From c46ddbf1fc747a910702a348763d7949fba454f0 Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Mon, 12 Oct 2009 15:32:24 +0000 Subject: [PATCH] Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/auth/views.py | 16 +++++++++------- docs/topics/auth.txt | 24 ++++++++++++++++++++---- 2 files changed, 29 insertions(+), 11 deletions(-) diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index f753ed6de8..49a554a59d 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -14,11 +14,13 @@ from django.utils.translation import ugettext as _ from django.contrib.auth.models import User from django.views.decorators.cache import never_cache -def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME): +def login(request, template_name='registration/login.html', + redirect_field_name=REDIRECT_FIELD_NAME, + authentication_form=AuthenticationForm): "Displays the login form and handles the login action." redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": - form = AuthenticationForm(data=request.POST) + form = authentication_form(data=request.POST) if form.is_valid(): # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: @@ -29,7 +31,7 @@ def login(request, template_name='registration/login.html', redirect_field_name= request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: - form = AuthenticationForm(request) + form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() @@ -137,7 +139,7 @@ def password_reset_confirm(request, uidb36=None, token=None, template_name='regi else: context_instance['validlink'] = False form = None - context_instance['form'] = form + context_instance['form'] = form return render_to_response(template_name, context_instance=context_instance) def password_reset_complete(request, template_name='registration/password_reset_complete.html'): @@ -145,16 +147,16 @@ def password_reset_complete(request, template_name='registration/password_reset_ {'login_url': settings.LOGIN_URL})) def password_change(request, template_name='registration/password_change_form.html', - post_change_redirect=None): + post_change_redirect=None, password_change_form=PasswordChangeForm): if post_change_redirect is None: post_change_redirect = reverse('django.contrib.auth.views.password_change_done') if request.method == "POST": - form = PasswordChangeForm(request.user, request.POST) + form = password_change_form(user=request.user, data=request.POST) if form.is_valid(): form.save() return HttpResponseRedirect(post_change_redirect) else: - form = PasswordChangeForm(request.user) + form = password_change_form(user=request.user) return render_to_response(template_name, { 'form': form, }, context_instance=RequestContext(request)) diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 6a62be8c32..152246d38c 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -262,8 +262,8 @@ Manager functions Creates, saves and returns a :class:`~django.contrib.auth.models.User`. The :attr:`~django.contrib.auth.models.User.username`, :attr:`~django.contrib.auth.models.User.email` and - :attr:`~django.contrib.auth.models.User.password` are set as given, and - the :class:`~django.contrib.auth.models.User` gets ``is_active=True``. + :attr:`~django.contrib.auth.models.User.password` are set as given, and the + :class:`~django.contrib.auth.models.User` gets ``is_active=True``. If no password is provided, :meth:`~django.contrib.auth.models.User.set_unusable_password()` will @@ -705,7 +705,7 @@ the following line to your URLconf:: (r'^accounts/login/$', 'django.contrib.auth.views.login'), -.. function:: views.login(request, [template_name, redirect_field_name]) +.. function:: views.login(request, [template_name, redirect_field_name, authentication_form]) Here's what ``django.contrib.auth.views.login`` does: @@ -785,6 +785,15 @@ the following line to your URLconf:: {% endblock %} + .. versionadded:: 1.2 + + If you are using alternate authentication (see + :ref:`authentication-backends`) you can pass a custom authentication form + to the login view via the ``authentication_form`` parameter. This form must + accept a ``request`` keyword argument in its ``__init__`` method, and + provide a ``get_user`` argument which returns the authenticated user object + (this method is only ever called after successful form validation). + .. _forms documentation: ../forms/ .. _site framework docs: ../sites/ @@ -824,7 +833,7 @@ includes a few other useful built-in views located in * ``login_url``: The URL of the login page to redirect to. This will default to :setting:`settings.LOGIN_URL ` if not supplied. -.. function:: views.password_change(request[, template_name, post_change_redirect]) +.. function:: views.password_change(request[, template_name, post_change_redirect, password_change_form]) Allows a user to change their password. @@ -837,6 +846,13 @@ includes a few other useful built-in views located in * ``post_change_redirect``: The URL to redirect to after a successful password change. + * .. versionadded:: 1.2 + + ``password_change_form``: A custom "change password" form which must + accept a ``user`` keyword argument. The form is responsible for + actually changing the user's password. + + **Template context:** * ``form``: The password change form.