def process_request(self, request):
if is_authenticated(request.user) and not request.user.is_staff:
next_url = resolve(request.path).url_name
# Authenticated users must be allowed to access
# "change password" page and "log out" page.
# even if password is expired.
if next_url not in [
settings.ACCOUNT_PASSWORD_CHANGE_REDIRECT_URL,
settings.ACCOUNT_LOGOUT_URL,
]:
if check_password_expired(request.user):
signals.password_expired.send(sender=self,
user=request.user)
messages.add_message(
request, messages.WARNING,
_("Your password has expired. Please save a new password."
))
redirect_field_name = REDIRECT_FIELD_NAME
change_password_url = reverse(
settings.ACCOUNT_PASSWORD_CHANGE_REDIRECT_URL)
url_bits = list(urlparse(change_password_url))
querystring = QueryDict(url_bits[4], mutable=True)
querystring[redirect_field_name] = next_url
url_bits[4] = querystring.urlencode(safe="/")
return HttpResponseRedirect(urlunparse(url_bits))
def process_request(self, request):
if is_authenticated(request.user) and not request.user.is_staff:
next_url = resolve(request.path).url_name
# Authenticated users must be allowed to access
# "change password" page and "log out" page.
# even if password is expired.
if next_url not in [settings.ACCOUNT_PASSWORD_CHANGE_REDIRECT_URL,
settings.ACCOUNT_LOGOUT_URL,
]:
if check_password_expired(request.user):
signals.password_expired.send(sender=self, user=request.user)
messages.add_message(
request,
messages.WARNING,
_("Your password has expired. Please save a new password.")
)
redirect_field_name = REDIRECT_FIELD_NAME
change_password_url = reverse(settings.ACCOUNT_PASSWORD_CHANGE_REDIRECT_URL)
url_bits = list(urlparse(change_password_url))
querystring = QueryDict(url_bits[4], mutable=True)
querystring[redirect_field_name] = next_url
url_bits[4] = querystring.urlencode(safe="/")
return HttpResponseRedirect(urlunparse(url_bits))
def get(self, *args, **kwargs):
if self.request.user.is_authenticated():
# Check for password expiration, redirect if needed.
if check_password_expired(self.request.user):
return redirect("account_password")
return redirect(self.get_success_url())
return super(LoginView, self).get(*args, **kwargs)
def test_signup(self):
"""
Ensure new user has one PasswordHistory and no PasswordExpiry.
"""
email = "*****@*****.**"
password = "******"
post_data = {
"username": "******",
"password": password,
"password_confirm": password,
"email": email,
}
response = self.client.post(reverse("account_signup"), post_data)
self.assertEqual(response.status_code, 302)
user = User.objects.get(email=email)
self.assertFalse(hasattr(user, "password_expiry"))
latest_history = user.password_history.latest("timestamp")
self.assertTrue(latest_history)
# verify password is not expired
self.assertFalse(check_password_expired(user))
# verify raw password matches encrypted password in history
self.assertTrue(check_password(password, latest_history.password))