Ce serveur Gitlab sera éteint le 30 juin 2020, pensez à migrer vos projets vers les serveurs gitlab-research.centralesupelec.fr et gitlab-student.centralesupelec.fr !

Commit d3b41d6a authored by Gabriel Detraz's avatar Gabriel Detraz Committed by root

Demande le mot de passe de soit quand on reinit un mdp

parent a53f69c4
......@@ -50,10 +50,15 @@ from re2o.field_permissions import FieldPermissionFormMixin
NOW = timezone.now()
class PassForm(forms.Form):
class PassForm(FieldPermissionFormMixin, forms.ModelForm):
"""Formulaire de changement de mot de passe. Verifie que les 2
nouveaux mots de passe renseignés sont identiques et respectent
une norme"""
selfpasswd = forms.CharField(
label=u'Saisir le mot de passe existant',
max_length=255,
widget=forms.PasswordInput
)
passwd1 = forms.CharField(
label=u'Nouveau mot de passe',
max_length=255,
......@@ -67,15 +72,31 @@ class PassForm(forms.Form):
widget=forms.PasswordInput
)
class Meta:
model = User
fields = []
def clean_passwd2(self):
"""Verifie que passwd1 et 2 sont identiques"""
# Check that the two password entries match
password1 = self.cleaned_data.get("passwd1")
password2 = self.cleaned_data.get("passwd2")
if password1 and password2 and password1 != password2:
raise forms.ValidationError("Passwords don't match")
raise forms.ValidationError("Les 2 nouveaux mots de passe sont différents")
return password2
def clean_selfpasswd(self):
"""Verifie si il y a lieu que le mdp self est correct"""
if not self.instance.check_password(self.cleaned_data.get("selfpasswd")):
raise forms.ValidationError("Le mot de passe actuel est incorrect")
return
def save(self, commit=True):
"""Changement du mot de passe"""
user = super(PassForm, self).save(commit=False)
user.set_password(self.cleaned_data.get("passwd1"))
user.save()
class UserCreationForm(forms.ModelForm):
"""A form for creating new users. Includes all the required
......
......@@ -735,6 +735,9 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
else:
return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
def check_selfpasswd(self, user_request, *args, **kwargs):
return user_request == self, None
@staticmethod
def can_change_state(user_request, *args, **kwargs):
return user_request.has_perm('users.change_user_state'), "Droit requis pour changer l'état"
......@@ -801,6 +804,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
self.field_permissions = {
'shell' : self.can_change_shell,
'force' : self.can_change_force,
'selfpasswd' : self.check_selfpasswd,
}
def __str__(self):
......
......@@ -102,21 +102,6 @@ from re2o.acl import (
can_change
)
def password_change_action(u_form, user, request, req=False):
""" Fonction qui effectue le changeemnt de mdp bdd"""
user.set_user_password(u_form.cleaned_data['passwd1'])
with transaction.atomic(), reversion.create_revision():
user.save()
reversion.set_comment("Réinitialisation du mot de passe")
messages.success(request, "Le mot de passe a changé")
if req:
req.delete()
return redirect(reverse('index'))
return redirect(reverse(
'users:profil',
kwargs={'userid':str(user.id)}
))
@can_create(Adherent)
def new_user(request):
""" Vue de création d'un nouvel utilisateur,
......@@ -268,9 +253,17 @@ def password(request, user, userid):
""" Reinitialisation d'un mot de passe à partir de l'userid,
pour self par défaut, pour tous sans droit si droit cableur,
pour tous si droit bureau """
u_form = PassForm(request.POST or None)
u_form = PassForm(request.POST or None, instance=user, user=request.user)
if u_form.is_valid():
return password_change_action(u_form, user, request)
with transaction.atomic(), reversion.create_revision():
u_form.save()
reversion.set_user(request.user)
reversion.set_comment("Changement du mot de passe")
messages.success(request, "Le mot de passe a changé")
return redirect(reverse(
'users:profil',
kwargs={'userid':str(user.id)}
))
return form({'userform': u_form}, 'users/user.html', request)
......@@ -827,10 +820,15 @@ def process(request, token):
def process_passwd(request, req):
"""Process le changeemnt de mot de passe, renvoie le formulaire
demandant le nouveau password"""
u_form = PassForm(request.POST or None)
user = req.user
u_form = PassForm(request.POST or None, instance=user, user=request.user)
if u_form.is_valid():
return password_change_action(u_form, user, request, req=req)
with transaction.atomic(), reversion.create_revision():
u_form.save()
reversion.set_comment("Réinitialisation du mot de passe")
req.delete()
messages.success(request, "Le mot de passe a changé")
return redirect(reverse('index'))
return form({'userform': u_form}, 'users/user.html', request)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment