def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
form.save(request)
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
'accounts/password.html',
{
'title': _('Change password'),
'change_form': change_form,
'form': form,
}
)
def confirm(request):
details = request.session.get('reauthenticate')
if not details:
return redirect('home')
# Monkey patch request
request.user = User.objects.get(pk=details['user_pk'])
if request.method == 'POST':
confirm_form = PasswordConfirmForm(request, request.POST)
if confirm_form.is_valid():
request.session.pop('reauthenticate')
request.session['reauthenticate_done'] = True
return redirect('social:complete', backend=details['backend'])
else:
confirm_form = PasswordConfirmForm(request)
context = {
'confirm_form': confirm_form,
}
context.update(details)
return render(
request,
'accounts/confirm.html',
context
)
def password(request):
"""Password change / set form."""
do_change = False
if request.method == 'POST':
change_form = PasswordConfirmForm(request, request.POST)
do_change = change_form.is_valid()
else:
change_form = PasswordConfirmForm(request)
if request.method == 'POST':
form = SetPasswordForm(request.user, request.POST)
if form.is_valid() and do_change:
# Clear flag forcing user to set password
redirect_page = '#auth'
if 'show_set_password' in request.session:
del request.session['show_set_password']
redirect_page = ''
# Change the password
user = form.save()
# Updating the password logs out all other sessions for the user
# except the current one.
update_session_auth_hash(request, user)
# Change key for current session
request.session.cycle_key()
messages.success(
request,
_('Your password has been changed.')
)
notify_account_activity(request.user, request, 'password')
return redirect_profile(redirect_page)
else:
form = SetPasswordForm(request.user)
return render(
request,
'accounts/password.html',
{
'title': _('Change password'),
'change_form': change_form,
'form': form,
}
)
def user_remove(request):
if request.method == 'POST':
confirm_form = PasswordConfirmForm(request, request.POST)
if confirm_form.is_valid():
remove_user(request.user)
logout(request)
messages.success(
request,
_('Your account has been removed.')
)
return redirect('home')
else:
confirm_form = PasswordConfirmForm(request)
return render(
request,
'accounts/removal.html',
{
'confirm_form': confirm_form,
}
)
def confirm(request):
details = request.session.get('reauthenticate')
if not details:
return redirect('home')
# Monkey patch request
request.user = User.objects.get(pk=details['user_pk'])
if request.method == 'POST':
confirm_form = PasswordConfirmForm(request, request.POST)
if confirm_form.is_valid():
session_ratelimit_reset(request)
request.session.pop('reauthenticate')
request.session['reauthenticate_done'] = True
return redirect('social:complete', backend=details['backend'])
else:
confirm_form = PasswordConfirmForm(request)
context = {
'confirm_form': confirm_form,
}
context.update(details)
return render(request, 'accounts/confirm.html', context)
def user_remove(request):
is_confirmation = 'remove_confirm' in request.session
if is_confirmation:
if request.method == 'POST':
remove_user(request.user, request)
rotate_token(request)
logout(request)
messages.success(request, _('Your account has been removed.'))
return redirect('home')
confirm_form = EmptyConfirmForm(request)
elif request.method == 'POST':
confirm_form = PasswordConfirmForm(request, request.POST)
if confirm_form.is_valid():
store_userid(request, remove=True)
request.GET = {'email': request.user.email}
return social_complete(request, 'email')
else:
confirm_form = PasswordConfirmForm(request)
return render(request, 'accounts/removal.html', {
'confirm_form': confirm_form,
'is_confirmation': is_confirmation,
})