смена пароля работает

2024-01-19 16:07:47 +03:00 · 2024-01-19 16:07:47 +03:00 · a354a7bc48
commit a354a7bc48
parent 345d807f06
4 changed files with 96 additions and 25 deletions
--- a/templates/account/change-password-done.html
+++ b/templates/account/change-password-done.html
@ -0,0 +1,12 @@
+{% extends 'base.html' %}
+{% load static %}
+
+{% block title %} Пароль изменен {% endblock %}
+
+{% block header-title %}
+<h1> Пароль аккаунта {{ target_user.login }} изменен! </h1>
+{% endblock %}
+
+{% block content %}
+<p><a href="{% url 'index' %}" class="value-good">Вернуться на главную</a></p>
+{% endblock %}
--- a/templates/account/change-password.html
+++ b/templates/account/change-password.html
@ -10,12 +10,32 @@
    <form method="POST">
        {% csrf_token %}

-        {% for field in form %}
+        {% if old_password_required %}
+            <div class="form-row">
+                <label for="current_password">Текущий пароль</label>
+                <input type="password" name="current_password" id="current_password" required
+                       {% if not old_password_wrong %}value="{{ request.POST.current_password }}"{% endif %}/>
+                {% if old_password_wrong %}
+                <p class="value-bad"> Проверьте правильность ввода пароля </p>
+                {% endif %}
+            </div>
+        {% endif %}
+
        <div class="form-row">
-            {{ field.label_tag }} {{ field }}
-            {{ field.errors }}
+            <label for="password1">Новый пароль</label>
+            <input type="password" name="password1" id="password1" required/>
+            {% for err in new_password_errors %}
+                <p class="value-bad">{{ err }}</p>
+            {% endfor %}
+        </div>
+
+        <div class="form-row">
+            <label for="password2">Подтверждение нового пароля</label>
+            <input type="password" name="password2" id="password2" required/>
+            {% if not new_password_equals %}
+            <p class="value-bad"> Пароли не совпадают </p>
+            {% endif %}
        </div>
-        {% endfor %}

        <div class="form-row">
            <input id="submit" type="submit" value="Подтвердить">
--- a/users/models.py
+++ b/users/models.py
@ -8,7 +8,6 @@ from .managers import CustomUserManager

 class User(AbstractBaseUser):
    login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True)
-    password = models.CharField(verbose_name="Пароль", max_length=128)
    last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True)
    is_superuser = models.BooleanField(default=False, verbose_name="Администратор")
    registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации")
--- a/users/views.py
+++ b/users/views.py
@ -1,10 +1,10 @@
-import os
-
-from django.contrib.auth.forms import PasswordChangeForm
-from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404
+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404, HttpResponseForbidden
 from django.shortcuts import render
 # from django.db.models import Manager
 from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
+from django.contrib.auth.hashers import check_password
+from django.contrib.auth.password_validation import validate_password, password_changed
+from django.core.exceptions import ValidationError
 from django.contrib.auth.decorators import login_required, permission_required
 from .models import User
 from .forms import UserRegisterForm
@ -34,8 +34,11 @@ def view_login(request):
        'message': None
    }
    if request.method == "POST":
-        username = request.POST["username"]
-        password = request.POST["password"]
+        try:
+            username = request.POST["username"]
+            password = request.POST["password"]
+        except KeyError:
+            return HttpResponseBadRequest()
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
@ -82,24 +85,61 @@ def view_register(request):

@login_required
 def view_change_password(request):
-    user = request.user
+    target_user = request.user
+    old_password_required = True
    if 'username' in request.GET:
-        if request.user.has_perm('users.change_user'):
-            try:
-                user = User.objects.get_by_natural_key(request.GET['username'])
-            except:
-                return Http404()
-        else:
-            raise PermissionError()
+        if request.GET['username'] != target_user.login:
+            if request.user.has_perm('users.change_user'):
+                old_password_required = False
+                try:
+                    target_user = User.objects.get_by_natural_key(request.GET['username'])
+                except:
+                    return Http404()
+            else:
+                return HttpResponseForbidden()
+
+    render_context = {
+        'target_user': target_user,
+        'old_password_required': old_password_required,
+        'old_password_wrong': False,
+        'new_password_errors': None,
+        'new_password_equals': True
+    }

-    form = PasswordChangeForm(user=user, data=(request.POST or None))
    if request.method == "POST":
-        if form.is_valid():
-            form.save()
-            update_session_auth_hash(request, form.user)
-            return HttpResponseRedirect('account')
+        # для начала проверка того, что старый пароль
+        form_valid = True
+        try:
+            post_curr_pass = request.POST['current_password'] if old_password_required else None
+            post_pass1 = request.POST['password1']
+            post_pass2 = request.POST['password2']
+        except KeyError:
+            return HttpResponseBadRequest()

-    return render(request, 'account/change-password.html', {'form': form, 'target_user': user})
+        if old_password_required:
+            if not check_password(post_curr_pass, target_user.password):
+                render_context['old_password_wrong'] = False
+                form_valid = False
+
+        # теперь проверим то, что пароли одинаковые
+        if post_pass1 != post_pass2:
+            render_context['new_password_equals'] = False
+            form_valid = False
+
+        # теперь проверим, что пароль ввели нормальный
+        try:
+            validate_password(post_pass1, target_user)
+        except ValidationError as ve:
+            render_context['new_password_errors'] = ve.messages
+            form_valid = False
+
+        if form_valid:
+            password_changed(post_pass1, target_user)
+            target_user.save()
+            update_session_auth_hash(request, target_user)
+            return render(request, 'account/change-password-done.html', {'target_user': target_user})
+
+    return render(request, 'account/change-password.html', render_context)


@login_required