Skip to content
Newer
Older
100644 412 lines (354 sloc) 14.4 KB
52a9e15 @apollo13 Fixed a regression in the user admin page introduced in a92e7f3.
apollo13 authored Jul 7, 2012
1 from __future__ import unicode_literals
2
2619dc8 @jezdez Fixed #14674 -- Prevent user accounts with an unusable password from …
jezdez authored Jun 26, 2011
3 from django import forms
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
4 from django.contrib.auth import (
5 authenticate, get_user_model, password_validation,
6 )
0ed7d15 @timgraham Sorted imports with isort; refs #23860.
timgraham authored Jan 28, 2015
7 from django.contrib.auth.hashers import (
8 UNUSABLE_PASSWORD_PREFIX, identify_hasher,
9 )
10 from django.contrib.auth.models import User
11 from django.contrib.auth.tokens import default_token_generator
12 from django.contrib.sites.shortcuts import get_current_site
a00b78b @jorgecarleitao Fixed #17431 -- Added send_mail() method to PasswordResetForm.
jorgecarleitao authored May 9, 2014
13 from django.core.mail import EmailMultiAlternatives
18ffdb1 @timgraham Fixed #17627 -- Renamed util.py files to utils.py
timgraham authored Sep 16, 2013
14 from django.forms.utils import flatatt
24f4764 @jezdez Fixed #16225 -- Removed unused imports. Many thanks to Aymeric August…
jezdez authored Jul 13, 2011
15 from django.template import loader
1184d07 @timgraham Fixed #14881 -- Modified password reset to work with a non-integer Us…
timgraham authored Jun 21, 2013
16 from django.utils.encoding import force_bytes
a92e7f3 @spookylukey Changed a lot of internal code to use 'format_html' where appropriate…
spookylukey authored Jul 3, 2012
17 from django.utils.html import format_html, format_html_join
1184d07 @timgraham Fixed #14881 -- Modified password reset to work with a non-integer Us…
timgraham authored Jun 21, 2013
18 from django.utils.http import urlsafe_base64_encode
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
19 from django.utils.safestring import mark_safe
70a0de3 @freakboy3742 Fixed #3011 -- Added swappable auth.User models.
freakboy3742 authored Sep 26, 2012
20 from django.utils.text import capfirst
d72c0bd @aaugustin Fixed #17457 -- Marked strings used in hash descriptions for translat…
aaugustin authored Dec 24, 2011
21 from django.utils.translation import ugettext, ugettext_lazy as _
2619dc8 @jezdez Fixed #14674 -- Prevent user accounts with an unusable password from …
jezdez authored Jun 26, 2011
22
3e8d8bb @alex Fixed auth to not use an internal implementation detail of SortedDict
alex authored Jul 14, 2012
23
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
24 class ReadOnlyPasswordHashWidget(forms.Widget):
25 def render(self, name, value, attrs):
dce820f @PaulMcMillan Renovated password hashing. Many thanks to Justine Tunney for help wi…
PaulMcMillan authored Dec 23, 2011
26 encoded = value
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
27 final_attrs = self.build_attrs(attrs)
dce820f @PaulMcMillan Renovated password hashing. Many thanks to Justine Tunney for help wi…
PaulMcMillan authored Dec 23, 2011
28
aeb1389 @erikr Fixed #20079 -- Improve security of password reset tokens
erikr authored Jun 18, 2013
29 if not encoded or encoded.startswith(UNUSABLE_PASSWORD_PREFIX):
703c266 @claudep Fixed #18182 -- Made is_usable_password check if hashing algorithm is…
claudep authored Sep 12, 2012
30 summary = mark_safe("<strong>%s</strong>" % ugettext("No password set."))
a8d0fc1 @aaugustin Fixed #17944 -- Prevented an error in the user change page of the adm…
aaugustin authored Mar 22, 2012
31 else:
703c266 @claudep Fixed #18182 -- Made is_usable_password check if hashing algorithm is…
claudep authored Sep 12, 2012
32 try:
33 hasher = identify_hasher(encoded)
34 except ValueError:
35 summary = mark_safe("<strong>%s</strong>" % ugettext(
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
36 "Invalid password format or unknown hashing algorithm."
37 ))
703c266 @claudep Fixed #18182 -- Made is_usable_password check if hashing algorithm is…
claudep authored Sep 12, 2012
38 else:
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
39 summary = format_html_join(
40 '', '<strong>{}</strong>: {} ',
41 ((ugettext(key), value) for key, value in hasher.safe_summary(encoded).items())
42 )
dce820f @PaulMcMillan Renovated password hashing. Many thanks to Justine Tunney for help wi…
PaulMcMillan authored Dec 23, 2011
43
560b420 @berkerpeksag Removed redundant numbered parameters from str.format().
berkerpeksag authored Nov 27, 2014
44 return format_html("<div{}>{}</div>", flatatt(final_attrs), summary)
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
45
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
46
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
47 class ReadOnlyPasswordHashField(forms.Field):
48 widget = ReadOnlyPasswordHashWidget
49
50 def __init__(self, *args, **kwargs):
51 kwargs.setdefault("required", False)
52 super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
53
a0cd6dd @claudep Fixed #19349 -- Fixed re-rendering of ReadOnlyPasswordHashWidget
claudep authored Dec 1, 2012
54 def bound_data(self, data, initial):
55 # Always return initial because the widget doesn't
56 # render an input field.
57 return initial
58
deed00c @gmunumel Fixed #23162 -- Renamed forms.Field._has_changed() to has_changed().
gmunumel authored Aug 6, 2014
59 def has_changed(self, initial, data):
1686e0d @claudep Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField
claudep authored Jan 25, 2013
60 return False
61
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
62
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
63 class UserCreationForm(forms.ModelForm):
64 """
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
65 A form that creates a user, with no privileges, from the given username and
66 password.
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
67 """
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
68 error_messages = {
69 'password_mismatch': _("The two password fields didn't match."),
70 }
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
71 password1 = forms.CharField(
72 label=_("Password"),
d0fe6c9 @vincepandolfo Fixed #26334 -- Removed whitespace stripping from contrib.auth passwo…
vincepandolfo authored Mar 14, 2016
73 strip=False,
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
74 widget=forms.PasswordInput,
75 )
76 password2 = forms.CharField(
77 label=_("Password confirmation"),
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
78 widget=forms.PasswordInput,
d0fe6c9 @vincepandolfo Fixed #26334 -- Removed whitespace stripping from contrib.auth passwo…
vincepandolfo authored Mar 14, 2016
79 strip=False,
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
80 help_text=_("Enter the same password as before, for verification."),
81 )
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
82
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
83 class Meta:
84 model = User
85 fields = ("username",)
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
86
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
87 def __init__(self, *args, **kwargs):
88 super(UserCreationForm, self).__init__(*args, **kwargs)
efa9539 @berkerpeksag Fixed #26381 -- Made UserCreationForm reusable with custom user model…
berkerpeksag authored Mar 20, 2016
89 self.fields[self._meta.model.USERNAME_FIELD].widget.attrs.update({'autofocus': ''})
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
90
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
91 def clean_password2(self):
09a719a @claudep Fixed #7833 -- Improved UserCreationForm password validation
claudep authored Aug 4, 2012
92 password1 = self.cleaned_data.get("password1")
93 password2 = self.cleaned_data.get("password2")
94 if password1 and password2 and password1 != password2:
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
95 raise forms.ValidationError(
ee77d4b @loic Fixed #20199 -- Allow ModelForm fields to override error_messages fro…
loic authored Jun 5, 2013
96 self.error_messages['password_mismatch'],
97 code='password_mismatch',
98 )
774c16d @timgraham Fixed #25052; refs #16860 -- Added password validation to UserCreatio…
timgraham authored Jul 6, 2015
99 self.instance.username = self.cleaned_data.get('username')
100 password_validation.validate_password(self.cleaned_data.get('password2'), self.instance)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
101 return password2
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
102
2f9853b @jkocherhans Fixed #12512. Changed ModelForm to stop performing model validation o…
jkocherhans authored Jan 12, 2010
103 def save(self, commit=True):
104 user = super(UserCreationForm, self).save(commit=False)
105 user.set_password(self.cleaned_data["password1"])
106 if commit:
107 user.save()
108 return user
109
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
110
78d13fb @jacobian Fixed #8379: the admin user change form now properly validates the us…
jacobian authored Aug 25, 2008
111 class UserChangeForm(forms.ModelForm):
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
112 password = ReadOnlyPasswordHashField(
113 label=_("Password"),
114 help_text=_(
115 "Raw passwords are not stored, so there is no way to see this "
116 "user's password, but you can change the password using "
117 "<a href=\"../password/\">this form</a>."
118 ),
119 )
718a5ba @adrianholovaty Fixed #16845 -- Admin 'Change user' page no longer shows the password…
adrianholovaty authored Dec 9, 2011
120
78d13fb @jacobian Fixed #8379: the admin user change form now properly validates the us…
jacobian authored Aug 25, 2008
121 class Meta:
122 model = User
f026a51 @spookylukey Fixed #19733 - deprecated ModelForms without 'fields' or 'exclude', a…
spookylukey authored Feb 21, 2013
123 fields = '__all__'
78d13fb @jacobian Fixed #8379: the admin user change form now properly validates the us…
jacobian authored Aug 25, 2008
124
bdd13a4 @spookylukey Fixed #14090 - Many sql queries needed to display change user form
spookylukey authored Sep 3, 2010
125 def __init__(self, *args, **kwargs):
126 super(UserChangeForm, self).__init__(*args, **kwargs)
4157c50 @piotrjakimiak Removed unnecessary arguments in .get method calls
piotrjakimiak authored May 13, 2015
127 f = self.fields.get('user_permissions')
303bdc8 @spookylukey Fixed #14242 - UserChangeForm subclasses without 'user_permissions' f…
spookylukey authored Sep 9, 2010
128 if f is not None:
129 f.queryset = f.queryset.select_related('content_type')
bdd13a4 @spookylukey Fixed #14090 - Many sql queries needed to display change user form
spookylukey authored Sep 3, 2010
130
04b53eb @freakboy3742 Fixed #19133 -- Corrected regression in form handling for user passwo…
freakboy3742 authored Oct 20, 2012
131 def clean_password(self):
132 # Regardless of what the user provides, return the initial value.
133 # This is done here, rather than on the field, because the
134 # field does not have access to the initial value
135 return self.initial["password"]
136
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
137
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
138 class AuthenticationForm(forms.Form):
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
139 """
140 Base class for authenticating users. Extend this to get a form that accepts
141 username/password logins.
142 """
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
143 username = forms.CharField(
144 max_length=254,
145 widget=forms.TextInput(attrs={'autofocus': ''}),
146 )
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
147 password = forms.CharField(
148 label=_("Password"),
149 strip=False,
150 widget=forms.PasswordInput,
151 )
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
152
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
153 error_messages = {
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
154 'invalid_login': _(
155 "Please enter a correct %(username)s and password. Note that both "
156 "fields may be case-sensitive."
157 ),
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
158 'inactive': _("This account is inactive."),
159 }
160
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
161 def __init__(self, request=None, *args, **kwargs):
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
162 """
22d82a7 @ptone Fixed #15198 -- pass request to AuthenticationForm
ptone authored Feb 23, 2013
163 The 'request' parameter is set for custom auth use by subclasses.
164 The form data comes in via the standard 'data' kwarg.
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
165 """
166 self.request = request
167 self.user_cache = None
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
168 super(AuthenticationForm, self).__init__(*args, **kwargs)
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
169
70a0de3 @freakboy3742 Fixed #3011 -- Added swappable auth.User models.
freakboy3742 authored Sep 26, 2012
170 # Set the label for the "username" field.
171 UserModel = get_user_model()
27f8129 @freakboy3742 Fixed #19368 -- Ensured that login error messages adapt to changes in…
freakboy3742 authored Dec 15, 2012
172 self.username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
0732c8e Fixed #20357 -- Allow empty username field label in `Authentification…
Mark Huang authored May 6, 2013
173 if self.fields['username'].label is None:
cdad0b2 @slurms Fixed #19573 -- Allow override of username field label in Authenticat…
slurms authored Jan 10, 2013
174 self.fields['username'].label = capfirst(self.username_field.verbose_name)
70a0de3 @freakboy3742 Fixed #3011 -- Added swappable auth.User models.
freakboy3742 authored Sep 26, 2012
175
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
176 def clean(self):
177 username = self.cleaned_data.get('username')
178 password = self.cleaned_data.get('password')
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
179
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
180 if username and password:
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
181 self.user_cache = authenticate(username=username, password=password)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
182 if self.user_cache is None:
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
183 raise forms.ValidationError(
ee77d4b @loic Fixed #20199 -- Allow ModelForm fields to override error_messages fro…
loic authored Jun 5, 2013
184 self.error_messages['invalid_login'],
185 code='invalid_login',
186 params={'username': self.username_field.verbose_name},
187 )
a188939 @timgraham Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to all…
timgraham authored Jul 30, 2013
188 else:
189 self.confirm_login_allowed(self.user_cache)
190
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
191 return self.cleaned_data
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
192
a188939 @timgraham Fixed #12103 -- Added AuthenticationForm.confirm_login_allowed to all…
timgraham authored Jul 30, 2013
193 def confirm_login_allowed(self, user):
194 """
195 Controls whether the given User may log in. This is a policy setting,
196 independent of end-user authentication. This default behavior is to
197 allow login by active users, and reject login by inactive users.
198
199 If the given user cannot log in, this method should raise a
200 ``forms.ValidationError``.
201
202 If the given user may log in, this method should return None.
203 """
204 if not user.is_active:
205 raise forms.ValidationError(
206 self.error_messages['inactive'],
207 code='inactive',
208 )
209
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
210 def get_user_id(self):
211 if self.user_cache:
212 return self.user_cache.id
213 return None
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
214
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
215 def get_user(self):
216 return self.user_cache
217
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
218
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
219 class PasswordResetForm(forms.Form):
bfcda77 @freakboy3742 Fixed #19130 -- Made some of the auth forms more flexible for user mo…
freakboy3742 authored Oct 16, 2012
220 email = forms.EmailField(label=_("Email"), max_length=254)
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
221
a00b78b @jorgecarleitao Fixed #17431 -- Added send_mail() method to PasswordResetForm.
jorgecarleitao authored May 9, 2014
222 def send_mail(self, subject_template_name, email_template_name,
223 context, from_email, to_email, html_email_template_name=None):
224 """
225 Sends a django.core.mail.EmailMultiAlternatives to `to_email`.
226 """
227 subject = loader.render_to_string(subject_template_name, context)
228 # Email subject *must not* contain newlines
229 subject = ''.join(subject.splitlines())
230 body = loader.render_to_string(email_template_name, context)
231
232 email_message = EmailMultiAlternatives(subject, body, from_email, [to_email])
233 if html_email_template_name is not None:
234 html_email = loader.render_to_string(html_email_template_name, context)
235 email_message.attach_alternative(html_email, 'text/html')
236
237 email_message.send()
238
89559bc @carljm Fixed #23409 -- Extract PasswordResetForm.get_users method.
carljm authored Sep 3, 2014
239 def get_users(self, email):
240 """Given an email, return matching user(s) who should receive a reset.
241
242 This allows subclasses to more easily customize the default policies
243 that prevent inactive users and users with unusable passwords from
244 resetting their password.
245 """
246 active_users = get_user_model()._default_manager.filter(
247 email__iexact=email, is_active=True)
248 return (u for u in active_users if u.has_usable_password())
249
656360c @jezdez Fixed #12202 -- Removed hardcoded password reset subject and added a …
jezdez authored Jun 19, 2011
250 def save(self, domain_override=None,
251 subject_template_name='registration/password_reset_subject.txt',
252 email_template_name='registration/password_reset_email.html',
253 use_https=False, token_generator=default_token_generator,
d8d8533 @SujaySKumar Fixed #24944 -- Added extra_email_context parameter to password_reset…
SujaySKumar authored Jun 18, 2015
254 from_email=None, request=None, html_email_template_name=None,
255 extra_email_context=None):
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
256 """
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
257 Generates a one-use only link for resetting password and sends to the
258 user.
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
259 """
2f4a470 @zerok Fixed #19758 -- Avoided leaking email existence through the password …
zerok authored Feb 23, 2013
260 email = self.cleaned_data["email"]
89559bc @carljm Fixed #23409 -- Extract PasswordResetForm.get_users method.
carljm authored Sep 3, 2014
261 for user in self.get_users(email):
18619a1 @spookylukey Fixed behaviour of contrib.auth.forms.PasswordResetForm when more than
spookylukey authored Jun 19, 2007
262 if not domain_override:
667d832 @spookylukey Fixed #14386, #8960, #10235, #10909, #10608, #13845, #14377 - standar…
spookylukey authored Oct 4, 2010
263 current_site = get_current_site(request)
18619a1 @spookylukey Fixed behaviour of contrib.auth.forms.PasswordResetForm when more than
spookylukey authored Jun 19, 2007
264 site_name = current_site.name
265 domain = current_site.domain
266 else:
267 site_name = domain = domain_override
a00b78b @jorgecarleitao Fixed #17431 -- Added send_mail() method to PasswordResetForm.
jorgecarleitao authored May 9, 2014
268 context = {
18619a1 @spookylukey Fixed behaviour of contrib.auth.forms.PasswordResetForm when more than
spookylukey authored Jun 19, 2007
269 'email': user.email,
270 'domain': domain,
271 'site_name': site_name,
1184d07 @timgraham Fixed #14881 -- Modified password reset to work with a non-integer Us…
timgraham authored Jun 21, 2013
272 'uid': urlsafe_base64_encode(force_bytes(user.pk)),
18619a1 @spookylukey Fixed behaviour of contrib.auth.forms.PasswordResetForm when more than
spookylukey authored Jun 19, 2007
273 'user': user,
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
274 'token': token_generator.make_token(user),
0fa8d43 @ramiro Replaced `and...or...` constructs with PEP 308 conditional expressions.
ramiro authored May 26, 2013
275 'protocol': 'https' if use_https else 'http',
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
276 }
d8d8533 @SujaySKumar Fixed #24944 -- Added extra_email_context parameter to password_reset…
SujaySKumar authored Jun 18, 2015
277 if extra_email_context is not None:
278 context.update(extra_email_context)
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
279 self.send_mail(
280 subject_template_name, email_template_name, context, from_email,
281 user.email, html_email_template_name=html_email_template_name,
282 )
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
283
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
284
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
285 class SetPasswordForm(forms.Form):
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
286 """
8fbf13a @colons Replaced instances of 'his/her' with 'their'.
colons authored Jul 21, 2014
287 A form that lets a user change set their password without entering the old
288 password
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
289 """
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
290 error_messages = {
291 'password_mismatch': _("The two password fields didn't match."),
292 }
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
293 new_password1 = forms.CharField(
294 label=_("New password"),
295 widget=forms.PasswordInput,
296 strip=False,
297 help_text=password_validation.password_validators_help_text_html(),
298 )
299 new_password2 = forms.CharField(
300 label=_("New password confirmation"),
301 strip=False,
302 widget=forms.PasswordInput,
303 )
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
304
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
305 def __init__(self, user, *args, **kwargs):
f69cf70 @adrianholovaty MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards…
adrianholovaty authored May 2, 2006
306 self.user = user
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
307 super(SetPasswordForm, self).__init__(*args, **kwargs)
308
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
309 def clean_new_password2(self):
310 password1 = self.cleaned_data.get('new_password1')
311 password2 = self.cleaned_data.get('new_password2')
312 if password1 and password2:
313 if password1 != password2:
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
314 raise forms.ValidationError(
ee77d4b @loic Fixed #20199 -- Allow ModelForm fields to override error_messages fro…
loic authored Jun 5, 2013
315 self.error_messages['password_mismatch'],
316 code='password_mismatch',
317 )
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
318 password_validation.validate_password(password2, self.user)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
319 return password2
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
320
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
321 def save(self, commit=True):
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
322 password = self.cleaned_data["new_password1"]
323 self.user.set_password(password)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
324 if commit:
325 self.user.save()
326 return self.user
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
327
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
328
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
329 class PasswordChangeForm(SetPasswordForm):
330 """
8fbf13a @colons Replaced instances of 'his/her' with 'their'.
colons authored Jul 21, 2014
331 A form that lets a user change their password by entering their old
332 password.
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
333 """
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
334 error_messages = dict(SetPasswordForm.error_messages, **{
df8d8d4 @timgraham Fixed E128 flake8 warnings in django/.
timgraham authored Mar 28, 2016
335 'password_incorrect': _("Your old password was entered incorrectly. Please enter it again."),
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
336 })
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
337 old_password = forms.CharField(
338 label=_("Old password"),
d0fe6c9 @vincepandolfo Fixed #26334 -- Removed whitespace stripping from contrib.auth passwo…
vincepandolfo authored Mar 14, 2016
339 strip=False,
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
340 widget=forms.PasswordInput(attrs={'autofocus': ''}),
341 )
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
342
28986da @ttanner Fixed #5986 -- Added ability to customize order of Form fields
ttanner authored Mar 16, 2015
343 field_order = ['old_password', 'new_password1', 'new_password2']
344
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
345 def clean_old_password(self):
346 """
347 Validates that the old_password field is correct.
348 """
349 old_password = self.cleaned_data["old_password"]
350 if not self.user.check_password(old_password):
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
351 raise forms.ValidationError(
ee77d4b @loic Fixed #20199 -- Allow ModelForm fields to override error_messages fro…
loic authored Jun 5, 2013
352 self.error_messages['password_incorrect'],
353 code='password_incorrect',
354 )
fcd837c @spookylukey Fixed #7723 - implemented a secure password reset form that uses a to…
spookylukey authored Jul 31, 2008
355 return old_password
3e8d8bb @alex Fixed auth to not use an internal implementation detail of SortedDict
alex authored Jul 14, 2012
356
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
357
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
358 class AdminPasswordChangeForm(forms.Form):
359 """
360 A form used to change the password of a user in the admin interface.
361 """
5df31c0 @jezdez Fixed #17194 -- Made sure the auth form tests work if a language othe…
jezdez authored Dec 15, 2011
362 error_messages = {
363 'password_mismatch': _("The two password fields didn't match."),
364 }
ed4c2e1 @timgraham Fixed #22329 -- Used label_tag() in some admin auth templates.
timgraham authored Mar 24, 2014
365 required_css_class = 'required'
271d4f8 @timgraham Fixed #23948 -- Moved password help text from the template to the form.
timgraham authored Dec 26, 2014
366 password1 = forms.CharField(
367 label=_("Password"),
d638cdc @graingert Fixed #25165 -- Removed inline JavaScript from the admin.
graingert authored Nov 23, 2015
368 widget=forms.PasswordInput(attrs={'autofocus': ''}),
d0fe6c9 @vincepandolfo Fixed #26334 -- Removed whitespace stripping from contrib.auth passwo…
vincepandolfo authored Mar 14, 2016
369 strip=False,
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
370 help_text=password_validation.password_validators_help_text_html(),
271d4f8 @timgraham Fixed #23948 -- Moved password help text from the template to the form.
timgraham authored Dec 26, 2014
371 )
372 password2 = forms.CharField(
373 label=_("Password (again)"),
374 widget=forms.PasswordInput,
d0fe6c9 @vincepandolfo Fixed #26334 -- Removed whitespace stripping from contrib.auth passwo…
vincepandolfo authored Mar 14, 2016
375 strip=False,
c082363 @wimfeijen Reworded contrib.auth forms' password confirmation help_text.
wimfeijen authored Jul 20, 2015
376 help_text=_("Enter the same password as before, for verification."),
271d4f8 @timgraham Fixed #23948 -- Moved password help text from the template to the form.
timgraham authored Dec 26, 2014
377 )
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
378
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
379 def __init__(self, user, *args, **kwargs):
7180207 @adrianholovaty Fixed #3166 -- Added admin 'Change user password' view. Thanks for th…
adrianholovaty authored Dec 30, 2006
380 self.user = user
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
381 super(AdminPasswordChangeForm, self).__init__(*args, **kwargs)
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
382
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
383 def clean_password2(self):
384 password1 = self.cleaned_data.get('password1')
385 password2 = self.cleaned_data.get('password2')
386 if password1 and password2:
387 if password1 != password2:
991d3d6 @jphalip Slightly improved the help text for the "Password" field in the `auth…
jphalip authored Jan 2, 2012
388 raise forms.ValidationError(
ee77d4b @loic Fixed #20199 -- Allow ModelForm fields to override error_messages fro…
loic authored Jun 5, 2013
389 self.error_messages['password_mismatch'],
390 code='password_mismatch',
391 )
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
392 password_validation.validate_password(password2, self.user)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
393 return password2
8e24b37 @spookylukey Cleaned up whitespace
spookylukey authored Aug 5, 2008
394
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
395 def save(self, commit=True):
396 """
397 Saves the new password.
398 """
1daae25 @erikr Fixed #16860 -- Added password validation to django.contrib.auth.
erikr authored Mar 8, 2015
399 password = self.cleaned_data["password1"]
400 self.user.set_password(password)
a19ed8a @brosner Merged the newforms-admin branch into trunk.
brosner authored Jul 18, 2008
401 if commit:
402 self.user.save()
403 return self.user
33242fe @fanatid Fixed #19019 -- Fixed UserAdmin to log password change.
fanatid authored Oct 24, 2012
404
405 def _get_changed_data(self):
406 data = super(AdminPasswordChangeForm, self).changed_data
407 for name in self.fields.keys():
408 if name not in data:
409 return []
410 return ['password']
411 changed_data = property(_get_changed_data)
Something went wrong with that request. Please try again.