def confirm_password_reset(request, auth):
try:
username = django.core.signing.loads(
auth,
salt="password_reset",
max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
except django.core.signing.BadSignature:
raise Http404("Invalid or expired auth")
user = get_object_or_404(User, username=username)
success = False
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
password = form.cleaned_data["password"]
user.set_password(password)
user.save()
# password is also stored in htpasswd file
update_htpasswd_file(user.username, password)
success = True
else:
form = PasswordForm()
hlibname, hashername = settings.PASSWORD_HASHERS[0].rsplit('.', 1)
hlib = importlib.import_module(hlibname)
hasher = getattr(hlib, hashername)
return render(request, 'registration/change_password.html', {
'form': form,
'user': user,
'success': success,
'hasher': hasher,
})
def change_password(request):
success = False
person = None
try:
person = request.user.person
except Person.DoesNotExist:
return render(request, 'registration/missing_person.html')
emails = [
e.address
for e in Email.objects.filter(person=person, active=True).order_by(
'-primary', '-time')
]
user = request.user
if request.method == 'POST':
form = ChangePasswordForm(user, request.POST)
if form.is_valid():
new_password = form.cleaned_data["new_password"]
user.set_password(new_password)
user.save()
# password is also stored in htpasswd file
update_htpasswd_file(user.username, new_password)
# keep the session
update_session_auth_hash(request, user)
send_mail(request, emails, None,
"Datatracker password change notification",
"registration/password_change_email.txt", {})
messages.success(request, "Your password was successfully changed")
return HttpResponseRedirect(
urlreverse('ietf.ietfauth.views.profile'))
else:
form = ChangePasswordForm(request.user)
hlibname, hashername = settings.PASSWORD_HASHERS[0].rsplit('.', 1)
hlib = importlib.import_module(hlibname)
hasher = getattr(hlib, hashername)
return render(request, 'registration/change_password.html', {
'form': form,
'user': user,
'success': success,
'hasher': hasher,
})
def change_username(request):
person = None
try:
person = request.user.person
except Person.DoesNotExist:
return render(request, 'registration/missing_person.html')
emails = [
e.address for e in Email.objects.filter(person=person, active=True)
]
emailz = [e.address for e in person.email_set.filter(active=True)]
assert emails == emailz
user = request.user
if request.method == 'POST':
form = ChangeUsernameForm(user, request.POST)
if form.is_valid():
new_username = form.cleaned_data["username"]
password = form.cleaned_data["password"]
assert new_username in emails
user.username = new_username.lower()
user.save()
# password is also stored in htpasswd file
update_htpasswd_file(user.username, password)
# keep the session
update_session_auth_hash(request, user)
send_mail(request, emails, None,
"Datatracker username change notification",
"registration/username_change_email.txt", {})
messages.success(request, "Your username was successfully changed")
return HttpResponseRedirect(
urlreverse('ietf.ietfauth.views.profile'))
else:
form = ChangeUsernameForm(request.user)
return render(request, 'registration/change_username.html', {
'form': form,
'user': user,
})
def test_htpasswd_file_with_htpasswd_binary(self):
# make sure we test both Python and call-out to binary
settings.USE_PYTHON_HTDIGEST = False
update_htpasswd_file("foo", "passwd")
self.assertTrue(self.username_in_htpasswd_file("foo"))
def confirm_account(request, auth):
try:
email = django.core.signing.loads(
auth,
salt="create_account",
max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
except django.core.signing.BadSignature:
raise Http404("Invalid or expired auth")
if User.objects.filter(username=email).exists():
return redirect(profile)
success = False
if request.method == 'POST':
form = PersonPasswordForm(request.POST)
if form.is_valid():
password = form.cleaned_data["password"]
user = User.objects.create(username=email, email=email)
user.set_password(password)
user.save()
# password is also stored in htpasswd file
update_htpasswd_file(email, password)
# make sure the rest of the person infrastructure is
# well-connected
email_obj = Email.objects.filter(address=email).first()
person = None
if email_obj and email_obj.person:
person = email_obj.person
if not person:
name = form.cleaned_data["name"]
ascii = form.cleaned_data["ascii"]
person = Person.objects.create(user=user,
name=name,
ascii=ascii)
for name in set([
person.name,
person.ascii,
person.plain_name(),
person.plain_ascii(),
]):
Alias.objects.create(person=person, name=name)
if not email_obj:
email_obj = Email.objects.create(address=email, person=person)
else:
if not email_obj.person:
email_obj.person = person
email_obj.save()
person.user = user
person.save()
success = True
else:
form = PersonPasswordForm()
return render(request, 'registration/confirm_account.html', {
'form': form,
'email': email,
'success': success,
})