/
change_password.py
39 lines (32 loc) · 1.64 KB
/
change_password.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
""" class views for password management """
from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters
from bookwyrm import forms
# pylint: disable= no-self-use
@method_decorator(login_required, name="dispatch")
class ChangePassword(View):
"""change password as logged in user"""
def get(self, request):
"""change password page"""
data = {"form": forms.ChangePasswordForm()}
return TemplateResponse(request, "preferences/change_password.html", data)
@method_decorator(sensitive_variables("new_password"))
@method_decorator(sensitive_post_parameters("current_password"))
@method_decorator(sensitive_post_parameters("password"))
@method_decorator(sensitive_post_parameters("confirm_password"))
def post(self, request):
"""allow a user to change their password"""
form = forms.ChangePasswordForm(request.POST, instance=request.user)
if not form.is_valid():
data = {"form": form}
return TemplateResponse(request, "preferences/change_password.html", data)
new_password = form.cleaned_data["password"]
request.user.set_password(new_password)
request.user.save(broadcast=False, update_fields=["password"])
login(request, request.user)
data = {"success": True, "form": forms.ChangePasswordForm()}
return TemplateResponse(request, "preferences/change_password.html", data)