343 lines
13 KiB
Python
343 lines
13 KiB
Python
from __future__ import unicode_literals
|
|
|
|
import warnings
|
|
|
|
from django import forms
|
|
from django.forms.util import flatatt
|
|
from django.template import loader
|
|
from django.utils.datastructures import SortedDict
|
|
from django.utils.html import format_html, format_html_join
|
|
from django.utils.http import int_to_base36
|
|
from django.utils.safestring import mark_safe
|
|
from django.utils.text import capfirst
|
|
from django.utils.translation import ugettext, ugettext_lazy as _
|
|
|
|
from django.contrib.auth import authenticate, get_user_model
|
|
from django.contrib.auth.models import User
|
|
from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
|
|
from django.contrib.auth.tokens import default_token_generator
|
|
from django.contrib.sites.models import get_current_site
|
|
|
|
|
|
UNMASKED_DIGITS_TO_SHOW = 6
|
|
|
|
mask_password = lambda p: "%s%s" % (p[:UNMASKED_DIGITS_TO_SHOW], "*" * max(len(p) - UNMASKED_DIGITS_TO_SHOW, 0))
|
|
|
|
|
|
class ReadOnlyPasswordHashWidget(forms.Widget):
|
|
def render(self, name, value, attrs):
|
|
encoded = value
|
|
final_attrs = self.build_attrs(attrs)
|
|
|
|
if not encoded or encoded == UNUSABLE_PASSWORD:
|
|
summary = mark_safe("<strong>%s</strong>" % ugettext("No password set."))
|
|
else:
|
|
try:
|
|
hasher = identify_hasher(encoded)
|
|
except ValueError:
|
|
summary = mark_safe("<strong>%s</strong>" % ugettext(
|
|
"Invalid password format or unknown hashing algorithm."))
|
|
else:
|
|
summary = format_html_join('',
|
|
"<strong>{0}</strong>: {1} ",
|
|
((ugettext(key), value)
|
|
for key, value in hasher.safe_summary(encoded).items())
|
|
)
|
|
|
|
return format_html("<div{0}>{1}</div>", flatatt(final_attrs), summary)
|
|
|
|
|
|
class ReadOnlyPasswordHashField(forms.Field):
|
|
widget = ReadOnlyPasswordHashWidget
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
kwargs.setdefault("required", False)
|
|
super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
|
|
|
|
def bound_data(self, data, initial):
|
|
# Always return initial because the widget doesn't
|
|
# render an input field.
|
|
return initial
|
|
|
|
def _has_changed(self, initial, data):
|
|
return False
|
|
|
|
|
|
class UserCreationForm(forms.ModelForm):
|
|
"""
|
|
A form that creates a user, with no privileges, from the given username and
|
|
password.
|
|
"""
|
|
error_messages = {
|
|
'duplicate_username': _("A user with that username already exists."),
|
|
'password_mismatch': _("The two password fields didn't match."),
|
|
}
|
|
username = forms.RegexField(label=_("Username"), max_length=30,
|
|
regex=r'^[\w.@+-]+$',
|
|
help_text=_("Required. 30 characters or fewer. Letters, digits and "
|
|
"@/./+/-/_ only."),
|
|
error_messages={
|
|
'invalid': _("This value may contain only letters, numbers and "
|
|
"@/./+/-/_ characters.")})
|
|
password1 = forms.CharField(label=_("Password"),
|
|
widget=forms.PasswordInput)
|
|
password2 = forms.CharField(label=_("Password confirmation"),
|
|
widget=forms.PasswordInput,
|
|
help_text=_("Enter the same password as above, for verification."))
|
|
|
|
class Meta:
|
|
model = User
|
|
fields = ("username",)
|
|
|
|
def clean_username(self):
|
|
# Since User.username is unique, this check is redundant,
|
|
# but it sets a nicer error message than the ORM. See #13147.
|
|
username = self.cleaned_data["username"]
|
|
try:
|
|
User._default_manager.get(username=username)
|
|
except User.DoesNotExist:
|
|
return username
|
|
raise forms.ValidationError(self.error_messages['duplicate_username'])
|
|
|
|
def clean_password2(self):
|
|
password1 = self.cleaned_data.get("password1")
|
|
password2 = self.cleaned_data.get("password2")
|
|
if password1 and password2 and password1 != password2:
|
|
raise forms.ValidationError(
|
|
self.error_messages['password_mismatch'])
|
|
return password2
|
|
|
|
def save(self, commit=True):
|
|
user = super(UserCreationForm, self).save(commit=False)
|
|
user.set_password(self.cleaned_data["password1"])
|
|
if commit:
|
|
user.save()
|
|
return user
|
|
|
|
|
|
class UserChangeForm(forms.ModelForm):
|
|
username = forms.RegexField(
|
|
label=_("Username"), max_length=30, regex=r"^[\w.@+-]+$",
|
|
help_text=_("Required. 30 characters or fewer. Letters, digits and "
|
|
"@/./+/-/_ only."),
|
|
error_messages={
|
|
'invalid': _("This value may contain only letters, numbers and "
|
|
"@/./+/-/_ characters.")})
|
|
password = ReadOnlyPasswordHashField(label=_("Password"),
|
|
help_text=_("Raw passwords are not stored, so there is no way to see "
|
|
"this user's password, but you can change the password "
|
|
"using <a href=\"password/\">this form</a>."))
|
|
|
|
class Meta:
|
|
model = User
|
|
fields = '__all__'
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
super(UserChangeForm, self).__init__(*args, **kwargs)
|
|
f = self.fields.get('user_permissions', None)
|
|
if f is not None:
|
|
f.queryset = f.queryset.select_related('content_type')
|
|
|
|
def clean_password(self):
|
|
# Regardless of what the user provides, return the initial value.
|
|
# This is done here, rather than on the field, because the
|
|
# field does not have access to the initial value
|
|
return self.initial["password"]
|
|
|
|
|
|
class AuthenticationForm(forms.Form):
|
|
"""
|
|
Base class for authenticating users. Extend this to get a form that accepts
|
|
username/password logins.
|
|
"""
|
|
username = forms.CharField(max_length=254)
|
|
password = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
|
|
|
|
error_messages = {
|
|
'invalid_login': _("Please enter a correct %(username)s and password. "
|
|
"Note that both fields may be case-sensitive."),
|
|
'inactive': _("This account is inactive."),
|
|
}
|
|
|
|
def __init__(self, request=None, *args, **kwargs):
|
|
"""
|
|
The 'request' parameter is set for custom auth use by subclasses.
|
|
The form data comes in via the standard 'data' kwarg.
|
|
"""
|
|
self.request = request
|
|
self.user_cache = None
|
|
super(AuthenticationForm, self).__init__(*args, **kwargs)
|
|
|
|
# Set the label for the "username" field.
|
|
UserModel = get_user_model()
|
|
self.username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
|
|
if self.fields['username'].label is None:
|
|
self.fields['username'].label = capfirst(self.username_field.verbose_name)
|
|
|
|
def clean(self):
|
|
username = self.cleaned_data.get('username')
|
|
password = self.cleaned_data.get('password')
|
|
|
|
if username and password:
|
|
self.user_cache = authenticate(username=username,
|
|
password=password)
|
|
if self.user_cache is None:
|
|
raise forms.ValidationError(
|
|
self.error_messages['invalid_login'] % {
|
|
'username': self.username_field.verbose_name
|
|
})
|
|
elif not self.user_cache.is_active:
|
|
raise forms.ValidationError(self.error_messages['inactive'])
|
|
return self.cleaned_data
|
|
|
|
def check_for_test_cookie(self):
|
|
warnings.warn("check_for_test_cookie is deprecated; ensure your login "
|
|
"view is CSRF-protected.", DeprecationWarning)
|
|
|
|
def get_user_id(self):
|
|
if self.user_cache:
|
|
return self.user_cache.id
|
|
return None
|
|
|
|
def get_user(self):
|
|
return self.user_cache
|
|
|
|
|
|
class PasswordResetForm(forms.Form):
|
|
email = forms.EmailField(label=_("Email"), max_length=254)
|
|
|
|
def save(self, domain_override=None,
|
|
subject_template_name='registration/password_reset_subject.txt',
|
|
email_template_name='registration/password_reset_email.html',
|
|
use_https=False, token_generator=default_token_generator,
|
|
from_email=None, request=None):
|
|
"""
|
|
Generates a one-use only link for resetting password and sends to the
|
|
user.
|
|
"""
|
|
from django.core.mail import send_mail
|
|
UserModel = get_user_model()
|
|
email = self.cleaned_data["email"]
|
|
users = UserModel._default_manager.filter(email__iexact=email)
|
|
for user in users:
|
|
# Make sure that no email is sent to a user that actually has
|
|
# a password marked as unusable
|
|
if user.password == UNUSABLE_PASSWORD:
|
|
continue
|
|
if not domain_override:
|
|
current_site = get_current_site(request)
|
|
site_name = current_site.name
|
|
domain = current_site.domain
|
|
else:
|
|
site_name = domain = domain_override
|
|
c = {
|
|
'email': user.email,
|
|
'domain': domain,
|
|
'site_name': site_name,
|
|
'uid': int_to_base36(user.pk),
|
|
'user': user,
|
|
'token': token_generator.make_token(user),
|
|
'protocol': 'https' if use_https else 'http',
|
|
}
|
|
subject = loader.render_to_string(subject_template_name, c)
|
|
# Email subject *must not* contain newlines
|
|
subject = ''.join(subject.splitlines())
|
|
email = loader.render_to_string(email_template_name, c)
|
|
send_mail(subject, email, from_email, [user.email])
|
|
|
|
|
|
class SetPasswordForm(forms.Form):
|
|
"""
|
|
A form that lets a user change set his/her password without entering the
|
|
old password
|
|
"""
|
|
error_messages = {
|
|
'password_mismatch': _("The two password fields didn't match."),
|
|
}
|
|
new_password1 = forms.CharField(label=_("New password"),
|
|
widget=forms.PasswordInput)
|
|
new_password2 = forms.CharField(label=_("New password confirmation"),
|
|
widget=forms.PasswordInput)
|
|
|
|
def __init__(self, user, *args, **kwargs):
|
|
self.user = user
|
|
super(SetPasswordForm, self).__init__(*args, **kwargs)
|
|
|
|
def clean_new_password2(self):
|
|
password1 = self.cleaned_data.get('new_password1')
|
|
password2 = self.cleaned_data.get('new_password2')
|
|
if password1 and password2:
|
|
if password1 != password2:
|
|
raise forms.ValidationError(
|
|
self.error_messages['password_mismatch'])
|
|
return password2
|
|
|
|
def save(self, commit=True):
|
|
self.user.set_password(self.cleaned_data['new_password1'])
|
|
if commit:
|
|
self.user.save()
|
|
return self.user
|
|
|
|
|
|
class PasswordChangeForm(SetPasswordForm):
|
|
"""
|
|
A form that lets a user change his/her password by entering
|
|
their old password.
|
|
"""
|
|
error_messages = dict(SetPasswordForm.error_messages, **{
|
|
'password_incorrect': _("Your old password was entered incorrectly. "
|
|
"Please enter it again."),
|
|
})
|
|
old_password = forms.CharField(label=_("Old password"),
|
|
widget=forms.PasswordInput)
|
|
|
|
def clean_old_password(self):
|
|
"""
|
|
Validates that the old_password field is correct.
|
|
"""
|
|
old_password = self.cleaned_data["old_password"]
|
|
if not self.user.check_password(old_password):
|
|
raise forms.ValidationError(
|
|
self.error_messages['password_incorrect'])
|
|
return old_password
|
|
|
|
PasswordChangeForm.base_fields = SortedDict([
|
|
(k, PasswordChangeForm.base_fields[k])
|
|
for k in ['old_password', 'new_password1', 'new_password2']
|
|
])
|
|
|
|
|
|
class AdminPasswordChangeForm(forms.Form):
|
|
"""
|
|
A form used to change the password of a user in the admin interface.
|
|
"""
|
|
error_messages = {
|
|
'password_mismatch': _("The two password fields didn't match."),
|
|
}
|
|
password1 = forms.CharField(label=_("Password"),
|
|
widget=forms.PasswordInput)
|
|
password2 = forms.CharField(label=_("Password (again)"),
|
|
widget=forms.PasswordInput)
|
|
|
|
def __init__(self, user, *args, **kwargs):
|
|
self.user = user
|
|
super(AdminPasswordChangeForm, self).__init__(*args, **kwargs)
|
|
|
|
def clean_password2(self):
|
|
password1 = self.cleaned_data.get('password1')
|
|
password2 = self.cleaned_data.get('password2')
|
|
if password1 and password2:
|
|
if password1 != password2:
|
|
raise forms.ValidationError(
|
|
self.error_messages['password_mismatch'])
|
|
return password2
|
|
|
|
def save(self, commit=True):
|
|
"""
|
|
Saves the new password.
|
|
"""
|
|
self.user.set_password(self.cleaned_data["password1"])
|
|
if commit:
|
|
self.user.save()
|
|
return self.user
|