mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2025-01-22 15:08:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2215 from bookwyrm-social/change-password

Browse source 
Improves change password flow
This commit is contained in:
Mouse Reeve 2022-07-10 20:34:24 -07:00 committed by GitHub
commit 137311e006
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 90 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
bookwyrm/templates/preferences/change_password.html
View file

@ -8,15 +8,46 @@
{% endblock %}
{% block panel %}
{% if success %}
<div class="notification is-success is-light">
<span class="icon icon-check" aria-hidden="true"></span>
<span>
{% trans "Successfully changed password" %}
</span>
</div>
{% endif %}
<form name="edit-profile" action="{% url 'prefs-password' %}" method="post" enctype="multipart/form-data">
{% csrf_token %}
<div class="field">
<label class="label" for="id_password">{% trans "Current password:" %}</label>
<input
type="password"
name="current_password"
maxlength="128"
class="input"
required=""
id="id_current_password"
aria-describedby="desc_current_password"
>
{% include 'snippets/form_errors.html' with errors_list=errors.current_password id="desc_current_password" %}
</div>
<hr aria-hidden="true" />
<div class="field">
<label class="label" for="id_password">{% trans "New password:" %}</label>
<input type="password" name="password" maxlength="128" class="input" required="" id="id_password">
</div>
<div class="field">
<label class="label" for="id_confirm_password">{% trans "Confirm password:" %}</label>
<input type="password" name="confirm-password" maxlength="128" class="input" required="" id="id_confirm_password">
<input
type="password"
name="confirm-password"
maxlength="128"
class="input"
required=""
id="id_confirm_password"
aria-describedby="desc_confirm_password"
>
{% include 'snippets/form_errors.html' with errors_list=errors.confirm_password id="desc_confirm_password" %}
</div>
<button class="button is-primary" type="submit">{% trans "Change Password" %}</button>
</form>

41
bookwyrm/tests/views/preferences/test_change_password.py
View file

@ -42,17 +42,50 @@ class ChangePasswordViews(TestCase):
"""change password"""
view = views.ChangePassword.as_view()
password_hash = self.local_user.password
request = self.factory.post("", {"password": "hi", "confirm-password": "hi"})
request = self.factory.post(
"",
{
"current_password": "password",
"password": "hi",
"confirm-password": "hi",
},
)
request.user = self.local_user
with patch("bookwyrm.views.preferences.change_password.login"):
view(request)
result = view(request)
validate_html(result.render())
self.assertNotEqual(self.local_user.password, password_hash)
def test_password_change_wrong_current(self):
"""change password"""
view = views.ChangePassword.as_view()
password_hash = self.local_user.password
request = self.factory.post(
"",
{
"current_password": "not my password",
"password": "hi",
"confirm-password": "hihi",
},
)
request.user = self.local_user
result = view(request)
validate_html(result.render())
self.assertEqual(self.local_user.password, password_hash)
def test_password_change_mismatch(self):
"""change password"""
view = views.ChangePassword.as_view()
password_hash = self.local_user.password
request = self.factory.post("", {"password": "hi", "confirm-password": "hihi"})
request = self.factory.post(
"",
{
"current_password": "password",
"password": "hi",
"confirm-password": "hihi",
},
)
request.user = self.local_user
view(request)
result = view(request)
validate_html(result.render())
self.assertEqual(self.local_user.password, password_hash)

24
bookwyrm/views/preferences/change_password.py
View file

@ -1,10 +1,13 @@
""" class views for password management """
from django.contrib.auth import login
from django.contrib.auth.decorators import login_required
from django.shortcuts import redirect
from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _
from django.views import View
from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters
from bookwyrm import models
# pylint: disable= no-self-use
@ -17,15 +20,30 @@ class ChangePassword(View):
data = {"user": request.user}
return TemplateResponse(request, "preferences/change_password.html", data)
@sensitive_variables("new_password")
@sensitive_variables("confirm_password")
@method_decorator(sensitive_post_parameters("current_password"))
@method_decorator(sensitive_post_parameters("password"))
@method_decorator(sensitive_post_parameters("confirm__password"))
def post(self, request):
"""allow a user to change their password"""
data = {"user": request.user}
# check current password
user = models.User.objects.get(id=request.user.id)
if not user.check_password(request.POST.get("current_password")):
data["errors"] = {"current_password": [_("Incorrect password")]}
return TemplateResponse(request, "preferences/change_password.html", data)
new_password = request.POST.get("password")
confirm_password = request.POST.get("confirm-password")
if new_password != confirm_password:
return redirect("prefs-password")
data["errors"] = {"confirm_password": [_("Password does not match")]}
return TemplateResponse(request, "preferences/change_password.html", data)
request.user.set_password(new_password)
request.user.save(broadcast=False, update_fields=["password"])
login(request, request.user)
return redirect("user-feed", request.user.localname)
data["success"] = True
return TemplateResponse(request, "preferences/change_password.html", data)