Permalink
Browse files

Default behaviour is no longer to ask the user to enter their old pas…

…sword before setting their password to something else on /openid/password/ - this is a bit of a cheat to avoid having to solve a different problem, which is that if a user has just recovered their account via e-mail (because they lost their password) they should be able to reset their password without first entering the old one. I hope to support that case eventually.
  • Loading branch information...
1 parent 2bfe9c5 commit d3a228dc07b00647c8c13124ef319f194d3861ed Simon Willison committed May 25, 2009
Showing with 20 additions and 8 deletions.
  1. +20 −8 django_openid/forms.py
View
@@ -100,11 +100,30 @@ class ChangePasswordForm(forms.Form):
label = 'Confirm password'
)
password_mismatch_error = 'Your passwords do not match'
- password_incorrect_error = 'Your password is incorrect'
def __init__(self, user, *args, **kwargs):
self.user = user
super(ChangePasswordForm, self).__init__(*args, **kwargs)
+
+ def clean_password2(self):
+ password = self.cleaned_data.get('password', '')
+ password2 = self.cleaned_data.get('password2', '')
+ if password and (password != password2):
+ raise forms.ValidationError, self.password_mismatch_error
+ return password2
+
+class ChangePasswordVerifyOldForm(ChangePasswordForm):
+ """
+ Use this if you want the user to enter their old password first
+
+ Careful though... if hte user has just recovered their account, they
+ should be able to reset their password without having to enter the old
+ one. This case is not currently handled.
+ """
+ password_incorrect_error = 'Your password is incorrect'
+
+ def __init__(self, *args, **kwargs):
+ super(ChangePasswordVerifyOldForm, self).__init__(*args, **kwargs)
if self.user.has_usable_password() and self.user.password:
# Only ask for their old password if they have set it already
self.fields['old_password'] = forms.CharField(
@@ -116,10 +135,3 @@ def clean_old_password(self):
password = self.cleaned_data.get('old_password', '')
if not self.user.check_password(password):
raise forms.ValidationError, self.password_incorrect_error
-
- def clean_password2(self):
- password = self.cleaned_data.get('password', '')
- password2 = self.cleaned_data.get('password2', '')
- if password and (password != password2):
- raise forms.ValidationError, self.password_mismatch_error
- return password2

0 comments on commit d3a228d

Please sign in to comment.