This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm
and use the password_reset_form argument.
-Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external
authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
from portal.forms import PasswordResetForm, SetPasswordForm
from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
##
import os.path, re
from random import choice
-from django.core.mail import send_mail
from django.contrib import messages
from django.views.generic import View
from django.shortcuts import render
from unfold.loginrequired import FreeAccessView
from ui.topmenu import topmenu_items_live
-from manifold.manifoldapi import execute_admin_query
+from manifoldapi.manifoldapi import execute_admin_query
from manifold.core.query import Query
-from portal.actions import manifold_update_user
+from portal.actions import manifold_update_user
from portal.forms import PassResetForm
from portal.actions import manifold_update_user
-
+from myslice.theme import ThemeView
# 4 views for password reset:
# - password_reset sends the mail
from_email=None,
current_app=None,
extra_context=None):
+
+ themeview = ThemeView()
+ themeview.template_name = template_name
+
if post_reset_redirect is None:
post_reset_redirect = reverse('portal.django_passresetview.password_reset_done')
if request.method == "POST":
if form.is_valid():
### email check in manifold DB ###
- email = form.cleaned_data['email'] # email inserted on the form
+ email = form.cleaned_data['email'].lower() # email inserted on the form
user_query = Query().get('local:user').select('user_id','email')
user_details = execute_admin_query(request, user_query)
flag = 0
if flag == 0:
messages.error(request, 'Sorry, this email is not registered.')
- return render(request, 'password_reset_form.html', {
+ context = {
'form': form,
- })
+ 'theme': themeview.theme
+ }
+ return TemplateResponse(request, themeview.template, context,current_app=current_app)
+
### end of email check in manifold ###
opts = {
form = password_reset_form()
context = {
'form': form,
+ 'theme': themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
def password_reset_done(request,
template_name='password_reset_done.html',
current_app=None, extra_context=None):
- context = {}
+ themeview = ThemeView()
+ themeview.template_name = template_name
+ context = {
+ 'theme' : themeview.theme
+ }
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
+ themeview = ThemeView()
+ themeview.template_name = template_name
+
UserModel = get_user_model()
assert uidb36 is not None and token is not None # checked by URLconf
if post_reset_redirect is None:
### manifold pass update ###
#password = form.cleaned_data('password1')
password=request.POST['new_password1']
- user_query = Query().get('local:user').select('user_id','email','password')
- user_details = execute_admin_query(request, user_query)
- for user_detail in user_details:
- if user_detail['email'] == user.email:
- user_detail['password'] = password
+ #user_query = Query().get('local:user').select('user_id','email','password')
+ #user_details = execute_admin_query(request, user_query)
+ #for user_detail in user_details:
+ # if user_detail['email'] == user.email:
+ # user_detail['password'] = password
#updating password in local:user
- user_params = { 'password': user_detail['password']}
+ user_params = { 'password': password}
manifold_update_user(request,user.email,user_params)
### end of manifold pass update ###
context = {
'form': form,
'validlink': validlink,
+ 'theme' : themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)
def password_reset_complete(request,
template_name='password_reset_complete.html',
current_app=None, extra_context=None):
+ themeview = ThemeView()
+ themeview.template_name = template_name
context = {
- 'login_url': resolve_url(settings.LOGIN_URL)
+ 'login_url': resolve_url(settings.LOGIN_URL),
+ 'theme' : themeview.theme
}
if extra_context is not None:
context.update(extra_context)
- return TemplateResponse(request, template_name, context,
+ return TemplateResponse(request, themeview.template, context,
current_app=current_app)