def password_change(self, request):
""" Return 'password_change' view.
This resolves the view with the name 'password_change'.
Overwrite this method when needed.
"""
view_func, args, kwargs = resolve(self.change_password_path)
if 'password_change_form' in kwargs:
assert issubclass(kwargs['password_change_form'],
StrictPasswordChangeForm), (
"Use django_auth_policy StrictPasswordChangeForm for password "
"changes.")
# Provide extra context to be used in the password_change template
if 'extra_context' in kwargs:
kwargs['extra_context']['password_change_enforce'] = \
request.session.get('password_change_enforce')
kwargs['extra_context']['password_change_enforce_msg'] = \
request.session.get('password_change_enforce_msg')
# Run 'requires_csrf_token' because CSRF middleware might have been
# skipped over here
resp = requires_csrf_token(view_func)(request, *args, **kwargs)
update_password(request.session, request.user)
return resp
def process_request(self, request):
assert hasattr(request, 'user'), (
'AuthenticationPolicyMiddleware needs a user attribute on '
'request, add AuthenticationMiddleware before '
'AuthenticationPolicyMiddleware in MIDDLEWARE_CLASSES')
# This middleware does nothing for unauthenticated users
if not request.user.is_authenticated():
return None
# Check if users' password has been changed, and then logout user.
# To prevent logout at password change views call the
# `update_password` function in that view
if not 'password_hash' in request.session:
update_password(request.session, request.user)
# Log out disabled users
if not request.user.is_active:
logger.info('Log out inactive user, user=%s', request.user)
return self.logout(request)
# Do not do password change for certain URLs
if request.path in (self.change_password_path, self.login_path,
self.logout_path):
return None
# Check for 'enforce_password_change' in session set by login view
if request.session.get('password_change_enforce', False):
return self.password_change(request)
return None
def password_change(self, request):
""" Return 'password_change' view.
This resolves the view with the name 'password_change'.
Overwrite this method when needed.
"""
view_func, args, kwargs = resolve(self.change_password_path)
if 'password_change_form' in kwargs:
assert issubclass(kwargs['password_change_form'],
StrictPasswordChangeForm), (
"Use django_auth_policy StrictPasswordChangeForm for password "
"changes.")
# Provide extra context to be used in the password_change template
if 'extra_context' in kwargs:
kwargs['extra_context']['password_change_enforce'] = \
request.session.get('password_change_enforce')
kwargs['extra_context']['password_change_enforce_msg'] = \
request.session.get('password_change_enforce_msg')
# Run 'requires_csrf_token' because CSRF middleware might have been
# skipped over here
resp = requires_csrf_token(view_func)(request, *args, **kwargs)
update_password(request.session, request.user)
return resp
def process_request(self, request):
assert hasattr(request, 'user'), (
'AuthenticationPolicyMiddleware needs a user attribute on '
'request, add AuthenticationMiddleware before '
'AuthenticationPolicyMiddleware in MIDDLEWARE_CLASSES')
# This middleware does nothing for unauthenticated users
if not request.user.is_authenticated():
return None
if settings.STATIC_URL and \
request.path_info.startswith(settings.STATIC_URL):
return None
if settings.MEDIA_URL and \
request.path.startswith(settings.MEDIA_URL):
return None
# Check if users' password has been changed, and then logout user.
# To prevent logout at password change views call the
# `update_password` function in that view
if 'password_hash' not in request.session:
update_password(request.session, request.user)
# Log out disabled users
if not request.user.is_active:
logger.info('Log out inactive user, user=%s', request.user)
return self.logout(request)
# Do not do password change for certain URLs
if request.path_info in (self.change_password_path,
self.login_path,
self.logout_path):
return None
# Check for 'enforce_password_change' in session set by login view
if request.session.get('password_change_enforce', False):
return self.password_change(request)
return None
