X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=portal%2Fdjango_passresetview.py;h=8e57199831340e000a53e2d6125a7b4205372d5b;hb=f0f76a08ca9dc5d208e1521a73ba1ba60a3c0065;hp=1126f1065a1a40307373d16bb0fb5a9c859c1f3f;hpb=0c34b56ff3e9887a592363ce92753a6a8383aa45;p=myslice.git

diff --git a/portal/django_passresetview.py b/portal/django_passresetview.py
index 1126f106..8e571998 100644
--- a/portal/django_passresetview.py
+++ b/portal/django_passresetview.py
@@ -1,3 +1,47 @@
+# -*- coding: utf-8 -*-
+#
+# portal/views.py: views for the portal application
+# This file is part of the Manifold project.
+#
+# Author:
+#   Mohammed Yasin Rahman <mohammed-yasin.rahman@lip6.fr>
+# Copyright 2014, UPMC Sorbonne Universités / LIP6
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 3, or (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+# details.
+#   
+# You should have received a copy of the GNU General Public License along with
+# this program; see the file COPYING.  If not, write to the Free Software
+# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+
+
+
+"""
+View Description:
+
+Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's 
+registered email address.
+
+If the email address provided does not exist in the system, this view won't send an email, but the user won't receive any error message either. 
+This prevents information leaking to potential attackers. If you want to provide an error message in this case, you can subclass PasswordResetForm 
+and use the password_reset_form argument.
+
+Users flagged with an unusable password - see set_unusable_password() - aren't allowed to request a password reset to prevent misuse when using an external 
+authentication source like LDAP. Note that they won't receive any error message since this would expose their account's existence but no mail will be sent either.
+
+More Detail: https://docs.djangoproject.com/en/dev/topics/auth/default/#topics-auth-creating-users
+"""
+
+
+
 try:
     from urllib.parse import urlparse, urlunparse
 except ImportError:     # Python 2
@@ -20,7 +64,7 @@ from django.contrib.auth.decorators import login_required
 from portal.forms import PasswordResetForm, SetPasswordForm
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site
-from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
+from django.contrib.auth.hashers import identify_hasher
 
 ##
 import os.path, re
@@ -55,8 +99,8 @@ from portal.actions             import manifold_update_user
 
 @csrf_protect
 def password_reset(request, is_admin_site=False,
-                   template_name='registration/password_reset_form.html',
-                   email_template_name='registration/password_reset_email.html',
+                   template_name='password_reset_form.html',
+                   email_template_name='password_reset_email.html',
                    subject_template_name='registration/password_reset_subject.txt',
                    password_reset_form=PasswordResetForm,
                    token_generator=default_token_generator,
@@ -71,7 +115,7 @@ def password_reset(request, is_admin_site=False,
         if form.is_valid():
 
             ### email check in manifold DB ###
-            email = form.cleaned_data['email'] # email inserted on the form
+            email = form.cleaned_data['email'].lower() # email inserted on the form
             user_query  = Query().get('local:user').select('user_id','email')
             user_details = execute_admin_query(request, user_query)
             flag = 0
@@ -82,7 +126,7 @@ def password_reset(request, is_admin_site=False,
                     
             if flag == 0:
                 messages.error(request, 'Sorry, this email is not registered.')
-                return render(request, 'registration/password_reset_form.html', {
+                return render(request, 'password_reset_form.html', {
                     'form': form,
                     })
             ### end of email check in manifold  ### 
@@ -111,7 +155,7 @@ def password_reset(request, is_admin_site=False,
 
 
 def password_reset_done(request,
-                        template_name='registration/password_reset_done.html',
+                        template_name='password_reset_done.html',
                         current_app=None, extra_context=None):
     context = {}
     if extra_context is not None:
@@ -124,7 +168,7 @@ def password_reset_done(request,
 @sensitive_post_parameters()
 @never_cache
 def password_reset_confirm(request, uidb36=None, token=None,
-                           template_name='registration/password_reset_confirm.html',
+                           template_name='password_reset_confirm.html',
                            token_generator=default_token_generator,
                            set_password_form=SetPasswordForm,
                            post_reset_redirect=None,
@@ -152,13 +196,13 @@ def password_reset_confirm(request, uidb36=None, token=None,
                 ### manifold pass update ###
                 #password = form.cleaned_data('password1')
                 password=request.POST['new_password1']
-                user_query  = Query().get('local:user').select('user_id','email','password')
-                user_details = execute_admin_query(request, user_query)
-                for user_detail in user_details:
-                    if user_detail['email'] == user.email:
-                        user_detail['password'] = password
+                #user_query  = Query().get('local:user').select('user_id','email','password')
+                #user_details = execute_admin_query(request, user_query)
+                #for user_detail in user_details:
+                #    if user_detail['email'] == user.email:
+                #        user_detail['password'] = password
                 #updating password in local:user
-                user_params = { 'password': user_detail['password']}
+                user_params = { 'password': password}
                 manifold_update_user(request,user.email,user_params)    
                 ### end of manifold pass update ###            
     
@@ -181,7 +225,7 @@ def password_reset_confirm(request, uidb36=None, token=None,
 
 
 def password_reset_complete(request,
-                            template_name='registration/password_reset_complete.html',
+                            template_name='password_reset_complete.html',
                             current_app=None, extra_context=None):
     context = {
         'login_url': resolve_url(settings.LOGIN_URL)