Unify and isolate password changes in password change views

ChangePasswordView and PasswordResetTokenView both change the password of the acting user. Their APIs are now unified. ChangePasswordView used to rely on the form to set the user's password. This has been moved to the view as the correct place for this behavior. This is backwards incompatible for forms that overrode ChangePasswordForm.save to modify the password setting behavior. PasswordResetTokenView has been unified with the new API given to ChangePasswordView. The password_changed signal is now fired from the view when the password is changed. The new API now isolates the password change behavior from actions to take after the password has been changed on the User model or any other behavior a site developer needs to take when password is being changed.
pinax · Jan 4, 2013 · 5db1fb6 · 5db1fb6
1 parent 3ea658f
commit 5db1fb6
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/account/forms.py b/account/forms.py
@@ -141,10 +141,6 @@ def clean_password_new_confirm(self):
             if self.cleaned_data["password_new"] != self.cleaned_data["password_new_confirm"]:
                 raise forms.ValidationError(_("You must type the same password each time."))
         return self.cleaned_data["password_new_confirm"]
-
-    def save(self, user):
-        user.set_password(self.cleaned_data["password_new"])
-        user.save()
 
 
 class PasswordResetForm(forms.Form):

diff --git a/account/views.py b/account/views.py
@@ -389,7 +389,12 @@ def post(self, *args, **kwargs):
 
     def change_password(self, form):
         user = self.request.user
-        form.save(user)
+        user.set_password(form.cleaned_data["password_new"])
+        user.save()
+
+    def after_change_password(self):
+        user = self.request.user
+        signals.password_changed.send(sender=ChangePasswordView, user=user)
         if settings.ACCOUNT_NOTIFY_ON_PASSWORD_CHANGE:
             self.send_email(user)
         if self.messages.get("password_changed"):
@@ -398,7 +403,6 @@ def change_password(self, form):
                 self.messages["password_changed"]["level"],
                 self.messages["password_changed"]["text"]
             )
-        signals.password_changed.send(sender=ChangePasswordForm, user=user)
 
     def get_form_kwargs(self):
         """
@@ -414,6 +418,7 @@ def get_form_kwargs(self):
 
     def form_valid(self, form):
         self.change_password(form)
+        self.after_change_password()
         return redirect(self.get_success_url())
 
     def get_context_data(self, **kwargs):
@@ -528,16 +533,23 @@ def get_context_data(self, **kwargs):
         })
         return ctx
 
-    def form_valid(self, form):
+    def change_password(self, form):
         user = self.get_user()
         user.set_password(form.cleaned_data["password"])
         user.save()
+
+    def after_change_password(self):
+        signals.password_changed.send(sender=PasswordResetTokenView, user=user)
         if self.messages.get("password_changed"):
             messages.add_message(
                 self.request,
                 self.messages["password_changed"]["level"],
                 self.messages["password_changed"]["text"]
             )
+
+    def form_valid(self, form):
+        self.change_password(form)
+        self.after_change_password()
         return redirect(self.get_success_url())
 
     def get_redirect_field_name(self):