def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
form.save(request)
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
'accounts/password.html',
{
'title': _('Change password'),
'change_form': change_form,
'form': form,
}
)
def reset_password_set(request):
"""Perform actual password reset."""
user = User.objects.get(pk=request.session['perform_reset'])
if user.has_usable_password():
request.session.flush()
request.session.set_expiry(None)
messages.error(
request,
_('Password reset has been already completed!')
)
return redirect('login')
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
request.session.set_expiry(None)
form.save(request, delete_session=True)
return redirect('login')
else:
form = SetPasswordForm(user)
return render(
request,
'accounts/reset.html',
{
'title': _('Password reset'),
'form': form,
'captcha_form': None,
'second_stage': True,
}
)
def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
user = form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, user)
# Change key for current session
request.session.cycle_key()
messages.success(
request,
_('Your password has been changed.')
)
notify_account_activity(request.user, request, 'password')
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
'accounts/password.html',
{
'title': _('Change password'),
'change_form': change_form,
'form': form,
}
)
def reset_password_set(request):
"""Perform actual password reset."""
user = User.objects.get(pk=request.session['perform_reset'])
if user.has_usable_password():
request.session.flush()
request.session.set_expiry(None)
messages.error(request,
_('Password reset has been already completed!'))
return redirect('login')
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
request.session.set_expiry(None)
form.save(request, delete_session=True)
return redirect('login')
else:
form = SetPasswordForm(user)
return render(
request,
'accounts/reset.html',
{
'title': _('Password reset'),
'form': form,
'captcha_form': None,
'second_stage': True,
},
)
def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#account'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
form.save(request)
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
'accounts/password.html',
{
'title': _('Change password'),
'change_form': change_form,
'form': form
},
)
def reset_password_set(request):
"""Perform actual password reset."""
user = User.objects.get(pk=request.session["perform_reset"])
if user.has_usable_password():
request.session.flush()
request.session.set_expiry(None)
messages.error(request,
_("Password reset has been already completed."))
return redirect("login")
if request.method == "POST":
form = SetPasswordForm(user, request.POST)
if form.is_valid():
request.session.set_expiry(None)
form.save(request, delete_session=True)
return redirect("login")
else:
form = SetPasswordForm(user)
return render(
request,
"accounts/reset.html",
{
"title": _("Password reset"),
"form": form,
"captcha_form": None,
"second_stage": True,
},
)
def password(request):
"""Password change / set form."""
do_change = False
if request.method == "POST":
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == "POST":
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = "#account"
if "show_set_password" in request.session:
del request.session["show_set_password"]
redirect_page = ""
# Change the password
form.save(request)
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
"accounts/password.html",
{
"title": _("Change password"),
"change_form": change_form,
"form": form
},
)
def password(request):
"""Password change / set form."""
do_change = True
change_form = None
usable = request.user.has_usable_password()
if "email" not in get_auth_keys() and not usable:
messages.error(
request,
_("Cannot reset password, e-mail authentication is turned off."))
return redirect("profile")
if usable:
if request.method == "POST":
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
do_change = False
if request.method == "POST":
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = "#account"
if "show_set_password" in request.session:
del request.session["show_set_password"]
redirect_page = ""
# Change the password
form.save(request)
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
"accounts/password.html",
{
"title": _("Change password"),
"change_form": change_form,
"form": form
},
)
def reset_password_set(request):
"""Perform actual password reset."""
user = User.objects.get(pk=request.session['perform_reset'])
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
del request.session['perform_reset']
form.save(request)
request.session.create()
return redirect('login')
else:
form = SetPasswordForm(user)
return render(
request, 'accounts/reset.html', {
'title': _('Password reset'),
'form': form,
'captcha_form': None,
'second_stage': True,
})
def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
user = form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, user)
# Change key for current session
request.session.cycle_key()
messages.success(request, _('Your password has been changed.'))
notify_account_activity(request.user, request, 'password')
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(request, 'accounts/password.html', {
'title': _('Change password'),
'change_form': change_form,
'form': form,
})
def password(request):
"""Password change / set form."""
if settings.DEMO_SERVER and request.user.username == 'demo':
return deny_demo(request)
do_change = False
attempts = request.session.get('auth_attempts', 0)
if not request.user.has_usable_password():
do_change = True
change_form = None
elif request.method == 'POST':
if attempts >= settings.AUTH_MAX_ATTEMPTS:
logout(request)
messages.error(request, _('Too many authentication attempts!'))
return redirect('login')
else:
change_form = PasswordChangeForm(request.POST)
if change_form.is_valid():
cur_password = change_form.cleaned_data['password']
do_change = request.user.check_password(cur_password)
if not do_change:
request.session['auth_attempts'] = attempts + 1
messages.error(request,
_('You have entered an invalid password.'))
rotate_token(request)
else:
request.session['auth_attempts'] = 0
else:
change_form = PasswordChangeForm()
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
user = form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, user)
# Change key for current session
request.session.cycle_key()
messages.success(request, _('Your password has been changed.'))
notify_account_activity(request.user, request, 'password')
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(request, 'accounts/password.html', {
'title': _('Change password'),
'change_form': change_form,
'form': form,
})