Add change password form to account manage view. Fixes: 129.

botbot/apps/accounts/tests.py

@@ -145,6 +145,42 @@ def test_update_account(self):
         self.assertEqual(user.username, 'marie')
         self.assertEqual(user.nick, 'marie')
 
+    def test_change_password(self):
+        """
+        Ensure the users password can be changed.
+        """
+        original_password = self.outsider.password
+        self.client.login(username='Marie Thérèse', password='secret')
+
+        response = self.client.get(self.url)
+        # password form should be in template context
+        self.assertIn('password_form', response.context)
+
+        data = {
+            'username': 'marie',
+            'nick': 'marie',
+            'timezone': self.outsider.timezone,
+            'change_password_toggle': 'yes',
+            'password-form-new_password1': 'abc',
+            'password-form-new_password2': '123'
+        }
+        response = self.client.post(self.url, data=data)
+        self.assertEquals(response.status_code, 200)
+        self.assertEquals(
+            response.context['password_form'].errors,
+            {'new_password2': [u"The two password fields didn't match."]})
+
+        data.update({
+            'password-form-new_password1': 'abc123',
+            'password-form-new_password2': 'abc123',
+        })
+
+        response = self.client.post(self.url, data=data)
+        self.assertEquals(response.status_code, 302)
+        user = account_models.User.objects.get(pk=self.outsider.pk)
+
+        self.assertNotEqual(user.password, original_password)
+
 
 class SetTimezoneTests(AccountMixin, TestCase):
     """

botbot/apps/accounts/views.py

@@ -1,5 +1,5 @@
 from django.contrib.auth.decorators import login_required
-from django.contrib.auth.forms import AuthenticationForm
+from django.contrib.auth.forms import AuthenticationForm, SetPasswordForm
 from django.contrib import messages
 from django.core.urlresolvers import reverse
 from django.http import HttpResponse
@@ -24,12 +24,29 @@ def dispatch(self, *args, **kwargs):
         """
         return super(ManageAccount, self).dispatch(*args, **kwargs)
 
+    def get(self, request, *args, **kwargs):
+        self.password_form = self.get_password_form()
+        return super(ManageAccount, self).get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        if request.POST.get('change_password_toggle'):
+            """
+            Since we're dealing with multiple forms in the template,
+            check the password form here, and if it is invalid,
+            return to the template
+            """
+            self.password_form = self.get_password_form()
+            if not self.password_form.is_valid():
+                form = self.get_form(self.get_form_class())
+                return self.form_invalid(form)
+        return super(ManageAccount, self).post(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super(ManageAccount, self).get_context_data(**kwargs)
         context['breadcrumb'] = 'account'
+        context['password_form'] = self.password_form
         return context
 
-
     def get_success_url(self):
         return reverse('settings_account')
 
@@ -39,9 +56,18 @@ def get_form_kwargs(self, *args, **kwargs):
         form_kwargs['instance'] = self.request.user
         return form_kwargs
 
+    def get_password_form(self):
+        return SetPasswordForm(user=self.request.user,
+            data=self.request.POST or None, prefix='password-form')
+
     def form_valid(self, form, *args, **kwargs):
         response = super(ManageAccount, self).form_valid(form, *args, **kwargs)
         form.save()
+
+        if self.request.POST.get('change_password_toggle'):
+            # the password form is already instantiated in ``post``
+            self.password_form.save()
+
         self.request.session['django_timezone'] = form.instance.timezone
         messages.success(self.request, 'Account details updated.')
         return response

botbot/templates/accounts/manage.html

@@ -4,24 +4,53 @@
 {% block account_active %}active{% endblock %}
 
 {% block content %}
-	<header class="page-header account-header">
-		<h1 class="page-title">Account</h1>
+    <header class="page-header account-header">
+        <h1 class="page-title">Account</h1>
 
-		{#<p class="account-header-intro">Give yourself a username so other users can find you. If it's available, use the same username you use in your channel.</p>#}
-	</header>
+        {#<p class="account-header-intro">Give yourself a username so other users can find you. If it's available, use the same username you use in your channel.</p>#}
+    </header>
 
 
   <form class="manage" id="manage_form" method="post" action=".">
     {% csrf_token %}
 
-		<div class="account-body">
-  	{% for field in form %}
-      	{% include "includes/field.html" with field=field %}
+    <div class="account-body">
+      {% for field in form %}
+          {% include "includes/field.html" with field=field %}
       {% endfor %}
-		</div>
 
+      <label for="change_password_toggle">Change Password <input id="change_password_toggle" type="checkbox"></label>
+
+      <div id="password_form" style="display:none">
+        {% for field in password_form %}
+          {% include "includes/field.html" with field=field %}
+        {% endfor %}
+      </div>
+    </div>
     <div class="form-actions">
-    	<button type="submit" class="btn btn-primary">Update</button>
+        <button type="submit" class="btn btn-primary">Update</button>
     </div>
   </form>
 {% endblock content %}
+
+
+{% block extra_js %}
+
+<script type="text/javascript">
+$(document).ready(function () {
+
+    if ($('#change_password_toggle').is(':checked')) {
+        $('#password_form').show();
+    } else {
+        $('#password_form').hide();
+    }
+
+    $('#change_password_toggle').change(function () {
+        $('#password_form').toggle();
+    });
+});
+
+</script>
+
+{% endblock %}
+