diff --git a/scipost/forms.py b/scipost/forms.py
index 209be897953fe9f4cf77b247e70681c5b62e2dbb..21c68fe51c5aa3a94289857a942539a620b7757d 100644
--- a/scipost/forms.py
+++ b/scipost/forms.py
@@ -2,6 +2,7 @@ from django import forms
from django.contrib.auth import authenticate
from django.contrib.auth.models import User, Group
from django.contrib.auth.password_validation import validate_password
+from django.core.exceptions import ValidationError
from django.core.urlresolvers import reverse_lazy
from django.utils.http import is_safe_url
@@ -61,22 +62,27 @@ class RegistrationForm(forms.Form):
required=False)
username = forms.CharField(label='* Username', max_length=100)
password = forms.CharField(label='* Password', widget=forms.PasswordInput())
- password_verif = forms.CharField(label='* Verify password', widget=forms.PasswordInput())
+ password_verif = forms.CharField(label='* Verify password', widget=forms.PasswordInput(),
+ help_text='Your password must contain at least 8 characters')
captcha = ReCaptchaField(attrs={'theme': 'clean'}, label='*Please verify to continue:')
- def clean_password_verif(self):
+ def clean_password(self):
password = self.cleaned_data.get('password', '')
user = User(
- username=self.cleaned_data['username'],
- first_name=self.cleaned_data['first_name'],
- last_name=self.cleaned_data['last_name'],
- email=self.cleaned_data['email']
+ username=self.cleaned_data.get('username', ''),
+ first_name=self.cleaned_data.get('first_name', ''),
+ last_name=self.cleaned_data.get('last_name', ''),
+ email=self.cleaned_data.get('email', '')
)
- validate_password(password, user)
+ try:
+ validate_password(password, user)
+ except ValidationError as error_message:
+ self.add_error('password', error_message)
+ return password
- if self.cleaned_data['password'] != self.cleaned_data['password_verif']:
- self.add_error('password', 'Your passwords must match')
- self.add_error('password_verif', 'Your passwords must match')
+ def clean_password_verif(self):
+ if self.cleaned_data.get('password', '') != self.cleaned_data.get('password_verif', ''):
+ self.add_error('password_verif', 'Your password entries must match')
return self.cleaned_data.get('password_verif', '')
def clean_username(self):
@@ -260,11 +266,36 @@ class PasswordChangeForm(forms.Form):
self.current_user = kwargs.pop('current_user', None)
super().__init__(*args, **kwargs)
+ def clean_password_prev(self):
+ '''Check if old password is correct.'''
+ password_prev = self.cleaned_data['password_prev']
+ if not self.current_user.check_password(password_prev):
+ self.add_error('password_prev',
+ 'The currently existing password you entered is incorrect')
+ return password_prev
+
def clean_password_new(self):
+ '''Validate the newly chosen password using the validators as per the settingsfile.'''
password = self.cleaned_data['password_new']
- validate_password(password, self.current_user)
+ try:
+ validate_password(password, self.current_user)
+ except ValidationError as error_message:
+ self.add_error('password_new', error_message)
return password
+ def clean_password_verif(self):
+ '''Check if the new password's match to ensure the user entered new password correctly.'''
+ password_verif = self.cleaned_data.get('password_verif', '')
+ if self.cleaned_data['password_new'] != password_verif:
+ self.add_error('password_verif', 'Your new password entries must match')
+ return password_verif
+
+ def save_new_password(self):
+ '''Save new password is form is valid.'''
+ if not self.errors:
+ self.current_user.set_password(self.cleaned_data['password_new'])
+ self.current_user.save()
+
AUTHORSHIP_CLAIM_CHOICES = (
('-', '-'),
diff --git a/scipost/views.py b/scipost/views.py
index 50c9966de7357698c456f2b2fc96fc8e0cba192c..d603e50197e61cdef8f67dfad460d6dc378915e1 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -3,7 +3,7 @@ import re
from django.utils import timezone
from django.shortcuts import get_object_or_404, render
from django.contrib import messages
-from django.contrib.auth import login, logout
+from django.contrib.auth import login, logout, update_session_auth_hash
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group
from django.contrib.auth.views import password_reset, password_reset_confirm
@@ -915,22 +915,13 @@ def personal_page(request):
@login_required
def change_password(request):
form = PasswordChangeForm(request.POST or None, current_user=request.user)
- ack = False
if form.is_valid():
- if not request.user.check_password(form.cleaned_data['password_prev']):
- return render(
- request, 'scipost/change_password.html',
- {'form': form,
- 'errormessage': 'The currently existing password you entered is incorrect'})
- if form.cleaned_data['password_new'] != form.cleaned_data['password_verif']:
- return render(request, 'scipost/change_password.html', {
- 'form': form,
- 'errormessage': 'Your new password entries must match'})
- request.user.set_password(form.cleaned_data['password_new'])
- request.user.save()
- ack = True
-
- return render(request, 'scipost/change_password.html', {'ack': ack, 'form': form})
+ form.save_new_password()
+ # Update user's session hash to stay logged in.
+ update_session_auth_hash(request, request.user)
+ messages.success(request, 'Your SciPost password has been successfully changed')
+ return redirect(reverse('scipost:personal_page'))
+ return render(request, 'scipost/change_password.html', {'form': form})
def reset_password_confirm(request, uidb64=None, token=None):