def chg_pwd(request):
if request.method == "POST":
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session(request, user)
return redirect('accounts:adit')
else:
form = PasswordChangeForm(request.user)
context = {'form': form, 'label': '비밀번호수정'}
return render(request, 'accounts/auth_form.html', context)
def chg_pwd(request):
if request.method == "POST":
form = PasswordChangeForm(
request.user, request.POST) # 패스워드도 폼이 있기 때문에 import하고 불러온다.
#또한 ()안에 들어가는 인자 위치가 저 순서여야 한다.
if form.is_valid():
user = form.save()
update_session(request.user) #import 해야 쓸 수 있따.
return redirect('accounts:edit')
else:
form = PasswordChangeForm(request.user)
context = {'form': form, 'label': "비번 수정"}
return render(request, 'accounts/auth_form.html', context)
def change_password(request):
if request.method == "POST":
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session(request, user)
return redirect('articles:index')
else:
form = PasswordChangeForm(request.user)
context = {
'form': form,
}
return render(request, 'accounts/auth_form.html', context)
def chg_pwd(request):
if request.method == "POST":
# PasswordChangeForm 은 (user정보, POST값 순으로 받아온다)
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid:
user = form.save()
# request를 첫 인자로 받아 현재 저장된 session값을 받고, 어떤 값을 저장할 것인지 지정한다.)
update_session(request, user)
return redirect('accounts:edit')
else:
form = PasswordChangeForm(request.user)
context = {"form": form, "label": "비밀번호변경"}
return render(request, 'accounts/auth_form.html', context)
def post(self, request, user_id='', token='', stage=''):
# Check if user has been authenticated before - if so, redirect him/her to the main site
if request.user is not None and request.user.is_authenticated():
ActionLog.objects.log_account(
'User redirected since already logged in',
user=request.user,
status=302)
return redirect(reverse_lazy('index'))
if stage == 'recover':
# Create the form in "recover" mode and attempt to validate it
form = RecoveryForm(request.POST, stage=stage)
if form.is_valid():
# The form was submitted correctly, thus we send the email and notify the user on further steps
user = form.user
ActionLog.objects.log_account(
'Initiated account recovery for user (current permissions: %s)'
% user.groups,
user=user,
status=200)
form.send_recovery_email(request, user,
tokens.make_token(user))
return render_to_response('accounts/recovering.html',
context=RequestContext(
request, locals()))
# The account is invalid: notify this error to the user and log it
email = form.cleaned_data['email_address']
ActionLog.objects.log_account(
'Attempted to recover password of invalid account (email address: %s)'
% email,
status=401)
return render_to_response('accounts/recover.html',
context=RequestContext(
request, locals()),
status=401)
elif stage == 'reset':
# Identify the user - if the user is invalid, we may have an in-progress security breach
try:
user = User.objects.get(
id=int(force_text(base64_decode(user_id))))
except User.DoesNotExist:
user = None
if user is None or not tokens.check_token(user, token):
# The URL has been tampered with - abort right now
ActionLog.objects.log_account(
'URL tampering attempt detected: aborting recovery process',
status=403,
user=user)
return HttpResponseForbidden()
# Validate the user data using the form in "complete" mode
form = RecoveryForm(request.POST, stage=stage, user=user)
if form.is_valid():
# Reset the user password
ActionLog.objects.log_account(
'Resetting password for user account',
status=200,
user=user)
password = form.cleaned_data['password']
user.set_password(password)
user.save()
# Invalidate all sessions since they are no longer valid
update_session(request, user)
return redirect(reverse_lazy('accounts:login'),
context=RequestContext(request, locals()))
# The form could not be validated due to incompatible passwords
ActionLog.objects.log_account(
'Attempted to change password for user', status=401, user=user)
return render_to_response('accounts/reset.html',
context=RequestContext(
request, locals()),
status=401)
return HttpResponseForbidden()
