def chg_pwd(request): if request.method == "POST": form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): user = form.save() update_session(request, user) return redirect('accounts:adit') else: form = PasswordChangeForm(request.user) context = {'form': form, 'label': '비밀번호수정'} return render(request, 'accounts/auth_form.html', context)
def chg_pwd(request): if request.method == "POST": form = PasswordChangeForm( request.user, request.POST) # 패스워드도 폼이 있기 때문에 import하고 불러온다. #또한 ()안에 들어가는 인자 위치가 저 순서여야 한다. if form.is_valid(): user = form.save() update_session(request.user) #import 해야 쓸 수 있따. return redirect('accounts:edit') else: form = PasswordChangeForm(request.user) context = {'form': form, 'label': "비번 수정"} return render(request, 'accounts/auth_form.html', context)
def change_password(request): if request.method == "POST": form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): user = form.save() update_session(request, user) return redirect('articles:index') else: form = PasswordChangeForm(request.user) context = { 'form': form, } return render(request, 'accounts/auth_form.html', context)
def chg_pwd(request): if request.method == "POST": # PasswordChangeForm 은 (user정보, POST값 순으로 받아온다) form = PasswordChangeForm(request.user, request.POST) if form.is_valid: user = form.save() # request를 첫 인자로 받아 현재 저장된 session값을 받고, 어떤 값을 저장할 것인지 지정한다.) update_session(request, user) return redirect('accounts:edit') else: form = PasswordChangeForm(request.user) context = {"form": form, "label": "비밀번호변경"} return render(request, 'accounts/auth_form.html', context)
def post(self, request, user_id='', token='', stage=''): # Check if user has been authenticated before - if so, redirect him/her to the main site if request.user is not None and request.user.is_authenticated(): ActionLog.objects.log_account( 'User redirected since already logged in', user=request.user, status=302) return redirect(reverse_lazy('index')) if stage == 'recover': # Create the form in "recover" mode and attempt to validate it form = RecoveryForm(request.POST, stage=stage) if form.is_valid(): # The form was submitted correctly, thus we send the email and notify the user on further steps user = form.user ActionLog.objects.log_account( 'Initiated account recovery for user (current permissions: %s)' % user.groups, user=user, status=200) form.send_recovery_email(request, user, tokens.make_token(user)) return render_to_response('accounts/recovering.html', context=RequestContext( request, locals())) # The account is invalid: notify this error to the user and log it email = form.cleaned_data['email_address'] ActionLog.objects.log_account( 'Attempted to recover password of invalid account (email address: %s)' % email, status=401) return render_to_response('accounts/recover.html', context=RequestContext( request, locals()), status=401) elif stage == 'reset': # Identify the user - if the user is invalid, we may have an in-progress security breach try: user = User.objects.get( id=int(force_text(base64_decode(user_id)))) except User.DoesNotExist: user = None if user is None or not tokens.check_token(user, token): # The URL has been tampered with - abort right now ActionLog.objects.log_account( 'URL tampering attempt detected: aborting recovery process', status=403, user=user) return HttpResponseForbidden() # Validate the user data using the form in "complete" mode form = RecoveryForm(request.POST, stage=stage, user=user) if form.is_valid(): # Reset the user password ActionLog.objects.log_account( 'Resetting password for user account', status=200, user=user) password = form.cleaned_data['password'] user.set_password(password) user.save() # Invalidate all sessions since they are no longer valid update_session(request, user) return redirect(reverse_lazy('accounts:login'), context=RequestContext(request, locals())) # The form could not be validated due to incompatible passwords ActionLog.objects.log_account( 'Attempted to change password for user', status=401, user=user) return render_to_response('accounts/reset.html', context=RequestContext( request, locals()), status=401) return HttpResponseForbidden()