Пример #1
0
def chg_pwd(request):
    if request.method == "POST":
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            update_session(request, user)
            return redirect('accounts:adit')
    else:
        form = PasswordChangeForm(request.user)
    context = {'form': form, 'label': '비밀번호수정'}
    return render(request, 'accounts/auth_form.html', context)
Пример #2
0
def chg_pwd(request):
    if request.method == "POST":
        form = PasswordChangeForm(
            request.user, request.POST)  # 패스워드도 폼이 있기 때문에 import하고 불러온다.
        #또한 ()안에 들어가는 인자 위치가 저 순서여야 한다.
        if form.is_valid():
            user = form.save()
            update_session(request.user)  #import 해야 쓸 수 있따.
            return redirect('accounts:edit')
    else:
        form = PasswordChangeForm(request.user)
    context = {'form': form, 'label': "비번 수정"}
    return render(request, 'accounts/auth_form.html', context)
Пример #3
0
def change_password(request):
    if request.method == "POST":
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            update_session(request, user)
            return redirect('articles:index')
    else:
        form = PasswordChangeForm(request.user)
    context = {
        'form': form,
    }
    return render(request, 'accounts/auth_form.html', context)
Пример #4
0
def chg_pwd(request):

    if request.method == "POST":
        # PasswordChangeForm 은 (user정보, POST값 순으로 받아온다)
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid:
            user = form.save()
            # request를 첫 인자로 받아 현재 저장된 session값을 받고, 어떤 값을 저장할 것인지 지정한다.)
            update_session(request, user)
            return redirect('accounts:edit')
    else:
        form = PasswordChangeForm(request.user)

    context = {"form": form, "label": "비밀번호변경"}
    return render(request, 'accounts/auth_form.html', context)
Пример #5
0
    def post(self, request, user_id='', token='', stage=''):

        # Check if user has been authenticated before - if so, redirect him/her to the main site
        if request.user is not None and request.user.is_authenticated():

            ActionLog.objects.log_account(
                'User redirected since already logged in',
                user=request.user,
                status=302)
            return redirect(reverse_lazy('index'))

        if stage == 'recover':

            # Create the form in "recover" mode and attempt to validate it
            form = RecoveryForm(request.POST, stage=stage)
            if form.is_valid():

                # The form was submitted correctly, thus we send the email and notify the user on further steps
                user = form.user
                ActionLog.objects.log_account(
                    'Initiated account recovery for user (current permissions: %s)'
                    % user.groups,
                    user=user,
                    status=200)
                form.send_recovery_email(request, user,
                                         tokens.make_token(user))

                return render_to_response('accounts/recovering.html',
                                          context=RequestContext(
                                              request, locals()))

            # The account is invalid: notify this error to the user and log it
            email = form.cleaned_data['email_address']
            ActionLog.objects.log_account(
                'Attempted to recover password of invalid account (email address: %s)'
                % email,
                status=401)

            return render_to_response('accounts/recover.html',
                                      context=RequestContext(
                                          request, locals()),
                                      status=401)
        elif stage == 'reset':

            # Identify the user - if the user is invalid, we may have an in-progress security breach
            try:
                user = User.objects.get(
                    id=int(force_text(base64_decode(user_id))))
            except User.DoesNotExist:
                user = None

            if user is None or not tokens.check_token(user, token):

                # The URL has been tampered with - abort right now
                ActionLog.objects.log_account(
                    'URL tampering attempt detected: aborting recovery process',
                    status=403,
                    user=user)
                return HttpResponseForbidden()

            # Validate the user data using the form in "complete" mode
            form = RecoveryForm(request.POST, stage=stage, user=user)
            if form.is_valid():

                # Reset the user password
                ActionLog.objects.log_account(
                    'Resetting password for user account',
                    status=200,
                    user=user)
                password = form.cleaned_data['password']
                user.set_password(password)
                user.save()

                # Invalidate all sessions since they are no longer valid
                update_session(request, user)
                return redirect(reverse_lazy('accounts:login'),
                                context=RequestContext(request, locals()))

            # The form could not be validated due to incompatible passwords
            ActionLog.objects.log_account(
                'Attempted to change password for user', status=401, user=user)
            return render_to_response('accounts/reset.html',
                                      context=RequestContext(
                                          request, locals()),
                                      status=401)

        return HttpResponseForbidden()