Exemplo n.º 1
0
def disable_req(request):
    if request.POST:
        if "disable" in request.POST:
            mcid = normalize_mcid(request.POST["mcid"])
            user = User.objects.get(mcid=mcid)

            sql_execute("DELETE FROM groupmembers WHERE memberaccid=%s", user.mcid)

            user.sha1 = None
            user.acctype = "DISABLED"
            user.save()

        return HttpResponseRedirect(".")

    mcid = normalize_mcid(request.GET["mcid"])
    user = User.objects.get(mcid=mcid)
    ts = datetime.fromtimestamp(user.ccrlogupdatetime)

    where = ["groupmembers.memberaccid = %s" % mcid, "groupmembers.groupinstanceid = groupinstances.groupinstanceid"]

    member_of = Group.objects.extra(where=where, tables=["groupmembers"])

    return render_to_response(
        "users/disable.html", default_context(request, mcuser=user, ccrlogupdatetime=ts, member_of=member_of)
    )
Exemplo n.º 2
0
def addgroup_req(request):
    mcid = normalize_mcid(request.REQUEST['mcid'])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = GroupForm(request.POST)

        if form.is_valid():
            g = create_group(form.clean_data['name'],
                             normalize_mcid(form.clean_data['accid']),
                             'https://' + request.META['SERVER_NAME'])

            g.save()

            return submit_redirect(
                request,
                g,
                create_redirect='addgroup?mcid=%s' % mcid,
                edit_redirect='../groups/edit?id=%(groupinstanceid)s',
                save_redirect='groups?mcid=%s' % mcid)

    else:
        form = GroupForm(initial=dict(accid=pretty_mcid(mcid)))

    return render_to_response('users/addgroup.html',
                              default_context(request, mcuser=user, form=form))
Exemplo n.º 3
0
def addgroup_req(request):
    mcid = normalize_mcid(request.REQUEST["mcid"])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = GroupForm(request.POST)

        if form.is_valid():
            g = create_group(
                form.clean_data["name"],
                normalize_mcid(form.clean_data["accid"]),
                "https://" + request.META["SERVER_NAME"],
            )

            g.save()

            return submit_redirect(
                request,
                g,
                create_redirect="addgroup?mcid=%s" % mcid,
                edit_redirect="../groups/edit?id=%(groupinstanceid)s",
                save_redirect="groups?mcid=%s" % mcid,
            )

    else:
        form = GroupForm(initial=dict(accid=pretty_mcid(mcid)))

    return render_to_response("users/addgroup.html", default_context(request, mcuser=user, form=form))
Exemplo n.º 4
0
def disable_req(request):
    if request.POST:
        if 'disable' in request.POST:
            mcid = normalize_mcid(request.POST['mcid'])
            user = User.objects.get(mcid=mcid)

            sql_execute('DELETE FROM groupmembers WHERE memberaccid=%s',
                        user.mcid)

            user.sha1 = None
            user.acctype = 'DISABLED'
            user.save()

        return HttpResponseRedirect('.')

    mcid = normalize_mcid(request.GET['mcid'])
    user = User.objects.get(mcid=mcid)
    ts = datetime.fromtimestamp(user.ccrlogupdatetime)

    where = [
        'groupmembers.memberaccid = %s' % mcid,
        'groupmembers.groupinstanceid = groupinstances.groupinstanceid'
    ]

    member_of = Group.objects.extra(where=where, tables=['groupmembers'])

    return render_to_response(
        'users/disable.html',
        default_context(request,
                        mcuser=user,
                        ccrlogupdatetime=ts,
                        member_of=member_of))
Exemplo n.º 5
0
def claim_req(request):
    mcid = normalize_mcid(request.REQUEST['mcid'])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = ClaimForm(request.POST)

        if form.is_valid():
            user.email = form.clean_data['email']
            user.set_password(form.clean_data['password'])
            user.acctype = 'CLAIMED'
            user.save()

            return render_to_response(
                'users/claimed.html',
                default_context(request,
                                mcuser=user,
                                password=form.clean_data['password']))
    else:
        initial = user.__dict__.copy()
        initial['password'] = random_password()
        form = ClaimForm(initial=initial)

    return render_to_response('users/claim.html',
                              default_context(request, form=form, mcuser=user))
Exemplo n.º 6
0
def create_req(request):
    """Form for registering a new user.
    """
    if request.POST:
        mcid = normalize_mcid(request.POST["mcid"])

        form = CreateForm(request.POST)

        if form.is_valid():
            object = User()
            object.mcid = mcid
            object.updatetime = 0
            object.ccrlogupdatetime = 0
            object.acctype = "SPONSORED"

            object.first_name = form.clean_data["first_name"]
            object.last_name = form.clean_data["last_name"]
            object.enable_simtrak = False
            object.enable_dod = False
            object.save()

            return submit_redirect(
                request, object, save_redirect="user?mcid=%(mcid)s", edit_redirect="edit?mcid=%(mcid)s"
            )
    else:
        mcid = mcid_generator.next_mcid_str()
        form = CreateForm()

    return render_to_response("users/create.html", default_context(request, form=form, mcid=mcid))
Exemplo n.º 7
0
def create_req(request):
    """Form for registering a new user.
    """
    if request.POST:
        mcid = normalize_mcid(request.POST['mcid'])

        form = CreateForm(request.POST)

        if form.is_valid():
            object = User()
            object.mcid = mcid
            object.updatetime = 0
            object.ccrlogupdatetime = 0
            object.acctype = 'SPONSORED'

            object.first_name = form.clean_data['first_name']
            object.last_name = form.clean_data['last_name']
            object.enable_simtrak = False
            object.enable_dod = False
            object.save()

            return submit_redirect(request,
                                   object,
                                   save_redirect='user?mcid=%(mcid)s',
                                   edit_redirect='edit?mcid=%(mcid)s')
    else:
        mcid = mcid_generator.next_mcid_str()
        form = CreateForm()

    return render_to_response('users/create.html',
                              default_context(request, form=form, mcid=mcid))
Exemplo n.º 8
0
def user_req(request):
    try:
        mcid = normalize_mcid(request.GET["mcid"])
        user = User.objects.get(mcid=mcid)
    except KeyError:
        return search_req(request)
    except User.DoesNotExist:
        return search(request, mcid)
    else:
        ts = datetime.fromtimestamp(user.ccrlogupdatetime)

        where = [
            "groupmembers.memberaccid = %s" % mcid,
            "groupmembers.groupinstanceid = groupinstances.groupinstanceid",
        ]

        member_of = Group.objects.extra(where=where, tables=["groupmembers"])

        if member_of:
            member_of = member_of[0]
        else:
            member_of = None

        where = ["external_users.mcid = %s" % mcid, "external_users.provider_id = identity_providers.id"]

        accounts = IdentityProvider.objects.extra(
            where=where, select={"username": "******"}, tables=["external_users"]
        )

        accounts = [augment(idp) for idp in accounts]

        return render_to_response(
            "users/user.html",
            default_context(request, mcuser=user, ccrlogupdatetime=ts, member_of=member_of, accounts=accounts),
        )
Exemplo n.º 9
0
def remove_from_group_req(request):
    mcid = normalize_mcid(request.GET["mcid"])
    group = request.GET["group"]

    sql_execute("DELETE FROM groupmembers " + "WHERE groupinstanceid=%s AND memberaccid=%s;", int(group), mcid)

    return HttpResponseRedirect("user?mcid=" + mcid)
Exemplo n.º 10
0
def add_to_group_req(request):
    mcid = normalize_mcid(request.GET["mcid"])
    group = request.GET["group"]

    sql_execute("INSERT INTO groupmembers (groupinstanceid, memberaccid) " + "VALUES (%s, %s);", int(group), mcid)

    return HttpResponseRedirect("user?mcid=" + mcid)
Exemplo n.º 11
0
def groups_req(request):
    """search and/or list all groups, so this user can be added
    to specific groups
    """
    mcid = normalize_mcid(request.REQUEST["mcid"])
    user = User.objects.get(mcid=mcid)

    where = ["groupmembers.memberaccid = %s" % mcid, "groupmembers.groupinstanceid = groupinstances.groupinstanceid"]

    member_of = Group.objects.extra(where=where, tables=["groupmembers"])

    q = request.REQUEST.get("q", "")

    if q:
        groups = Group.objects.filter(name__icontains=q)
    else:
        groups = Group.objects.order_by("name")

    return object_list(
        request,
        queryset=groups,
        template_name="users/groups.html",
        paginate_by=10,
        allow_empty=True,
        extra_context=default_context(request, mcuser=user, member_of=member_of, q=q),
    )
Exemplo n.º 12
0
def login_as_req(request):
    mcid = normalize_mcid(request.GET['mcid'])
    user = User.objects.get(mcid=mcid)

    return render_to_response(
        'users/login_as.html',
        default_context(request, mcid=pretty_mcid(mcid), mcuser=user))
Exemplo n.º 13
0
def groups_req(request):
    """search and/or list all groups, so this user can be added
    to specific groups
    """
    mcid = normalize_mcid(request.REQUEST['mcid'])
    user = User.objects.get(mcid=mcid)

    where = [
        'groupmembers.memberaccid = %s' % mcid,
        'groupmembers.groupinstanceid = groupinstances.groupinstanceid'
    ]

    member_of = Group.objects.extra(where=where, tables=['groupmembers'])

    q = request.REQUEST.get('q', '')

    if q:
        groups = Group.objects.filter(name__icontains=q)
    else:
        groups = Group.objects.order_by('name')

    return object_list(request,
                       queryset=groups,
                       template_name='users/groups.html',
                       paginate_by=10,
                       allow_empty=True,
                       extra_context=default_context(request,
                                                     mcuser=user,
                                                     member_of=member_of,
                                                     q=q))
Exemplo n.º 14
0
def add_to_group_req(request):
    mcid = normalize_mcid(request.GET['mcid'])
    group = request.GET['group']

    sql_execute("INSERT INTO groupmembers (groupinstanceid, memberaccid) " + \
                "VALUES (%s, %s);", int(group), mcid)

    return HttpResponseRedirect("user?mcid=" + mcid)
Exemplo n.º 15
0
def add_users(request, this_action, next_action, template):
    id = request.REQUEST['id'].strip()
    group = Group.objects.get(groupinstanceid=int(id))

    context = default_context(request, action=this_action, group=group, id=id)

    if 'q' in request.REQUEST:
        q = request.REQUEST['q']
        qs = search_query_set(q)
        context['q'] = q
    else:
        qs = all_query_set()

    if 'mcid' in request.POST:
        mcid = normalize_mcid(request.POST['mcid'])

        if 'remove.x' in request.POST:
            sql_execute("DELETE FROM groupmembers " + \
                        "WHERE groupinstanceid = %s AND memberaccid = %s",
                        int(id), mcid)
        elif 'add.x' in request.POST:
            # Only one group per user
            sql_execute("DELETE FROM groupmembers " + \
          "wHERE memberaccid = %s", mcid)

            sql_execute("INSERT INTO groupmembers " + \
                        "(groupinstanceid, memberaccid) " + \
                        "VALUES (%s, %s)", int(id), mcid)

        return HttpResponseRedirect(this_action)

    if 'prev' in request.POST:
        return HttpResponseRedirect('wiz_name?id=%s' % id)

    if 'finish' in request.POST:
        return HttpResponseRedirect(next_action)

    where = [
        'groupmembers.memberaccid = users.mcid',
        'groupmembers.groupinstanceid = %s' % id
    ]
    context['members'] = User.objects.extra(where=where,
                                            tables=['groupmembers'])

    where = [
        'mcid NOT IN (SELECT memberaccid FROM groupmembers WHERE groupinstanceid = %s)'
        % id
    ]
    select = {
        'groupname':
        'SELECT DISTINCT(name) FROM groupinstances, groupmembers WHERE groupmembers.groupinstanceid = groupinstances.groupinstanceid AND groupmembers.memberaccid = users.mcid'
    }

    return object_list(request,
                       queryset=qs.extra(where=where, select=select),
                       template_name=template,
                       paginate_by=20,
                       extra_context=context)
Exemplo n.º 16
0
def remove_from_group_req(request):
    mcid = normalize_mcid(request.GET['mcid'])
    group = request.GET['group']

    sql_execute("DELETE FROM groupmembers " + \
                "WHERE groupinstanceid=%s AND memberaccid=%s;",
                int(group), mcid)

    return HttpResponseRedirect("user?mcid=" + mcid)
Exemplo n.º 17
0
def unlink_user(request, redirect):
    mcid = normalize_mcid(request.POST['mcid'])
    idp = request.POST['idp']
    username = request.POST['username']

    sql_execute("DELETE FROM external_users " + \
                "WHERE provider_id = %s AND mcid = %s AND username = %s",
                int(idp), mcid, username)

    return HttpResponseRedirect(redirect % locals())
Exemplo n.º 18
0
def unlink_user(request, redirect):
    mcid = normalize_mcid(request.POST['mcid'])
    idp = request.POST['idp']
    username = request.POST['username']

    sql_execute("DELETE FROM external_users " + \
                "WHERE provider_id = %s AND mcid = %s AND username = %s",
                int(idp), mcid, username)

    return HttpResponseRedirect(redirect % locals())
Exemplo n.º 19
0
def edit_req(request):
    mcid = normalize_mcid(request.REQUEST["mcid"])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = UserForm(request.POST)

        if form.is_valid() and save_user(user, form):
            return submit_redirect(request, user, edit_redirect="edit?mcid=%(mcid)s")
    else:
        form = UserForm(initial=user.__dict__)

    return render_to_response("users/edit.html", default_context(request, form=form, mcuser=user))
Exemplo n.º 20
0
def add_users(request, this_action, next_action, template):
    id = request.REQUEST['id'].strip()
    group = Group.objects.get(groupinstanceid=int(id))

    context = default_context(request, action=this_action, group=group, id=id)

    if 'q' in request.REQUEST:
	q = request.REQUEST['q']
	qs = search_query_set(q)
	context['q'] = q
    else:
	qs = all_query_set()

    if 'mcid' in request.POST:
        mcid = normalize_mcid(request.POST['mcid'])

        if 'remove.x' in request.POST:
            sql_execute("DELETE FROM groupmembers " + \
                        "WHERE groupinstanceid = %s AND memberaccid = %s",
                        int(id), mcid)
        elif 'add.x' in request.POST:
	    # Only one group per user
	    sql_execute("DELETE FROM groupmembers " + \
			"wHERE memberaccid = %s", mcid)

            sql_execute("INSERT INTO groupmembers " + \
                        "(groupinstanceid, memberaccid) " + \
                        "VALUES (%s, %s)", int(id), mcid)

        return HttpResponseRedirect(this_action)

    if 'prev' in request.POST:
        return HttpResponseRedirect('wiz_name?id=%s' % id)

    if 'finish' in request.POST:
        return HttpResponseRedirect(next_action)

    where = ['groupmembers.memberaccid = users.mcid',
             'groupmembers.groupinstanceid = %s' % id]
    context['members'] = User.objects.extra(where = where,
                                            tables = ['groupmembers'])

    where = ['mcid NOT IN (SELECT memberaccid FROM groupmembers WHERE groupinstanceid = %s)' % id]
    select = {'groupname': 'SELECT DISTINCT(name) FROM groupinstances, groupmembers WHERE groupmembers.groupinstanceid = groupinstances.groupinstanceid AND groupmembers.memberaccid = users.mcid'}

    return object_list(request,
                       queryset = qs.extra(where = where,
					   select = select),
                       template_name = template,
                       paginate_by = 20,
                       extra_context = context)
Exemplo n.º 21
0
def wiz_create_req(request):
    id = request.REQUEST.get('id', '')
    action = 'wiz_create?id=%s' % id

    if id:
        g = Group.objects.get(groupinstanceid=id)
    else:
        g = None

    queryset = all_query_set()

    if 'search' in request.POST or 'search.x' in request.POST:
        queryset = search_query_set(request.POST['q'])
        form = CreateForm(initial=request.POST)

    elif request.POST:
        form = CreateForm(request.POST)

        if form.is_valid():
            mcid = normalize_mcid(form.clean_data['owner_mcid'])

            if g:
                p = Practice.objects.get(practiceid=g.parentid)
                p.accid_id = g.accid_id = mcid

                p.save()
            else:
                g = create_group('New Group', mcid,
                                 'https://' + request.META['SERVER_NAME'])

            g.save()

            return HttpResponseRedirect('wiz_name?id=%d' % g.groupinstanceid)
    else:
        initial = dict(id=id)

        if 'mcid' in request.REQUEST:
            initial['owner_mcid'] = pretty_mcid(request.REQUEST['mcid'])
        elif g:
            initial['owner_mcid'] = pretty_mcid(g.accid_id)

        form = CreateForm(initial=initial)

    return object_list(request,
                       queryset=queryset,
                       template_name='groups/wiz_1create.html',
                       paginate_by=20,
                       extra_context=default_context(request,
                                                     form=form,
                                                     action=action))
Exemplo n.º 22
0
def wiz_create_req(request):
    id = request.REQUEST.get('id', '')
    action = 'wiz_create?id=%s' % id

    if id:
        g = Group.objects.get(groupinstanceid = id)
    else:
        g = None

    queryset = all_query_set()

    if 'search' in request.POST or 'search.x' in request.POST:
        queryset = search_query_set(request.POST['q'])
        form = CreateForm(initial = request.POST)

    elif request.POST:
        form = CreateForm(request.POST)

        if form.is_valid():
            mcid = normalize_mcid(form.clean_data['owner_mcid'])

            if g:
                p = Practice.objects.get(practiceid = g.parentid)
                p.accid_id = g.accid_id = mcid

                p.save()
            else:
                g = create_group('New Group', mcid,
                                 'https://' + request.META['SERVER_NAME'])

            g.save()

    	    return HttpResponseRedirect('wiz_name?id=%d' % g.groupinstanceid)
    else:
        initial = dict(id = id)

        if 'mcid' in request.REQUEST:
            initial['owner_mcid'] = pretty_mcid(request.REQUEST['mcid'])
	elif g:
	    initial['owner_mcid'] = pretty_mcid(g.accid_id)

        form = CreateForm(initial = initial)

    return object_list(request, queryset = queryset,
                       template_name = 'groups/wiz_1create.html',
                       paginate_by = 20,
                       extra_context = default_context(request,
                                                       form=form,
                                                       action=action))
Exemplo n.º 23
0
def edit_req(request):
    mcid = normalize_mcid(request.REQUEST['mcid'])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = UserForm(request.POST)

        if form.is_valid() and save_user(user, form):
            return submit_redirect(request,
                                   user,
                                   edit_redirect='edit?mcid=%(mcid)s')
    else:
        form = UserForm(initial=user.__dict__)

    return render_to_response('users/edit.html',
                              default_context(request, form=form, mcuser=user))
Exemplo n.º 24
0
def user_req(request):
    try:
        mcid = normalize_mcid(request.GET['mcid'])
        user = User.objects.get(mcid=mcid)
    except KeyError:
        return search_req(request)
    except User.DoesNotExist:
        return search(request, mcid)
    else:
        ts = datetime.fromtimestamp(user.ccrlogupdatetime)

        where = [
            'groupmembers.memberaccid = %s' % mcid,
            'groupmembers.groupinstanceid = groupinstances.groupinstanceid'
        ]

        member_of = Group.objects.extra(where=where, tables=['groupmembers'])

        if member_of:
            member_of = member_of[0]
        else:
            member_of = None

        where = [
            'external_users.mcid = %s' % mcid,
            'external_users.provider_id = identity_providers.id'
        ]

        accounts = IdentityProvider.objects.extra(
            where=where,
            select={'username': '******'},
            tables=['external_users'])

        accounts = [augment(idp) for idp in accounts]

        return render_to_response(
            'users/user.html',
            default_context(request,
                            mcuser=user,
                            ccrlogupdatetime=ts,
                            member_of=member_of,
                            accounts=accounts))
Exemplo n.º 25
0
def claim_req(request):
    mcid = normalize_mcid(request.REQUEST["mcid"])
    user = User.objects.get(mcid=mcid)

    if request.POST:
        form = ClaimForm(request.POST)

        if form.is_valid():
            user.email = form.clean_data["email"]
            user.set_password(form.clean_data["password"])
            user.acctype = "CLAIMED"
            user.save()

            return render_to_response(
                "users/claimed.html", default_context(request, mcuser=user, password=form.clean_data["password"])
            )
    else:
        initial = user.__dict__.copy()
        initial["password"] = random_password()
        form = ClaimForm(initial=initial)

    return render_to_response("users/claim.html", default_context(request, form=form, mcuser=user))
Exemplo n.º 26
0
def password_req(request):
    mcid = normalize_mcid(request.REQUEST["mcid"])

    mcuser = get_object_or_404(User, mcid=mcid)

    decoded_skey = mcuser.enc_skey and mcuser.enc_skey.decode("base64")

    ts = datetime.fromtimestamp(mcuser.ccrlogupdatetime)

    skey_form = None

    if "skey" in request.POST:
        skey_form = SKeyForm(request.POST)

        if skey_form.is_valid():
            curr = skey.get(skey_form.clean_data["skey"])
            next = skey.step(curr)

            if next == decoded_skey:
                mcuser.email = skey_form.clean_data["email"]
                mcuser.set_password(skey_form.clean_data["newpw"])
                mcuser.enc_skey = curr.encode("base64").strip()

                mcuser.save()

                properties = get_properties()
                properties["user"] = mcuser
                properties["newpw"] = skey_form.clean_data["newpw"]

                email_user_template(
                    request,
                    mcuser,
                    "Your {{ ApplianceName }} email and password has been reset",
                    "email/new_email.txt",
                    properties,
                )

                return HttpResponseRedirect("user?mcid=" + mcid)

            skey_form.errors.setdefault("skey", []).append("S/Key mismatch")

        pw_form = PasswordForm(initial=dict(newpw=request.POST["newpw"]))
    elif "newpw" in request.POST:
        pw_form = PasswordForm(request.POST)

        if pw_form.is_valid():
            mcuser.set_password(pw_form.clean_data["newpw"])
            mcuser.save()

            properties = get_properties()
            properties["user"] = mcuser
            properties["newpw"] = pw_form.clean_data["newpw"]

            email_user_template(
                request,
                mcuser,
                "Your {{ ApplianceName }} password has been reset",
                "email/new_password.txt",
                properties,
            )

            return HttpResponseRedirect("user?mcid=" + mcid)

        if decoded_skey:
            skey_form = SKeyForm(initial=dict(email=mcuser.email, newpw=request.POST["newpw"]))
    else:
        newpw = random_password()
        initial = dict(newpw=newpw, email=mcuser.email)
        pw_form = PasswordForm(initial=initial)

        if decoded_skey:
            skey_form = SKeyForm(initial=initial)

    return render_to_response(
        "users/password.html",
        default_context(request, mcuser=mcuser, ccrlogupdatetime=ts, pw_form=pw_form, skey_form=skey_form),
    )
Exemplo n.º 27
0
def login_as_req(request):
    mcid = normalize_mcid(request.GET["mcid"])
    user = User.objects.get(mcid=mcid)

    return render_to_response("users/login_as.html", default_context(request, mcid=pretty_mcid(mcid), mcuser=user))
Exemplo n.º 28
0
def password_req(request):
    mcid = normalize_mcid(request.REQUEST['mcid'])

    mcuser = get_object_or_404(User, mcid=mcid)

    decoded_skey = mcuser.enc_skey and mcuser.enc_skey.decode('base64')

    ts = datetime.fromtimestamp(mcuser.ccrlogupdatetime)

    skey_form = None

    if 'skey' in request.POST:
        skey_form = SKeyForm(request.POST)

        if skey_form.is_valid():
            curr = skey.get(skey_form.clean_data['skey'])
            next = skey.step(curr)

            if next == decoded_skey:
                mcuser.email = skey_form.clean_data['email']
                mcuser.set_password(skey_form.clean_data['newpw'])
                mcuser.enc_skey = curr.encode('base64').strip()

                mcuser.save()

                properties = get_properties()
                properties['user'] = mcuser
                properties['newpw'] = skey_form.clean_data['newpw']

                email_user_template(
                    request, mcuser,
                    'Your {{ ApplianceName }} email and password has been reset',
                    'email/new_email.txt', properties)

                return HttpResponseRedirect('user?mcid=' + mcid)

            skey_form.errors.setdefault('skey', []).append('S/Key mismatch')

        pw_form = PasswordForm(initial=dict(newpw=request.POST['newpw']))
    elif 'newpw' in request.POST:
        pw_form = PasswordForm(request.POST)

        if pw_form.is_valid():
            mcuser.set_password(pw_form.clean_data['newpw'])
            mcuser.save()

            properties = get_properties()
            properties['user'] = mcuser
            properties['newpw'] = pw_form.clean_data['newpw']

            email_user_template(
                request, mcuser,
                'Your {{ ApplianceName }} password has been reset',
                'email/new_password.txt', properties)

            return HttpResponseRedirect('user?mcid=' + mcid)

        if decoded_skey:
            skey_form = SKeyForm(
                initial=dict(email=mcuser.email, newpw=request.POST['newpw']))
    else:
        newpw = random_password()
        initial = dict(newpw=newpw, email=mcuser.email)
        pw_form = PasswordForm(initial=initial)

        if decoded_skey:
            skey_form = SKeyForm(initial=initial)

    return render_to_response(
        'users/password.html',
        default_context(request,
                        mcuser=mcuser,
                        ccrlogupdatetime=ts,
                        pw_form=pw_form,
                        skey_form=skey_form))