mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-11-26 19:41:11 +00:00
Code Issues Projects Releases Wiki Activity

Updates reset password flow to use validators

Browse source
This commit is contained in:
Mouse Reeve 2022-07-15 11:25:49 -07:00
parent 1bb0a9d998
commit 3846b201bd
3 changed files with 39 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
bookwyrm/forms/landing.py
View file

@ -1,7 +1,7 @@
""" Forms for the landing pages """ """ Forms for the landing pages """
from django import forms
from django.contrib.auth.password_validation import validate_password from django.contrib.auth.password_validation import validate_password
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from django.forms import PasswordInput
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from bookwyrm import models from bookwyrm import models
@ -15,7 +15,7 @@ class LoginForm(CustomForm):
fields = ["localname", "password"] fields = ["localname", "password"]
help_texts = {f: None for f in fields} help_texts = {f: None for f in fields}
widgets = { widgets = {
"password": PasswordInput(), "password": forms.PasswordInput(),
} }
@ -24,7 +24,7 @@ class RegisterForm(CustomForm):
model = models.User model = models.User
fields = ["localname", "email", "password"] fields = ["localname", "email", "password"]
help_texts = {f: None for f in fields} help_texts = {f: None for f in fields}
widgets = {"password": PasswordInput()} widgets = {"password": forms.PasswordInput()}
def clean(self): def clean(self):
"""Check if the username is taken""" """Check if the username is taken"""
@ -49,3 +49,28 @@ class InviteRequestForm(CustomForm):
class Meta: class Meta:
model = models.InviteRequest model = models.InviteRequest
fields = ["email", "answer"] fields = ["email", "answer"]
class PasswordResetForm(CustomForm):
confirm_password = forms.CharField(widget=forms.PasswordInput)
class Meta:
model = models.User
fields = ["password"]
widgets = {
"password": forms.PasswordInput(),
}
def clean(self):
"""Make sure the passwords match and are valid"""
cleaned_data = super().clean()
new_password = cleaned_data.get("password")
confirm_password = self.data.get("confirm_password")
if new_password != confirm_password:
self.add_error("confirm_password", _("Password does not match"))
try:
validate_password(new_password)
except ValidationError as err:
self.add_error("password", err)

6
bookwyrm/templates/landing/password_reset.html
View file

@ -26,7 +26,8 @@
{% trans "Password:" %} {% trans "Password:" %}
</label> </label>
<div class="control"> <div class="control">
<input type="password" name="password" maxlength="128" class="input" required="" id="id_new_password" aria-describedby="form_errors"> {{ form.password }}
{% include 'snippets/form_errors.html' with errors_list=form.password.errors id="desc_current_password" %}
</div> </div>
</div> </div>
<div class="field"> <div class="field">
@ -34,7 +35,8 @@
{% trans "Confirm password:" %} {% trans "Confirm password:" %}
</label> </label>
<div class="control"> <div class="control">
<input type="password" name="confirm-password" maxlength="128" class="input" required="" id="id_confirm_password" aria-describedby="form_errors"> {{ form.confirm_password }}
{% include 'snippets/form_errors.html' with errors_list=form.confirm_password.errors id="desc_confirm_password" %}
</div> </div>
</div> </div>
<div class="field is-grouped"> <div class="field is-grouped">

15
bookwyrm/views/landing/password.py
View file

@ -5,7 +5,7 @@ from django.shortcuts import redirect
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.views import View from django.views import View
from bookwyrm import models from bookwyrm import forms, models
from bookwyrm.emailing import password_reset_email from bookwyrm.emailing import password_reset_email
@ -57,7 +57,8 @@ class PasswordReset(View):
except models.PasswordReset.DoesNotExist: except models.PasswordReset.DoesNotExist:
raise PermissionDenied() raise PermissionDenied()
return TemplateResponse(request, "landing/password_reset.html", {"code": code}) data = {"code": code, "form": forms.PasswordResetForm()}
return TemplateResponse(request, "landing/password_reset.html", data)
def post(self, request, code): def post(self, request, code):
"""allow a user to change their password through an emailed token""" """allow a user to change their password through an emailed token"""
@ -68,14 +69,12 @@ class PasswordReset(View):
return TemplateResponse(request, "landing/password_reset.html", data) return TemplateResponse(request, "landing/password_reset.html", data)
user = reset_code.user user = reset_code.user
form = forms.PasswordResetForm(request.POST, instance=user)
new_password = request.POST.get("password") if not form.is_valid():
confirm_password = request.POST.get("confirm-password") data = {"code": code, "form": form}
if new_password != confirm_password:
data = {"errors": ["Passwords do not match"]}
return TemplateResponse(request, "landing/password_reset.html", data) return TemplateResponse(request, "landing/password_reset.html", data)
new_password = form.cleaned_data["password"]
user.set_password(new_password) user.set_password(new_password)
user.save(broadcast=False, update_fields=["password"]) user.save(broadcast=False, update_fields=["password"])
login(request, user) login(request, user)