zedfrigg/bookwyrm
1
0
Fork 0
Code Activity

Merge pull request #2229 from bookwyrm-social/password-validation

Browse source 
Password validation
This commit is contained in:
Mouse Reeve 2022-07-15 11:53:27 -07:00 committed by GitHub
commit 086ec10849
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 158 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

15
bookwyrm/views/landing/password.py
View file

@ -5,7 +5,7 @@ from django.shortcuts import redirect
from django.template.response import TemplateResponse
from django.views import View
from bookwyrm import models
from bookwyrm import forms, models
from bookwyrm.emailing import password_reset_email
@ -57,7 +57,8 @@ class PasswordReset(View):
except models.PasswordReset.DoesNotExist:
raise PermissionDenied()
return TemplateResponse(request, "landing/password_reset.html", {"code": code})
data = {"code": code, "form": forms.PasswordResetForm()}
return TemplateResponse(request, "landing/password_reset.html", data)
def post(self, request, code):
"""allow a user to change their password through an emailed token"""
@ -68,14 +69,12 @@ class PasswordReset(View):
return TemplateResponse(request, "landing/password_reset.html", data)
user = reset_code.user
new_password = request.POST.get("password")
confirm_password = request.POST.get("confirm-password")
if new_password != confirm_password:
data = {"errors": ["Passwords do not match"]}
form = forms.PasswordResetForm(request.POST, instance=user)
if not form.is_valid():
data = {"code": code, "form": form}
return TemplateResponse(request, "landing/password_reset.html", data)
new_password = form.cleaned_data["password"]
user.set_password(new_password)
user.save(broadcast=False, update_fields=["password"])
login(request, user)

30
bookwyrm/views/preferences/change_password.py
View file

@ -3,11 +3,10 @@ from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _
from django.views import View
from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters
from bookwyrm import models
from bookwyrm import forms
# pylint: disable= no-self-use
@ -17,33 +16,24 @@ class ChangePassword(View):
def get(self, request):
"""change password page"""
data = {"user": request.user}
data = {"form": forms.ChangePasswordForm()}
return TemplateResponse(request, "preferences/change_password.html", data)
@sensitive_variables("new_password")
@sensitive_variables("confirm_password")
@method_decorator(sensitive_variables("new_password"))
@method_decorator(sensitive_post_parameters("current_password"))
@method_decorator(sensitive_post_parameters("password"))
@method_decorator(sensitive_post_parameters("confirm__password"))
@method_decorator(sensitive_post_parameters("confirm_password"))
def post(self, request):
"""allow a user to change their password"""
data = {"user": request.user}
# check current password
user = models.User.objects.get(id=request.user.id)
if not user.check_password(request.POST.get("current_password")):
data["errors"] = {"current_password": [_("Incorrect password")]}
return TemplateResponse(request, "preferences/change_password.html", data)
new_password = request.POST.get("password")
confirm_password = request.POST.get("confirm-password")
if new_password != confirm_password:
data["errors"] = {"confirm_password": [_("Password does not match")]}
form = forms.ChangePasswordForm(request.POST, instance=request.user)
if not form.is_valid():
data = {"form": form}
return TemplateResponse(request, "preferences/change_password.html", data)
new_password = form.cleaned_data["password"]
request.user.set_password(new_password)
request.user.save(broadcast=False, update_fields=["password"])
login(request, request.user)
data["success"] = True
data = {"success": True, "form": forms.ChangePasswordForm()}
return TemplateResponse(request, "preferences/change_password.html", data)