') except Exception: return render_with_clue_one_form(request, 'authapp/password_reset_key_confirm_error.html', texts.UNEXPECTED_ERROR, PasswordChangeForm())
def manageuseraction(request, user_id, action): user = get_object_or_404(User, pk=user_id) context = {'action': 'User actions', 'user': user} if request.method == 'POST': if not request.user.is_superuser: context['error'] = 'Unsufficient permissions' return scirius_render(request, 'accounts/user.html', context) if action == "edit": form = UserSettingsForm(request.POST, instance = user) if form.is_valid(): form.save() try: sciriususer = user.sciriususer sciriususer.timezone = form.cleaned_data['timezone'] except: sciriususer = SciriusUser.objects.create(user = user, timezone = form.cleaned_data['timezone']) sciriususer.save() UserAction.create( action_type='edit_user', comment=form.cleaned_data['comment'], user=request.user, other_user=user ) else: context['error'] = 'Edition form is not valid' context['form'] = form elif action == 'password': form = PasswordForm(request.POST) if form.is_valid(): user.set_password(form.cleaned_data['password']) user.save() if user == request.user: # If the user change his own password prevent the session to be invalidated update_session_auth_hash(request, user) UserAction.create( action_type='edit_user_password', comment=form.cleaned_data['comment'], user=request.user, other_user=user ) else: context['error'] = 'Password form is not valid' elif action == "delete": form = DeleteForm(request.POST) if form.is_valid(): if request.POST.__contains__('confirm'): user.delete() UserAction.create( action_type='delete_user', comment=form.cleaned_data['comment'], user=request.user, old_user=user ) return redirect('/accounts/manage/') else: context['error'] = 'Delete form is not valid' return scirius_render(request, 'accounts/user.html', context) if not request.user.is_superuser: context['error'] = 'Unsufficient permissions' context['user'] = get_object_or_404(User, pk=request.user.pk) return scirius_render(request, 'accounts/user.html', context) if action == "activate": user.is_active = True user.save() context['current_action'] = 'Activate user %s' % user.username elif action == "deactivate": user.is_active = False user.save() context['current_action'] = 'Deactivate user %s' % user.username elif action == "edit": form = UserSettingsForm(instance = user) try: form.initial['timezone'] = user.sciriususer.timezone except: pass context['form'] = form context['current_action'] = 'Edit user %s' % user.username return scirius_render(request, 'accounts/user.html', context) elif action == "password": form = PasswordForm() context['form'] = form context['current_action'] = 'Edit password for user %s' % user.username return scirius_render(request, 'accounts/user.html', context) elif action == "delete": form = DeleteForm() context = {'confirm_action': 'Delete user', 'user': user, 'action': 'delete', 'form': form} return scirius_render(request, 'accounts/user.html', context) context['current_action'] = 'User %s' % user.username return scirius_render(request, 'accounts/user.html', context)
def form_valid(self, form): response = super().form_valid(form) update_session_auth_hash(self.request, self.request.user) return response
def settings_page(request): if not request.user.is_authenticated: return redirect("Main:home_page") if request.method == "POST": user_profile = request.user.user_profile if "bio" in list(request.POST.keys()): user_profile.bio = request.POST["bio"] user_profile.save() messages.success(request, "Your biography has been successfully updated.") elif "avatar" in list(request.FILES.keys()): user_profile.avatar = request.FILES["avatar"] user_profile.save() messages.success(request, "Your avatar has been successfully updated.") elif "banner" in list(request.FILES.keys()): user_profile.banner = request.FILES["banner"] user_profile.save() messages.success(request, "Your banner has been successfully updated.") else: form = UserEditForm(request.POST, instance=request.user) if form.is_valid(): form.save() update_session_auth_hash(request, form.user) messages.success(request, "Your account information has been successfully updated.") else: # messages.error(request, "An error has occurred while trying to save your account information.") errors = json.loads(form.errors.as_json()) for msg in errors: error_msg = errors[msg][0]["message"] if errors[msg][0]["code"] != "": error_msg = errors[msg][0]["code"].upper() + ": " + error_msg messages.error(request, error_msg) data = { "msg": render_to_string( "static_html/messages.html", { "messages": messages.get_messages(request), }, ) } response = HttpResponse( json.dumps(data), content_type="application/json", ) response.status_code = 218 return response data = { "msg": render_to_string( "static_html/messages.html", { "messages": messages.get_messages(request), }, ), "settings": render_to_string( "settings.html", request=request ) } response = HttpResponse( json.dumps(data), content_type="application/json", ) response.status_code = 200 return response form = UserEditForm(instance=request.user) return render(request, "settings.html", context={"form": form})
def user_info(request): #user is the user you are loged in with user = request.user #args is the arguments that are sent to the template args = {} #checks if the user is loged inn if user.is_authenticated: #if the user clicks the submit button a POST request is sent if request.method == 'POST': #if the post request was from the update button if "update_info" in request.POST: #get the form from the post request form = UpdateUser(request.POST) #if the form is valid go into the if statement if form.is_valid(): username = request.POST.get('username', '') emailAddress = request.POST.get('email', '') first_name = request.POST.get('first_name', '') last_name = request.POST.get('last_name', '') #only update the fields that are not empty if username != '': #set user.username to the post we got user.username = username #only update the fields that are not empty if emailAddress != '': #set user.email to the post we got user.email = emailAddress if first_name != '': #set user.first_name to the post we got user.first_name = first_name if last_name != '': #set user.last_name to the post we got user.last_name = last_name #save the new userinfo user.save() #rederect to the same page but now with updated info return HttpResponseRedirect('../edit') else: #if the update button wasn't clicked, set the form empty form = UpdateUser() #if the post request was from the change password button if "change_password" in request.POST: #set change_password_form to the Password cahnge form and send the usr as a parameter #so it knows witch user who want to change password change_password_form = PasswordChangeForm(user, request.POST) if change_password_form.is_valid(): change_password_form.save() update_session_auth_hash(request, user) return HttpResponseRedirect('../edit') else: #if the update button wasn't clicked, set the form empty change_password_form = PasswordChangeForm(user) args['form'] = form args['change_password_form'] = change_password_form else: args['form'] = UpdateUser() args['change_password_form'] = PasswordChangeForm(user) return render(request, 'user/user.html', args) else: args['user'] = '' return render(request, 'user/user.html', args)
def form_valid(self, form): user = form.save() update_session_auth_hash(self.request, user) return HttpResponseRedirect(self.get_success_url())
def login_view(request): """ It handles login methods, return game master page if details are correct, also allows signup and change password requests :param request: :return: Return game master page if login details are correct, allows create user and change passwords """ """handle log in methods - button presses, handling user events, handling the database""" # if sign up button pressed if request.method == 'POST' and 'submit-signUp' in request.POST: newUsername = request.POST['username'] newPassword = request.POST['password'] # check if username is used u = auth_user.objects.get(username=newUsername) if u is not None: messages.error(request, 'Username already in use') return render(request, 'app/signUp_page.html') # if u is not None: # if the user does not already exist # set new user print("making new user") # if they are a superuser if 'superuser' in request.POST: newUser = auth_user.objects.create_user(username=newUsername, password=newPassword, is_superuser=True) else: newUser = auth_user.objects.create_user(username=newUsername, password=newPassword, is_superuser=False) # save the user in the database newUser.save() # log user in login(request, newUser) messages.success(request, 'Successfully made new user') return render(request, 'app/game_master_page.html') # else: # print("User already exists") # messages.error(request, 'Username already exists') # return render(request, 'app/game_master_page.html') # if the submit button is pressed if request.method == 'POST' and 'submit-logIn' in request.POST: username = request.POST['username'] password = request.POST['password'] # authenticate that the username and password are correct user = authenticate(username=username, password=password) # if the user exists if user is not None: # log them in login(request, user) print("logged in") messages.success(request, 'log in success') route_list = Routes.objects.all() questions = Questions.objects.all() games = Gamecode.objects.all() game_master_page(request) return render(request, 'app/game_master_page.html', { "route_list": route_list, "questions": questions, "games": games }) else: # report error print("log in failure") messages.error(request, 'log in failure') return render(request, 'app/login_page.html') # if the change password button is pressed if request.method == 'POST' and 'submit-changePass' in request.POST: # oldPass = request.POST['oldPass'] # retreive the data newPass = request.POST['newPass'] valPass = request.POST['valPass'] # retrieve the current user user = request.user if user is not None: # check the passwords match if newPass == valPass: # set the new password and save to database user.set_password(newPass) user.save() update_session_auth_hash(request, user) messages.success(request, 'password changed') return render(request, 'app/manage_account.html') else: messages.error(request, 'passwords did not match') return render(request, 'app/manage_account.html') else: # report errors print("log in failure") messages.error(request, 'log in failure') return render(request, 'app/login_page.html') if request.method == "POST" and 'submit-deleteAcc' in request.POST: user = request.user user.is_active = False user.save() messages.success(request, 'Account successfully deactivated') return render(request, 'app/login_page.html') print("did not get username or password") messages.error(request, 'did not get username or password') return render(request, 'app/login_page.html')
def personal_data(request): context = dict() context['messages'] = messages.get_messages(request) if request.method == "POST" and 'profile_changes' in request.POST: form = UserInfoForm(data=request.POST) if form.is_valid(): request.user.first_name = form.data['first_name'] request.user.last_name = form.data['last_name'] if request.user.username != form.data['email']: messages.add_message( request, messages.INFO, u'Внимание! логин изменен на %s' % (form.data['email'], ) ) request.user.username = form.data['email'] request.user.save() messages.add_message( request, messages.INFO, u'Изменения сохранены' ) return redirect('cabinet_personal_data') elif request.method == "POST" and 'password_change' in request.POST: old_password = request.POST.get('old_password') new_password = request.POST.get('new_password') confirm_new_password = request.POST.get('confirm_new_password') if not request.user.check_password(old_password): messages.add_message( request, messages.INFO, u'Неверно введен текущий пароль' ) return redirect('cabinet_personal_data') if new_password != confirm_new_password: messages.add_message( request, messages.INFO, u'Введенные пароли не совпадают' ) return redirect('cabinet_personal_data') request.user.set_password(new_password) request.user.save() update_session_auth_hash(request, request.user) messages.add_message( request, messages.INFO, u'Пароль изменен' ) return redirect('cabinet_personal_data') else: init_values = { 'first_name': request.user.first_name, 'last_name': request.user.last_name, 'email': request.user.username, 'password': '******', } form = UserInfoForm(initial=init_values) context = {'form': form, 'masked_password': '******'} return render(request, 'delivery_tracker/personal_data.html', context)
def logout_on_password_change(request, user): if update_session_auth_hash is not None and not settings.LOGOUT_ON_PASSWORD_CHANGE: update_session_auth_hash(request, user)
def save(self): self.set_password_form.save() update_session_auth_hash(self.request, self.user)
def change_password(self, form): user = super(ChangePasswordView, self).change_password(form) # required on Django >= 1.7 to keep the user authenticated if hasattr(auth, "update_session_auth_hash"): auth.update_session_auth_hash(self.request, user)
def form_valid(self, form): response = super(UserChangePassword, self).form_valid(form) update_session_auth_hash(self.request, self.request.user) return response
def teacher_edit_account(request): teacher = request.user.new_teacher backup_tokens = 0 # For teachers using 2FA, find out how many backup tokens they have if using_two_factor(request.user): try: backup_tokens = request.user.staticdevice_set.all( )[0].token_set.count() except Exception: backup_tokens = 0 if request.method == 'POST': form = TeacherEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email = False # check not default value for CharField if (data['password'] != ''): teacher.new_user.set_password(data['password']) teacher.new_user.save() update_session_auth_hash(request, form.user) teacher.title = data['title'] teacher.new_user.first_name = data['first_name'] teacher.new_user.last_name = data['last_name'] new_email = data['email'] if new_email != '' and new_email != teacher.new_user.email: # new email to set and verify changing_email = True send_verification_email(request, teacher.new_user, new_email) teacher.save() teacher.new_user.save() if changing_email: logout(request) messages.success( request, 'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.' ) return render(request, 'portal/email_verification_needed.html', { 'userprofile': teacher.user, 'email': new_email }) messages.success( request, 'Your account details have been successfully changed.') return HttpResponseRedirect(reverse_lazy('teacher_home')) else: form = TeacherEditAccountForm(request.user, initial={ 'title': teacher.title, 'first_name': teacher.new_user.first_name, 'last_name': teacher.new_user.last_name, 'school': teacher.school, }) return render(request, 'portal/teach/teacher_edit_account.html', { 'form': form, 'backup_tokens': backup_tokens })
def form_valid(self, form): form.save() update_session_auth_hash(self, request, form.user) return super(SettingView, self).form_valid(form)
def form_valid(self, form): form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(self.request, form.user) return super().form_valid(form)
def password_change(request, id): if request.method == 'POST': current_user = User.objects.get(id=id) password_form = PasswordChangeForm(data=request.POST, user=current_user) if password_form.is_valid(): password_form.save() messages.success(request, 'Password change successfully!') update_session_auth_hash(request, password_form.user) return redirect('profile') else: messages.warning(request, 'Try again!') if current_user.is_depthead: profile_value = Depthead.objects.get(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } elif current_user.is_teacher: profile_value = Teacher.objects.get(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } else: profile_value = Student.objects.get(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } return render(request, 'profile.html', context) else: current_user = User.objects.get(id=id) if current_user.is_depthead: profile_value = Depthead.objects.get(user=current_user) password_form = PasswordChangeForm(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } elif current_user.is_teacher: profile_value = Teacher.objects.get(user=current_user) password_form = PasswordChangeForm(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } elif current_user.is_student: profile_value = Student.objects.get(user=current_user) password_form = PasswordChangeForm(user=current_user) val = 'password_change' context = { 'password_form': password_form, 'profile_value': profile_value, 'val': val, } return render(request, 'profile.html', context)
def json_change_settings( request: HttpRequest, user_profile: UserProfile, full_name: str = REQ(default=""), email: str = REQ(default=""), old_password: str = REQ(default=""), new_password: str = REQ(default="") ) -> HttpResponse: if not (full_name or new_password or email): return json_error(_("Please fill out all fields.")) if new_password != "": return_data = {} # type: Dict[str, Any] if email_belongs_to_ldap(user_profile.realm, user_profile.delivery_email): return json_error(_("Your Zulip password is managed in LDAP")) if not authenticate(username=user_profile.delivery_email, password=old_password, realm=user_profile.realm, return_data=return_data): return json_error(_("Wrong password!")) if not check_password_strength(new_password): return json_error(_("New password is too weak!")) do_change_password(user_profile, new_password) # In Django 1.10, password changes invalidates sessions, see # https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change # for details. To avoid this logging the user out of their own # session (which would provide a confusing UX at best), we # update the session hash here. update_session_auth_hash(request, user_profile) # We also save the session to the DB immediately to mitigate # race conditions. In theory, there is still a race condition # and to completely avoid it we will have to use some kind of # mutex lock in `django.contrib.auth.get_user` where session # is verified. To make that lock work we will have to control # the AuthenticationMiddleware which is currently controlled # by Django, request.session.save() result = {} # type: Dict[str, Any] new_email = email.strip() if user_profile.delivery_email != new_email and new_email != '': if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin: return json_error( _("Email address changes are disabled in this organization.")) error, skipped = validate_email(user_profile, new_email) if error: return json_error(error) if skipped: return json_error(skipped) do_start_email_change_process(user_profile, new_email) result['account_email'] = _( "Check your email for a confirmation link. ") if user_profile.full_name != full_name and full_name.strip() != "": if name_changes_disabled( user_profile.realm) and not user_profile.is_realm_admin: # Failingly silently is fine -- they can't do it through the UI, so # they'd have to be trying to break the rules. pass else: # Note that check_change_full_name strips the passed name automatically result['full_name'] = check_change_full_name( user_profile, full_name, user_profile) return json_success(result)
def form_valid(self, form): response = super().form_valid(form=form) update_session_auth_hash(request=self.request, user=form.instance) return response