def password(request): """Password change / set form.""" do_change = False if request.method == 'POST': change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) if request.method == 'POST': form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = '#auth' if 'show_set_password' in request.session: del request.session['show_set_password'] redirect_page = '' # Change the password form.save(request) return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render( request, 'accounts/password.html', { 'title': _('Change password'), 'change_form': change_form, 'form': form, } )
def reset_password_set(request): """Perform actual password reset.""" user = User.objects.get(pk=request.session['perform_reset']) if user.has_usable_password(): request.session.flush() request.session.set_expiry(None) messages.error( request, _('Password reset has been already completed!') ) return redirect('login') if request.method == 'POST': form = SetPasswordForm(user, request.POST) if form.is_valid(): request.session.set_expiry(None) form.save(request, delete_session=True) return redirect('login') else: form = SetPasswordForm(user) return render( request, 'accounts/reset.html', { 'title': _('Password reset'), 'form': form, 'captcha_form': None, 'second_stage': True, } )
def password(request): """Password change / set form.""" do_change = False if request.method == 'POST': change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) if request.method == 'POST': form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = '#auth' if 'show_set_password' in request.session: del request.session['show_set_password'] redirect_page = '' # Change the password user = form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, user) # Change key for current session request.session.cycle_key() messages.success( request, _('Your password has been changed.') ) notify_account_activity(request.user, request, 'password') return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render( request, 'accounts/password.html', { 'title': _('Change password'), 'change_form': change_form, 'form': form, } )
def reset_password_set(request): """Perform actual password reset.""" user = User.objects.get(pk=request.session['perform_reset']) if user.has_usable_password(): request.session.flush() request.session.set_expiry(None) messages.error(request, _('Password reset has been already completed!')) return redirect('login') if request.method == 'POST': form = SetPasswordForm(user, request.POST) if form.is_valid(): request.session.set_expiry(None) form.save(request, delete_session=True) return redirect('login') else: form = SetPasswordForm(user) return render( request, 'accounts/reset.html', { 'title': _('Password reset'), 'form': form, 'captcha_form': None, 'second_stage': True, }, )
def password(request): """Password change / set form.""" do_change = False if request.method == 'POST': change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) if request.method == 'POST': form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = '#account' if 'show_set_password' in request.session: del request.session['show_set_password'] redirect_page = '' # Change the password form.save(request) return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render( request, 'accounts/password.html', { 'title': _('Change password'), 'change_form': change_form, 'form': form }, )
def reset_password_set(request): """Perform actual password reset.""" user = User.objects.get(pk=request.session["perform_reset"]) if user.has_usable_password(): request.session.flush() request.session.set_expiry(None) messages.error(request, _("Password reset has been already completed.")) return redirect("login") if request.method == "POST": form = SetPasswordForm(user, request.POST) if form.is_valid(): request.session.set_expiry(None) form.save(request, delete_session=True) return redirect("login") else: form = SetPasswordForm(user) return render( request, "accounts/reset.html", { "title": _("Password reset"), "form": form, "captcha_form": None, "second_stage": True, }, )
def password(request): """Password change / set form.""" do_change = False if request.method == "POST": change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) if request.method == "POST": form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = "#account" if "show_set_password" in request.session: del request.session["show_set_password"] redirect_page = "" # Change the password form.save(request) return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render( request, "accounts/password.html", { "title": _("Change password"), "change_form": change_form, "form": form }, )
def password(request): """Password change / set form.""" do_change = True change_form = None usable = request.user.has_usable_password() if "email" not in get_auth_keys() and not usable: messages.error( request, _("Cannot reset password, e-mail authentication is turned off.")) return redirect("profile") if usable: if request.method == "POST": change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) do_change = False if request.method == "POST": form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = "#account" if "show_set_password" in request.session: del request.session["show_set_password"] redirect_page = "" # Change the password form.save(request) return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render( request, "accounts/password.html", { "title": _("Change password"), "change_form": change_form, "form": form }, )
def reset_password_set(request): """Perform actual password reset.""" user = User.objects.get(pk=request.session['perform_reset']) if request.method == 'POST': form = SetPasswordForm(user, request.POST) if form.is_valid(): del request.session['perform_reset'] form.save(request) request.session.create() return redirect('login') else: form = SetPasswordForm(user) return render( request, 'accounts/reset.html', { 'title': _('Password reset'), 'form': form, 'captcha_form': None, 'second_stage': True, })
def password(request): """Password change / set form.""" do_change = False if request.method == 'POST': change_form = PasswordConfirmForm(request, request.POST) do_change = change_form.is_valid() else: change_form = PasswordConfirmForm(request) if request.method == 'POST': form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = '#auth' if 'show_set_password' in request.session: del request.session['show_set_password'] redirect_page = '' # Change the password user = form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, user) # Change key for current session request.session.cycle_key() messages.success(request, _('Your password has been changed.')) notify_account_activity(request.user, request, 'password') return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render(request, 'accounts/password.html', { 'title': _('Change password'), 'change_form': change_form, 'form': form, })
def password(request): """Password change / set form.""" if settings.DEMO_SERVER and request.user.username == 'demo': return deny_demo(request) do_change = False attempts = request.session.get('auth_attempts', 0) if not request.user.has_usable_password(): do_change = True change_form = None elif request.method == 'POST': if attempts >= settings.AUTH_MAX_ATTEMPTS: logout(request) messages.error(request, _('Too many authentication attempts!')) return redirect('login') else: change_form = PasswordChangeForm(request.POST) if change_form.is_valid(): cur_password = change_form.cleaned_data['password'] do_change = request.user.check_password(cur_password) if not do_change: request.session['auth_attempts'] = attempts + 1 messages.error(request, _('You have entered an invalid password.')) rotate_token(request) else: request.session['auth_attempts'] = 0 else: change_form = PasswordChangeForm() if request.method == 'POST': form = SetPasswordForm(request.user, request.POST) if form.is_valid() and do_change: # Clear flag forcing user to set password redirect_page = '#auth' if 'show_set_password' in request.session: del request.session['show_set_password'] redirect_page = '' # Change the password user = form.save() # Updating the password logs out all other sessions for the user # except the current one. update_session_auth_hash(request, user) # Change key for current session request.session.cycle_key() messages.success(request, _('Your password has been changed.')) notify_account_activity(request.user, request, 'password') return redirect_profile(redirect_page) else: form = SetPasswordForm(request.user) return render(request, 'accounts/password.html', { 'title': _('Change password'), 'change_form': change_form, 'form': form, })