def password_change(self, request): """ Return 'password_change' view. This resolves the view with the name 'password_change'. Overwrite this method when needed. """ view_func, args, kwargs = resolve(self.change_password_path) if 'password_change_form' in kwargs: assert issubclass(kwargs['password_change_form'], StrictPasswordChangeForm), ( "Use django_auth_policy StrictPasswordChangeForm for password " "changes.") # Provide extra context to be used in the password_change template if 'extra_context' in kwargs: kwargs['extra_context']['password_change_enforce'] = \ request.session.get('password_change_enforce') kwargs['extra_context']['password_change_enforce_msg'] = \ request.session.get('password_change_enforce_msg') # Run 'requires_csrf_token' because CSRF middleware might have been # skipped over here resp = requires_csrf_token(view_func)(request, *args, **kwargs) update_password(request.session, request.user) return resp
def process_request(self, request): assert hasattr(request, 'user'), ( 'AuthenticationPolicyMiddleware needs a user attribute on ' 'request, add AuthenticationMiddleware before ' 'AuthenticationPolicyMiddleware in MIDDLEWARE_CLASSES') # This middleware does nothing for unauthenticated users if not request.user.is_authenticated(): return None # Check if users' password has been changed, and then logout user. # To prevent logout at password change views call the # `update_password` function in that view if not 'password_hash' in request.session: update_password(request.session, request.user) # Log out disabled users if not request.user.is_active: logger.info('Log out inactive user, user=%s', request.user) return self.logout(request) # Do not do password change for certain URLs if request.path in (self.change_password_path, self.login_path, self.logout_path): return None # Check for 'enforce_password_change' in session set by login view if request.session.get('password_change_enforce', False): return self.password_change(request) return None
def process_request(self, request): assert hasattr(request, 'user'), ( 'AuthenticationPolicyMiddleware needs a user attribute on ' 'request, add AuthenticationMiddleware before ' 'AuthenticationPolicyMiddleware in MIDDLEWARE_CLASSES') # This middleware does nothing for unauthenticated users if not request.user.is_authenticated(): return None if settings.STATIC_URL and \ request.path_info.startswith(settings.STATIC_URL): return None if settings.MEDIA_URL and \ request.path.startswith(settings.MEDIA_URL): return None # Check if users' password has been changed, and then logout user. # To prevent logout at password change views call the # `update_password` function in that view if 'password_hash' not in request.session: update_password(request.session, request.user) # Log out disabled users if not request.user.is_active: logger.info('Log out inactive user, user=%s', request.user) return self.logout(request) # Do not do password change for certain URLs if request.path_info in (self.change_password_path, self.login_path, self.logout_path): return None # Check for 'enforce_password_change' in session set by login view if request.session.get('password_change_enforce', False): return self.password_change(request) return None