VladislavOstapov/ospaz-site
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

смена пароля работает

Browse Source
This commit is contained in:
VladislavOstapov 2024-01-19 16:07:47 +03:00
parent 345d807f06
commit a354a7bc48
4 changed files with 96 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
templates/account/change-password-done.html Normal file
View File

@ -0,0 +1,12 @@
{% extends 'base.html' %}
{% load static %}
{% block title %} Пароль изменен {% endblock %}
{% block header-title %}
<h1> Пароль аккаунта {{ target_user.login }} изменен! </h1>
{% endblock %}
{% block content %}
<p><a href="{% url 'index' %}" class="value-good">Вернуться на главную</a></p>
{% endblock %}

26
templates/account/change-password.html
View File

@ -10,12 +10,32 @@
<form method="POST"> <form method="POST">
{% csrf_token %} {% csrf_token %}
{% for field in form %} {% if old_password_required %}
<div class="form-row"> <div class="form-row">
{{ field.label_tag }} {{ field }} <label for="current_password">Текущий пароль</label>
{{ field.errors }} <input type="password" name="current_password" id="current_password" required
{% if not old_password_wrong %}value="{{ request.POST.current_password }}"{% endif %}/>
{% if old_password_wrong %}
<p class="value-bad"> Проверьте правильность ввода пароля </p>
{% endif %}
</div> </div>
{% endif %}
<div class="form-row">
<label for="password1">Новый пароль</label>
<input type="password" name="password1" id="password1" required/>
{% for err in new_password_errors %}
<p class="value-bad">{{ err }}</p>
{% endfor %} {% endfor %}
</div>
<div class="form-row">
<label for="password2">Подтверждение нового пароля</label>
<input type="password" name="password2" id="password2" required/>
{% if not new_password_equals %}
<p class="value-bad"> Пароли не совпадают </p>
{% endif %}
</div>
<div class="form-row"> <div class="form-row">
<input id="submit" type="submit" value="Подтвердить"> <input id="submit" type="submit" value="Подтвердить">

1
users/models.py
View File

@ -8,7 +8,6 @@ from .managers import CustomUserManager
class User(AbstractBaseUser): class User(AbstractBaseUser):
login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True) login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True)
password = models.CharField(verbose_name="Пароль", max_length=128)
last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True) last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True)
is_superuser = models.BooleanField(default=False, verbose_name="Администратор") is_superuser = models.BooleanField(default=False, verbose_name="Администратор")
registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации") registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации")

66
users/views.py
View File

@ -1,10 +1,10 @@
import os from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404, HttpResponseForbidden
from django.contrib.auth.forms import PasswordChangeForm
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404
from django.shortcuts import render from django.shortcuts import render
# from django.db.models import Manager # from django.db.models import Manager
from django.contrib.auth import authenticate, login, logout, update_session_auth_hash from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
from django.contrib.auth.hashers import check_password
from django.contrib.auth.password_validation import validate_password, password_changed
from django.core.exceptions import ValidationError
from django.contrib.auth.decorators import login_required, permission_required from django.contrib.auth.decorators import login_required, permission_required
from .models import User from .models import User
from .forms import UserRegisterForm from .forms import UserRegisterForm
@ -34,8 +34,11 @@ def view_login(request):
'message': None 'message': None
} }
if request.method == "POST": if request.method == "POST":
try:
username = request.POST["username"] username = request.POST["username"]
password = request.POST["password"] password = request.POST["password"]
except KeyError:
return HttpResponseBadRequest()
user = authenticate(request, username=username, password=password) user = authenticate(request, username=username, password=password)
if user is not None: if user is not None:
login(request, user) login(request, user)
@ -82,24 +85,61 @@ def view_register(request):
@login_required @login_required
def view_change_password(request): def view_change_password(request):
user = request.user target_user = request.user
old_password_required = True
if 'username' in request.GET: if 'username' in request.GET:
if request.GET['username'] != target_user.login:
if request.user.has_perm('users.change_user'): if request.user.has_perm('users.change_user'):
old_password_required = False
try: try:
user = User.objects.get_by_natural_key(request.GET['username']) target_user = User.objects.get_by_natural_key(request.GET['username'])
except: except:
return Http404() return Http404()
else: else:
raise PermissionError() return HttpResponseForbidden()
render_context = {
'target_user': target_user,
'old_password_required': old_password_required,
'old_password_wrong': False,
'new_password_errors': None,
'new_password_equals': True
}
form = PasswordChangeForm(user=user, data=(request.POST or None))
if request.method == "POST": if request.method == "POST":
if form.is_valid(): # для начала проверка того, что старый пароль
form.save() form_valid = True
update_session_auth_hash(request, form.user) try:
return HttpResponseRedirect('account') post_curr_pass = request.POST['current_password'] if old_password_required else None
post_pass1 = request.POST['password1']
post_pass2 = request.POST['password2']
except KeyError:
return HttpResponseBadRequest()
return render(request, 'account/change-password.html', {'form': form, 'target_user': user}) if old_password_required:
if not check_password(post_curr_pass, target_user.password):
render_context['old_password_wrong'] = False
form_valid = False
# теперь проверим то, что пароли одинаковые
if post_pass1 != post_pass2:
render_context['new_password_equals'] = False
form_valid = False
# теперь проверим, что пароль ввели нормальный
try:
validate_password(post_pass1, target_user)
except ValidationError as ve:
render_context['new_password_errors'] = ve.messages
form_valid = False
if form_valid:
password_changed(post_pass1, target_user)
target_user.save()
update_session_auth_hash(request, target_user)
return render(request, 'account/change-password-done.html', {'target_user': target_user})
return render(request, 'account/change-password.html', render_context)
@login_required @login_required