X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=portal%2Fdjango_passresetview.py;h=6997008a7ce590446d6177f812042ce7b045b7f9;hb=deee82377a1f72626cede01fdfec5e9d7cc274ce;hp=56f03ba80e9efb920907ae07b8c8035229591e2d;hpb=3ae814faf17791cc21384234b89ce183ce367dab;p=myslice.git diff --git a/portal/django_passresetview.py b/portal/django_passresetview.py index 56f03ba8..6997008a 100644 --- a/portal/django_passresetview.py +++ b/portal/django_passresetview.py @@ -34,7 +34,7 @@ If the email address provided does not exist in the system, this view won't send This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm and use the password_reset_form argument. -Users flagged with an unusable password (see set_unusable_password() aren't allowed to request a password reset to prevent misuse when using an external +Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either. More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users @@ -64,7 +64,7 @@ from django.contrib.auth.decorators import login_required from portal.forms import PasswordResetForm, SetPasswordForm from django.contrib.auth.tokens import default_token_generator from django.contrib.sites.models import get_current_site -from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher +from django.contrib.auth.hashers import identify_hasher ## import os.path, re @@ -72,7 +72,6 @@ import json from random import choice -from django.core.mail import send_mail from django.contrib import messages from django.views.generic import View from django.shortcuts import render @@ -81,14 +80,14 @@ from django.http import HttpResponse, HttpResponseRedirec from unfold.loginrequired import FreeAccessView from ui.topmenu import topmenu_items_live -from manifold.manifoldapi import execute_admin_query +from manifoldapi.manifoldapi import execute_admin_query from manifold.core.query import Query -from portal.actions import manifold_update_user +from portal.actions import manifold_update_user from portal.forms import PassResetForm from portal.actions import manifold_update_user - +from myslice.theme import ThemeView # 4 views for password reset: # - password_reset sends the mail @@ -99,8 +98,8 @@ from portal.actions import manifold_update_user @csrf_protect def password_reset(request, is_admin_site=False, - template_name='registration/password_reset_form.html', - email_template_name='registration/password_reset_email.html', + template_name='password_reset_form.html', + email_template_name='password_reset_email.html', subject_template_name='registration/password_reset_subject.txt', password_reset_form=PasswordResetForm, token_generator=default_token_generator, @@ -108,6 +107,10 @@ def password_reset(request, is_admin_site=False, from_email=None, current_app=None, extra_context=None): + + themeview = ThemeView() + themeview.template_name = template_name + if post_reset_redirect is None: post_reset_redirect = reverse('portal.django_passresetview.password_reset_done') if request.method == "POST": @@ -115,7 +118,7 @@ def password_reset(request, is_admin_site=False, if form.is_valid(): ### email check in manifold DB ### - email = form.cleaned_data['email'] # email inserted on the form + email = form.cleaned_data['email'].lower() # email inserted on the form user_query = Query().get('local:user').select('user_id','email') user_details = execute_admin_query(request, user_query) flag = 0 @@ -126,9 +129,12 @@ def password_reset(request, is_admin_site=False, if flag == 0: messages.error(request, 'Sorry, this email is not registered.') - return render(request, 'registration/password_reset_form.html', { + context = { 'form': form, - }) + 'theme': themeview.theme + } + return TemplateResponse(request, themeview.template, context,current_app=current_app) + ### end of email check in manifold ### opts = { @@ -147,20 +153,25 @@ def password_reset(request, is_admin_site=False, form = password_reset_form() context = { 'form': form, + 'theme': themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) def password_reset_done(request, - template_name='registration/password_reset_done.html', + template_name='password_reset_done.html', current_app=None, extra_context=None): - context = {} + themeview = ThemeView() + themeview.template_name = template_name + context = { + 'theme' : themeview.theme + } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) @@ -168,7 +179,7 @@ def password_reset_done(request, @sensitive_post_parameters() @never_cache def password_reset_confirm(request, uidb36=None, token=None, - template_name='registration/password_reset_confirm.html', + template_name='password_reset_confirm.html', token_generator=default_token_generator, set_password_form=SetPasswordForm, post_reset_redirect=None, @@ -177,6 +188,9 @@ def password_reset_confirm(request, uidb36=None, token=None, View that checks the hash in a password reset link and presents a form for entering a new password. """ + themeview = ThemeView() + themeview.template_name = template_name + UserModel = get_user_model() assert uidb36 is not None and token is not None # checked by URLconf if post_reset_redirect is None: @@ -196,13 +210,13 @@ def password_reset_confirm(request, uidb36=None, token=None, ### manifold pass update ### #password = form.cleaned_data('password1') password=request.POST['new_password1'] - user_query = Query().get('local:user').select('user_id','email','password') - user_details = execute_admin_query(request, user_query) - for user_detail in user_details: - if user_detail['email'] == user.email: - user_detail['password'] = password + #user_query = Query().get('local:user').select('user_id','email','password') + #user_details = execute_admin_query(request, user_query) + #for user_detail in user_details: + # if user_detail['email'] == user.email: + # user_detail['password'] = password #updating password in local:user - user_params = { 'password': user_detail['password']} + user_params = { 'password': password} manifold_update_user(request,user.email,user_params) ### end of manifold pass update ### @@ -217,22 +231,26 @@ def password_reset_confirm(request, uidb36=None, token=None, context = { 'form': form, 'validlink': validlink, + 'theme' : themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app) def password_reset_complete(request, - template_name='registration/password_reset_complete.html', + template_name='password_reset_complete.html', current_app=None, extra_context=None): + themeview = ThemeView() + themeview.template_name = template_name context = { - 'login_url': resolve_url(settings.LOGIN_URL) + 'login_url': resolve_url(settings.LOGIN_URL), + 'theme' : themeview.theme } if extra_context is not None: context.update(extra_context) - return TemplateResponse(request, template_name, context, + return TemplateResponse(request, themeview.template, context, current_app=current_app)