def user_change_password(request, userid):
if not userid:
userid = request.user.id
# only admin can change the password for someone else
if request.user.id != userid and request.user.profile.role != Profile.ACCESS_ADMIN:
messages.error(request, 'Something went wrong.')
return HttpResponse("Something went wrong.")
qs = User.objects.filter(id=userid)
if qs.count() < 1:
return HttpResponse("No such user")
the_user = qs.get()
if request.method == 'POST':
form = AdminPasswordChangeForm(the_user, request.POST)
if form.is_valid():
form.save()
messages.success(
request, f'Password for "{the_user.username}" {the_user.get_full_name()} ' +
'was successfully updated.')
if request.user == the_user:
return redirect('sis:profile')
else:
return redirect(reverse('schooladmin:user', args=[userid]))
else:
messages.error(request, 'Please correct the error(s) below.')
else:
form = AdminPasswordChangeForm(request.user)
return render(request, 'sis/user_change_password.html', {'auser': the_user, 'form': form})
def editZbyAccountView(request, acpk):
if request.POST:
print "post edit user"
instance = get_object_or_404(sysUser, pk=int(acpk))
userForm = AdminPasswordChangeForm(request.POST, instance=instance)
if userForm.is_valid():
print "form is valid"
instance = userForm.save(commit=True)
print instance.userid
ActionlogInstance = Actionlog(userid=119,
logevent=u"编辑账户:" +
instance.username,
loglevel="0")
ActionlogInstance.save()
return HttpResponseRedirect("/system/accounts/")
else:
return render(request, 'system/addAccount.html', {
'userForm': userForm,
'fun': u"编辑"
})
try:
instance = get_object_or_404(sysUser, pk=int(acpk))
userForm = AdminPasswordChangeForm(instance=instance)
return render(request, 'system/addAccount.html', {
'userForm': userForm,
'fun': u"编辑"
})
except Exception, e:
print e
def change_password(request,
user_id,
template_name='accounts/admin_change_pw.html'):
"""
Admin change users password
"""
user_account = get_object_or_404(User, pk=user_id)
if request.method == 'POST':
form = AdminPasswordChangeForm(user_account, request.POST)
if form.is_valid():
try:
form.save()
msg = _(
'The password for user %(account)s has been updated') % {
'account': user_account.username
}
except DatabaseError:
msg = _('The password could not be updated')
djmessages.info(request, msg)
return HttpResponseRedirect(reverse('user-profile',
args=[user_id]))
else:
form = AdminPasswordChangeForm(user_account)
user_account = None
form.fields['password1'].widget.attrs['size'] = '45'
form.fields['password2'].widget.attrs['size'] = '45'
return render_to_response(template_name,
locals(),
context_instance=RequestContext(request))
def user_change_password(request, pk):
"""
Función que gestiona la actualización de las contraseña de un usuario.
"""
model = User
usuario = get_object_or_404(User, pk=pk)
print usuario
form = AdminPasswordChangeForm(user=usuario)
if request.method == 'POST':
form = AdminPasswordChangeForm(user=usuario, data=request.POST)
if form.is_valid():
form.save()
messages = ['Se actualizó la contraseña del usuario con éxito']
usuarios = User.objects.all()
data = {}
data['object_list'] = usuarios
object_list = usuarios
return render_to_response("usuarios/list_users.html", {
'messages': messages,
'object_list': object_list
},
context_instance=RequestContext(request))
else:
print "No se realizó el cambio de contraseña"
return render(request, 'usuarios/user_change_password.html', {
'form': form,
'usuario': usuario
})
def user_change_password(request: HttpRequest, user_id) -> HttpResponse:
# Get the User
user = get_object_or_404(User, pk=user_id)
# Dict for view
view_dict = {} # type: Dict[str, object]
# process or create form
if request.method == 'POST':
password_form = AdminPasswordChangeForm(user, request.POST)
# process admin user
if password_form.is_valid():
user = password_form.save()
messages.add_message(request, messages.SUCCESS,
f'User {user.username} password updated.')
return HttpResponseRedirect(reverse_lazy('index'))
else:
password_form = AdminPasswordChangeForm(user)
# modify the css and label attributes
password_form.fields['password1'].widget.attrs['class'] = 'form-control'
password_form.fields['password1'].label = "New Password:"******"New Password (again):"
view_dict['form'] = password_form
view_dict['user'] = user
return render(request, 'user_change_password.html', view_dict)
def user_change_password(request, id):
if not request.user.has_perm('auth.change_user'):
raise PermissionDenied
user = get_object_or_404(User, pk=id)
if request.method == 'POST':
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
new_user = form.save()
msg = _('Password changed successfully.')
request.user.message_set.create(message=msg)
return HttpResponseRedirect('..')
else:
form = AdminPasswordChangeForm(user)
return render_to_response(
'admin/auth/user/change_password.html', {
'title': _('Change password: %s') % escape(user.username),
'form': form,
'is_popup': '_popup' in request.REQUEST,
'add': True,
'change': False,
'has_delete_permission': False,
'has_change_permission': True,
'has_absolute_url': False,
'opts': User._meta,
'original': user,
'save_as': False,
'show_save': True,
'root_path': re.sub('auth/user/(\d+)/password/$', '',
request.path),
},
context_instance=RequestContext(request))
def test_one_password(self):
user = User.objects.get(username='******')
form1 = AdminPasswordChangeForm(user, {'password1': '', 'password2': 'test'})
required_error = [Field.default_error_messages['required']]
self.assertEqual(form1.errors['password1'], required_error)
self.assertNotIn('password2', form1.errors)
form2 = AdminPasswordChangeForm(user, {'password1': 'test', 'password2': ''})
self.assertEqual(form2.errors['password2'], required_error)
self.assertNotIn('password1', form2.errors)
def reset_pass(request):
if request.method == 'POST' :
formulario = AdminPasswordChangeForm(user=request.user, data=request.POST)
if formulario.is_valid():
formulario.save()
return HttpResponseRedirect('/user/login')
else:
formulario = AdminPasswordChangeForm(user=request.user)
return render_to_response('user/reset_pass.html', {'formulario' :formulario}, context_instance=RequestContext(request))
def change_admin_password(request):
if request.method == 'POST':
form = AdminPasswordChangeForm(request.user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('morepractice:thanks'))
else:
form = AdminPasswordChangeForm(request.user)
return render(request, 'morepractice/change_admin_password.html', {'form': form})
def reset_pass(request):
if request.method == 'POST':
form = AdminPasswordChangeForm(user=request.user, data=request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse(user_index))
else:
form = AdminPasswordChangeForm(user=request.user)
return render(request, 'users/reset_pass.html', {
'form': form,
})
def password_change(req):
user_to_edit = User.objects.get(id=req.user.id)
if req.method == 'POST':
password_form = AdminPasswordChangeForm(user_to_edit, req.POST)
if password_form.is_valid():
password_form.save()
return HttpResponseRedirect('/')
else:
password_form = AdminPasswordChangeForm(user_to_edit)
template_name = "password_change.html"
return render(req, template_name, {"form": password_form})
def change_password(request):
if request.method == 'POST':
form = AdminPasswordChangeForm(user=request.user, data=request.POST)
if form.is_valid():
request.user.set_password(form.clean_password2())
return HttpResponseRedirect('/recording/')
else:
context = {'form': form}
return render(request, 'change_password.html', {'form': form})
else:
form = AdminPasswordChangeForm(user=request.user)
return render(request, 'change_password.html', {'form': form})
def password_change(req, id):
user_to_edit = User.objects.get(id=id)
print req.user
if req.method == 'POST':
password_form = AdminPasswordChangeForm(user_to_edit, req.POST)
if password_form.is_valid():
password_form.save()
return HttpResponseRedirect('/iavi/users/%s/edit' % user_to_edit.id)
else:
password_form = AdminPasswordChangeForm(user_to_edit)
template_name="iavi/password_change.html"
return render_to_response(req, template_name, {"current_user" : user_to_edit,
"form" : password_form})
def modifica_password_utente(request, utente_id):
user = User.objects.get(id=utente_id)
if request.method == 'POST': # If the form has been submitted...
form = AdminPasswordChangeForm(user=user, data=request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect('/utenti/') # Redirect after POST
else:
form = AdminPasswordChangeForm(user=user)
return render(request, 'form_password_utente.html', {
'request': request,
'form': form,
'user': user,
})
def test_one_password(self):
user = User.objects.get(username="******")
form1 = AdminPasswordChangeForm(user, {
"password1": "",
"password2": "test"
})
required_error = [Field.default_error_messages["required"]]
self.assertEqual(form1.errors["password1"], required_error)
self.assertNotIn("password2", form1.errors)
form2 = AdminPasswordChangeForm(user, {
"password1": "test",
"password2": ""
})
self.assertEqual(form2.errors["password2"], required_error)
self.assertNotIn("password1", form2.errors)
def admin_change_password(request, pk):
if "cancel" in request.POST:
return redirect('accounts:list_user')
user_change = get_object_or_404(CustomUser, pk=pk)
if request.method == 'POST':
form = AdminPasswordChangeForm(user_change, request.POST)
if form.is_valid():
messages.success(request, ' password was successfully updated!')
return redirect('accounts:list_user')
else:
messages.error(request, 'Please correct the error below.')
return redirect('accounts:list_user')
else:
form = AdminPasswordChangeForm(user_change)
return render(request, 'accounts/change_password.html', {'form': form})
def password(request, user_id):
user = get_object_or_404(User, pk=user_id)
if request.method == 'POST':
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
form.save()
messages.success(request, _(u'Password changed successfully.'))
if request.user == user:
update_session_auth_hash(request, form.user)
return redirect(reverse('users:user', args=(user.pk, )))
else:
messages.error(request, _(u'Please correct the error below.'))
else:
form = AdminPasswordChangeForm(user)
return render(request, 'users/password.html', {'form': form})
def test_missing_passwords(self):
user = User.objects.get(username="******")
data = {"password1": "", "password2": ""}
form = AdminPasswordChangeForm(user, data)
required_error = [Field.default_error_messages["required"]]
self.assertEqual(form.errors["password1"], required_error)
self.assertEqual(form.errors["password2"], required_error)
def test_missing_passwords(self):
user = User.objects.get(username='******')
data = {'password1': '', 'password2': ''}
form = AdminPasswordChangeForm(user, data)
required_error = [Field.default_error_messages['required']]
self.assertEqual(form.errors['password1'], required_error)
self.assertEqual(form.errors['password2'], required_error)
def user_change_password(request, id):
if not request.user.has_perm('auth.change_user'):
raise PermissionDenied
user = get_object_or_404(User, pk=id)
manipulator = AdminPasswordChangeForm(user)
if request.method == 'POST':
new_data = request.POST.copy()
errors = manipulator.get_validation_errors(new_data)
if not errors:
new_user = manipulator.save(new_data)
msg = _('Password changed successfully.')
request.user.message_set.create(message=msg)
return HttpResponseRedirect('..')
else:
errors = new_data = {}
form = oldforms.FormWrapper(manipulator, new_data, errors)
return render_to_response(
'admin/auth/user/change_password.html', {
'title': _('Change password: %s') % escape(user.username),
'form': form,
'is_popup': '_popup' in request.REQUEST,
'add': True,
'change': False,
'has_delete_permission': False,
'has_change_permission': True,
'has_absolute_url': False,
'first_form_field_id': 'id_password1',
'opts': User._meta,
'original': user,
'show_save': True,
},
context_instance=template.RequestContext(request))
def password_resetenter(request, uidb64=None, token=None):
"""
Enter new password for reset password.
"""
context_dict = {}
if request.method == 'POST':
assert uidb64 is not None and token is not None
uid = urlsafe_base64_decode(uidb64)
user = models.Employee.objects.get(soft_delete=False, pk=uid)
db_user = user.user
reset_token = models.PasswordReset.objects.get(token=token, user=user)
token_check = models.PasswordReset.objects.filter(
user=user,
soft_delete=False,
token_consumed=False,
).exclude(token=token).first()
update_fields = []
token_check.token_consumed = True
update_fields.append('token_consumed')
token_check.soft_delete = True
update_fields.append('soft_delete')
token_check.save(update_fields=update_fields)
time_threshold = timezone.now(
) - reset_token.password_request_created_at
if time_threshold > timedelta(minutes=30):
try:
update_fields = []
reset_token.token_consumed = True
update_fields.append('token_consumed')
reset_token.soft_delete = True
update_fields.append('soft_delete')
reset_token.save(update_fields=update_fields)
except Exception as e:
print(e)
if reset_token.user == user and reset_token.token == token:
if reset_token.token_consumed == False and reset_token.soft_delete == False:
try:
update_fields = []
reset_token.token_consumed = True
update_fields.append('token_consumed')
reset_token.soft_delete = True
update_fields.append('soft_delete')
reset_token.save(update_fields=update_fields)
except Exception as e:
print(e)
form = AdminPasswordChangeForm(user=db_user, data=request.POST)
if form.is_valid():
form.save()
history = models.History(user=user,
activity="",
activity_type="Reset Password")
history.save()
context_dict["message"] = "Password changed successfully"
else:
context_dict["message"] = "Password not changed"
else:
context_dict["message"] = "Link is no longer valid"
return render(request, "reset.html", context_dict)
def users_setpassword(request, pk):
object = get_object_or_404(User, pk=pk)
if request.method == 'POST': # If the form has been submitted...
form = AdminPasswordChangeForm(user=object, data=request.POST)
if form.is_valid(): # If the form is valid
form.save()
messages.success(request, 'The password has been saved.')
return redirect(reverse('main.views.users_show', args=(object.pk, )))
else:
form = AdminPasswordChangeForm(user=object)
return render_to_response('main/users/setpassword.html', {'form': form}, context_instance=RequestContext(request))
def user_change_password(request, id):
user = User.objects.get(pk=id)
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
new_user = form.save()
msg = _('Password changed successfully.')
request.user.message_set.create(message=msg)
return HttpResponseRedirect('../../user/users')
else:
form = AdminPasswordChangeForm(user)
extra_context = {
'form': form,
'change': True
}
return direct_to_template(request,"users/user_password_change.html",
extra_context = extra_context)
def list_user(request):
user_list = CustomUser.objects.all().exclude(id=request.user.id)
form = AdminPasswordChangeForm(request.user)
return render(request, 'accounts/user_list.html', {
'users': user_list,
'form': form
})
def change_password(request, user_id):
try:
passwd_user = User.objects.get(pk=user_id)
except ObjectDoesNotExist:
raise Http404
if request.method == "POST":
form = AdminPasswordChangeForm(passwd_user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect('../../')
else:
form = AdminPasswordChangeForm(passwd_user)
return render_to_response("accounts/admin_passwd.html",
{"form": form, "passwd_user": passwd_user},
context_instance=RequestContext(request))
def create_password(request):
"""
A custom view for the admin password change form used for account activation.
"""
if request.method == 'POST':
form = AdminPasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user) # Important!
messages.success(request,
'Your password was successfully updated!')
return redirect('users:account')
else:
messages.error(request, 'Please correct the errors below.')
else:
form = AdminPasswordChangeForm(request.user)
return render(request, 'users/change_password.html', {'form': form})
def employee_change_password(request, pk):
user = get_object_or_404(User, id=pk)
if request.method == 'POST':
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user) # Important!
messages.success(request,
'Your password was successfully updated!')
return redirect('change_password')
else:
messages.error(request, 'Please correct the error below.')
else:
form = AdminPasswordChangeForm(user)
return render(request, 'employees/employee_change_password.html', {
'form': form,
'object': user,
})
def user_password_change(request, user_id):
user = get_object_or_404(User, id=user_id)
if request.method == 'GET':
form = AdminPasswordChangeForm(user)
return TemplateResponse(request, 'user_password_change.html', {
'form': form,
'user': user
})
elif request.method == 'POST':
form = AdminPasswordChangeForm(user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect('/server/users/')
else:
return TemplateResponse(request, 'user_password_change.html', {
'form': form,
'user_id': user_id
})
def test_password_whitespace_not_stripped(self):
user = User.objects.get(username='******')
data = {
'password1': ' pass ',
'password2': ' pass ',
}
form = AdminPasswordChangeForm(user, data)
self.assertTrue(form.is_valid())
self.assertEqual(form.cleaned_data['password1'], data['password1'])
self.assertEqual(form.cleaned_data['password2'], data['password2'])
def test_password_whitespace_not_stripped(self):
user = User.objects.get(username="******")
data = {
"password1": " pass ",
"password2": " pass ",
}
form = AdminPasswordChangeForm(user, data)
self.assertTrue(form.is_valid())
self.assertEqual(form.cleaned_data["password1"], data["password1"])
self.assertEqual(form.cleaned_data["password2"], data["password2"])
