def post(self, request): serializer = ChangePasswordInputSerializer(data=request.data) serializer.is_valid(raise_exception=True) change_form_map = { 'password1': 'new_password', 'password2': 'new_password', 'oldpassword': '******' } change_form_input = map_serializer_to_form(serializer.validated_data, change_form_map) with transaction.atomic(), clear_messages(request): user = request.user if not user.has_usable_password(): raise PermissionDenied(_("This account is disabled.")) change_form = ChangePasswordForm(user=user, data=change_form_input) form_valid_or_raise(change_form, change_form_map) change_form.save() logout(request, all_tokens=True) # logout all other sessions if allauth_settings.LOGOUT_ON_PASSWORD_CHANGE: # maybe logout current session too logout(request) logout_on_password_change(request, user) # make allauth happy signals.password_changed.send(sender=user.__class__, request=request, user=user) return Response({})
def get_or_process_password_form(request): form = ChangePasswordForm(data=request.POST or None, user=request.user) if form.is_valid(): form.save() logout_on_password_change(request, form.user) get_adapter(request).add_message( request, messages.SUCCESS, 'account/messages/password_changed.txt') return form
def settings_password(request): if request.method == 'POST': form = ChangePasswordForm(request.user, request.POST) if form.is_valid(): form.save() # Prevent user logout by Django when password changed logout_on_password_change(request, form.user) messages.success(request, _('Password is changed')) return redirect('users:settings_password') else: form = ChangePasswordForm(request.user) return render(request, 'users/settings_password.html', {'form': form})
def update_account(request): user = request.user if request.method == 'POST': submit_value = request.POST.get('submit') if submit_value not in ('email', 'resend', 'cancel', 'password'): raise Http404 if submit_value == 'email': email_form = ChangeEmailForm(request.user, request.POST) if email_form.is_valid(): email = email_form.cleaned_data['email'] EmailAddress.objects.add_email(request, user, email, confirm=True) return HttpResponseRedirect(reverse('account_email_verification_sent')) else: email_form = ChangeEmailForm(request.user) if submit_value == 'resend': user.new_email.send_confirmation() if submit_value == 'cancel': user.new_email.delete() if submit_value == 'password': password_form = ChangePasswordForm(request.user, request.POST) if password_form.is_valid(): password_form.save() # Prevent user logout by Django when password changed logout_on_password_change(request, password_form.user) messages.success(request, _('Password is changed')) return redirect('users:update_account') else: password_form = ChangePasswordForm(request.user) else: email_form = ChangeEmailForm(request.user, initial={'email': request.user.email}) password_form = ChangePasswordForm(request.user) return render(request, 'users/account_update.html', {'email_form': email_form, 'password_form': password_form})
def form_valid(self, form): if 'info' in self.request.POST: logger.debug("form: info success") dmm.notifications.success(self.request, "Info successfully updated") email = self.request.user.emailaddress_set.get(primary=True) if form.cleaned_data["email"] != email.email: email.change(self.request, form.cleaned_data["email"]) get_adapter(self.request).add_message( self.request, messages.INFO, 'account/messages/' 'email_confirmation_sent.txt', {'email': email}) return super().form_valid(form) elif 'password' in self.request.POST: logger.debug("form: password success") form.save() logout_on_password_change(self.request, form.user) get_adapter(self.request).add_message( self.request, messages.SUCCESS, 'account/messages/password_set.txt') allauth.account.signals.password_set.send( sender=self.request.user.__class__, request=self.request, user=self.request.user) return HttpResponseRedirect(self.get_success_url())