def changepswd(request):
if (islogin(request) == False):
return HttpResponseRedirect("/")
emailid = request.session.get("email", None)
name = request.session.get("name", None)
if request.method == "POST":
form = PasswordForm(request.POST)
if form.is_valid():
try:
user = RegisteredUsers.objects.get(email=emailid)
user.pswd = form.cleaned_data["new_pswd"]
user.save()
c = {}
c.update(csrf(request))
c.update({"emailid": emailid, "user": name})
c.update({"updated": True})
return render_to_response("changepswd.html", c)
except:
return HttpResponse(
"Error in Connection with Database , Try again ")
else:
c = {}
c.update(csrf(request))
c.update({"passwordform": form})
c.update({"emailid": emailid, "user": name})
#return HttpResponse(str(vars(form)))
return render_to_response("changepswd.html", c)
c = {}
c.update(csrf(request))
c.update({"emailid": emailid})
return render_to_response("changepswd.html", c)
def changepswd(request):
if(islogin(request)==False):
return HttpResponseRedirect("/")
emailid = request.session.get("email",None)
name = request.session.get("name",None)
if request.method =="POST":
form = PasswordForm(request.POST)
if form.is_valid():
try:
user = RegisteredUsers.objects.get(email=emailid)
user.pswd = form.cleaned_data["new_pswd"]
user.save()
c= {}
c.update(csrf(request))
c.update({"emailid":emailid,"user":name})
c.update({"updated":True})
return render_to_response("changepswd.html",c)
except:
return HttpResponse("Error in Connection with Database , Try again ")
else:
c={}
c.update(csrf(request))
c.update({"passwordform":form})
c.update({"emailid":emailid,"user":name})
#return HttpResponse(str(vars(form)))
return render_to_response("changepswd.html",c)
c={}
c.update(csrf(request))
c.update({"emailid":emailid})
return render_to_response("changepswd.html",c)
def settings(request):
tf = timezone_form(request)
if request.method == 'POST':
if 'password' == request.POST.get('action'):
pf = PasswordForm(request.POST)
if pf.is_valid():
ok = request.user.check_password(
pf.cleaned_data['old_password'])
if ok:
request.user.set_password(
pf.cleaned_data['new_password'])
messages.success(request, 'Password was changed.')
return redirect(request.path)
else:
pf.add_error('old_password', 'Wrong old password')
elif 'tz' == request.POST.get('action'):
pf = PasswordForm()
if tf.is_valid():
tz = tf.save()
messages.success(request,
'Timezone set to {}'.format(tz.timezone))
return redirect(request.path)
else:
pf = PasswordForm()
else:
pf = PasswordForm()
return render(request, 'settings.html', {'password_form': pf,
'tz_form': tf})
def password(request):
"""
View that changes the password on the LDAP server.
"""
member = retrieve_member(request)
if request.method == 'POST':
form = PasswordForm(request.POST, request=request)
if form.is_valid():
new_password = form.cleaned_data['password1']
# change the password for the Wifi
member.set('sambaLMPassword', smbpasswd.lmhash(new_password))
member.set('sambaNTPassword', smbpasswd.nthash(new_password))
member.save()
# change the LDAP password
member.change_password(new_password)
key = store_ldap_password(request, new_password)
request.session.save()
new_form = PasswordForm()
response = render(request, 'password.html',
{'message': _('Your password was changed. Thank you!'),
'form': new_form, 'member': member.to_dict()})
response.set_cookie('sessionkey', key)
return response
else:
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
else:
form = PasswordForm()
return render(request, 'password.html',
{'form': form, 'member': member.to_dict()})
def login(request):
password_form = PasswordForm()
if request.method == "POST":
password_form = PasswordForm(request.POST)
if password_form.is_valid() and password_form.cleaned_data['password'] == settings.SITE_PASSWORD:
response = HttpResponseRedirect('/')
response.set_cookie('password', value=password_form.cleaned_data['password'], max_age=60*60*24*60) # 60 days
return response
context = {
'password_form': password_form
, 'hide_sidebar': True
}
return HttpResponse(loader.get_template("login.html").render(RequestContext(request,context)))
def password(request, user_id):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects.get(id=user_id)
user.set_password(request.POST['password'])
user.save()
return redirect('/')
else:
form = PasswordForm()
user = User.objects.get(id=user_id)
return render(request, 'form.html', {'form': form, 'user': user})
def changePassword(request):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = request.user
user.set_password(request.POST.get('password'))
return HttpResponseRedirect('/profile')
else:
form = PasswordForm()
return render(request, 'change_password.html', context={
'form': form,
})
def password(request, user_id):
if request.method == 'POST':
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects.get(id=user_id)
user.set_password(request.POST['password'])
user.save()
# 記錄系統事件
if is_event_open(request) :
log = Log(user_id=request.user.id, event=u'修改<'+user.first_name+u'>密碼成功')
log.save()
return redirect('homepage')
else:
form = PasswordForm()
user = User.objects.get(id=user_id)
return render_to_response('account/password.html',{'form': form, 'user':user}, context_instance=RequestContext(request))
def edit_password(request, pw_pk=None):
new = False
password = get_object_or_404(Password, pk=pw_pk)
ldap_groups = get_ldap_groups(request.user.username)
ldap_groups_choices = [(lg, lg) for lg in ldap_groups]
if request.method == 'POST':
form = PasswordForm(request.POST, instance=password,
ldap_groups_choices=ldap_groups_choices)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("index"))
elif request.method == 'GET':
form = PasswordForm(instance=password,
ldap_groups_choices=ldap_groups_choices)
return direct_to_template(request, 'edit_password.html', {'form': form, 'ldapGroups': LdapGroup.objects.all(), 'new': new})
def password(request, template_name='django_yubico/password.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"""
Displays the password form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name,
settings.LOGIN_REDIRECT_URL)
for key in SESSION_KEYS:
# Make sure all the required session keys are present
value = request.session.get(key, None)
if value is None:
return HttpResponseRedirect(reverse('yubico_django_login'))
user_id = request.session[YUBIKEY_SESSION_USER_ID]
auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND]
user = User.objects.get(pk=user_id)
user.backend = auth_backend
if request.method == 'POST':
form = PasswordForm(request.POST, user=user)
if form.is_valid():
auth_login(request=request, user=user)
reset_user_session(session=request.session)
return HttpResponseRedirect(redirect_to)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \
YUBIKEY_PASSWORD_ATTEMPTS:
# Maximum number of attemps has been reached. Require user to
# start from scratch.
reset_user_session(session=request.session)
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user=user)
dictionary = {'form': form, redirect_field_name: redirect_to}
return render_to_response(template_name, dictionary,
context_instance=RequestContext(request))
def user_password(request, user_id, response_format='html'):
"User change password form"
profile = get_object_or_404(User, pk=user_id)
if request.POST:
if 'cancel' not in request.POST:
form = PasswordForm(profile.user, request.POST)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id]))
else:
return HttpResponseRedirect(reverse('core_admin_user_view', args=[profile.id]))
else:
form = PasswordForm(profile.user)
return render_to_response('core/administration/user_password',
{'profile': profile, 'form': form},
context_instance=RequestContext(request), response_format=response_format)
def password(request, template_name='django_yubico/password.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"""
Displays the password form and handles the login action.
"""
redirect_to = settings.LOGIN_REDIRECT_URL
for key in SESSION_KEYS:
# Make sure all the required session keys are present
value = request.session.get(key, None)
if value is None:
return HttpResponseRedirect(reverse('yubico_django_login'))
user_id = request.session[YUBIKEY_SESSION_USER_ID]
auth_backend = request.session[YUBIKEY_SESSION_AUTH_BACKEND]
user = User.objects.get(pk=user_id)
user.backend = auth_backend
if request.method == 'POST':
form = PasswordForm(request.POST, user=user)
if form.is_valid():
auth_login(request=request, user=user)
reset_user_session(session=request.session)
return HttpResponseRedirect(redirect_to)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_SESSION_ATTEMPT_COUNTER] > \
YUBIKEY_PASSWORD_ATTEMPTS:
# Maximum number of attemps has been reached. Require user to
# start from scratch.
reset_user_session(session=request.session)
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user=user)
dictionary = {'form': form, redirect_field_name: redirect_to}
return render_to_response(template_name, dictionary,
context_instance=RequestContext(request))
def password(request):
"""
View that changes the password on the LDAP server.
"""
member = retrieve_member(request)
if request.method == 'POST':
form = PasswordForm(request.POST, request=request)
if form.is_valid():
new_password = form.cleaned_data['password1']
# change the password for the Wifi
member.set('sambaLMPassword', smbpasswd.lmhash(new_password))
member.set('sambaNTPassword', smbpasswd.nthash(new_password))
member.save()
# change the LDAP password
member.change_password(new_password)
key = store_ldap_password(request, new_password)
request.session.save()
new_form = PasswordForm()
response = render(
request, 'password.html', {
'message': _('Your password was changed. Thank you!'),
'form': new_form,
'member': member.to_dict()
})
response.set_cookie('sessionkey', key)
return response
else:
return render(request, 'password.html', {
'form': form,
'member': member.to_dict()
})
else:
form = PasswordForm()
return render(request, 'password.html', {
'form': form,
'member': member.to_dict()
})
def password(request,
template_name = 'django_yubico/password.html',
redirect_field_name = REDIRECT_FIELD_NAME):
"""Displays the password form and handles the login action."""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if not request.session.get(YUBIKEY_SESSION_USER) or not request.session.get(YUBIKEY_ATTEMPT_COUNTER):
return HttpResponseRedirect(reverse('yubico_django_login'))
if request.method == 'POST':
form = PasswordForm(request.POST, user = request.session[YUBIKEY_SESSION_USER])
if form.is_valid():
auth_login(request, request.session[YUBIKEY_SESSION_USER])
try:
del(request.session[YUBIKEY_SESSION_USER])
except KeyError:
pass
try:
del(request.session[YUBIKEY_ATTEMPT_COUNTER])
except KeyError:
pass
return HttpResponseRedirect(redirect_to or settings.LOGIN_REDIRECT_URL)
else:
# Limit the number of password attempts per token
request.session[YUBIKEY_ATTEMPT_COUNTER] += 1
if request.session[YUBIKEY_ATTEMPT_COUNTER] > YUBIKEY_PASSWORD_ATTEMPTS:
del(request.session[YUBIKEY_SESSION_USER])
del(request.session[YUBIKEY_ATTEMPT_COUNTER])
return HttpResponseRedirect(reverse('yubico_django_login'))
else:
form = PasswordForm(user = request.session[YUBIKEY_SESSION_USER])
return render_to_response(template_name, {'form': form, redirect_field_name: redirect_to}, \
context_instance = RequestContext(request))
def edit_password(request, pw_pk=None):
new = False
password = get_object_or_404(Password, pk=pw_pk)
ldap_groups = get_ldap_groups(request.user.username)
ldap_groups_choices = [(lg, lg) for lg in ldap_groups]
if request.method == 'POST':
form = PasswordForm(request.POST,
instance=password,
ldap_groups_choices=ldap_groups_choices)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("index"))
elif request.method == 'GET':
form = PasswordForm(instance=password,
ldap_groups_choices=ldap_groups_choices)
return direct_to_template(request, 'edit_password.html', {
'form': form,
'ldapGroups': LdapGroup.objects.all(),
'new': new
})
