--- a/app/django/contrib/auth/views.py Tue Oct 14 12:36:55 2008 +0000
+++ b/app/django/contrib/auth/views.py Tue Oct 14 16:00:59 2008 +0000
@@ -1,43 +1,46 @@
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AuthenticationForm
-from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
-from django import oldforms
-from django.shortcuts import render_to_response
+from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm
+from django.contrib.auth.tokens import default_token_generator
+from django.core.urlresolvers import reverse
+from django.shortcuts import render_to_response, get_object_or_404
+from django.contrib.sites.models import Site, RequestSite
+from django.http import HttpResponseRedirect, Http404
from django.template import RequestContext
-from django.contrib.sites.models import Site, RequestSite
-from django.http import HttpResponseRedirect
-from django.contrib.auth.decorators import login_required
-from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.utils.http import urlquote, base36_to_int
from django.utils.translation import ugettext as _
+from django.contrib.auth.models import User
+from django.views.decorators.cache import never_cache
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
"Displays the login form and handles the login action."
- manipulator = AuthenticationForm(request)
redirect_to = request.REQUEST.get(redirect_field_name, '')
- if request.POST:
- errors = manipulator.get_validation_errors(request.POST)
- if not errors:
+ if request.method == "POST":
+ form = AuthenticationForm(data=request.POST)
+ if form.is_valid():
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
- from django.conf import settings
redirect_to = settings.LOGIN_REDIRECT_URL
from django.contrib.auth import login
- login(request, manipulator.get_user())
- request.session.delete_test_cookie()
+ login(request, form.get_user())
+ if request.session.test_cookie_worked():
+ request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
else:
- errors = {}
+ form = AuthenticationForm(request)
request.session.set_test_cookie()
-
if Site._meta.installed:
current_site = Site.objects.get_current()
else:
current_site = RequestSite(request)
-
return render_to_response(template_name, {
- 'form': oldforms.FormWrapper(manipulator, request.POST, errors),
+ 'form': form,
redirect_field_name: redirect_to,
'site_name': current_site.name,
}, context_instance=RequestContext(request))
+login = never_cache(login)
def logout(request, next_page=None, template_name='registration/logged_out.html'):
"Logs out the user and displays 'You are logged out' message."
@@ -52,47 +55,102 @@
def logout_then_login(request, login_url=None):
"Logs out the user if he is logged in. Then redirects to the log-in page."
if not login_url:
- from django.conf import settings
login_url = settings.LOGIN_URL
return logout(request, login_url)
def redirect_to_login(next, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
"Redirects the user to the login page, passing the given 'next' page"
if not login_url:
- from django.conf import settings
login_url = settings.LOGIN_URL
- return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, next))
+ return HttpResponseRedirect('%s?%s=%s' % (login_url, urlquote(redirect_field_name), urlquote(next)))
+
+# 4 views for password reset:
+# - password_reset sends the mail
+# - password_reset_done shows a success message for the above
+# - password_reset_confirm checks the link the user clicked and
+# prompts for a new password
+# - password_reset_complete shows a success message for the above
def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html'):
- new_data, errors = {}, {}
- form = PasswordResetForm()
- if request.POST:
- new_data = request.POST.copy()
- errors = form.get_validation_errors(new_data)
- if not errors:
+ email_template_name='registration/password_reset_email.html',
+ password_reset_form=PasswordResetForm, token_generator=default_token_generator,
+ post_reset_redirect=None):
+ if post_reset_redirect is None:
+ post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done')
+ if request.method == "POST":
+ form = password_reset_form(request.POST)
+ if form.is_valid():
+ opts = {}
+ opts['use_https'] = request.is_secure()
+ opts['token_generator'] = token_generator
if is_admin_site:
- form.save(domain_override=request.META['HTTP_HOST'])
+ opts['domain_override'] = request.META['HTTP_HOST']
else:
- form.save(email_template_name=email_template_name)
- return HttpResponseRedirect('%sdone/' % request.path)
- return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)},
- context_instance=RequestContext(request))
+ opts['email_template_name'] = email_template_name
+ if not Site._meta.installed:
+ opts['domain_override'] = RequestSite(request).domain
+ form.save(**opts)
+ return HttpResponseRedirect(post_reset_redirect)
+ else:
+ form = password_reset_form()
+ return render_to_response(template_name, {
+ 'form': form,
+ }, context_instance=RequestContext(request))
def password_reset_done(request, template_name='registration/password_reset_done.html'):
return render_to_response(template_name, context_instance=RequestContext(request))
-def password_change(request, template_name='registration/password_change_form.html'):
- new_data, errors = {}, {}
- form = PasswordChangeForm(request.user)
- if request.POST:
- new_data = request.POST.copy()
- errors = form.get_validation_errors(new_data)
- if not errors:
- form.save(new_data)
- return HttpResponseRedirect('%sdone/' % request.path)
- return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)},
- context_instance=RequestContext(request))
+def password_reset_confirm(request, uidb36=None, token=None, template_name='registration/password_reset_confirm.html',
+ token_generator=default_token_generator, set_password_form=SetPasswordForm,
+ post_reset_redirect=None):
+ """
+ View that checks the hash in a password reset link and presents a
+ form for entering a new password.
+ """
+ assert uidb36 is not None and token is not None # checked by URLconf
+ if post_reset_redirect is None:
+ post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
+ try:
+ uid_int = base36_to_int(uidb36)
+ except ValueError:
+ raise Http404
+
+ user = get_object_or_404(User, id=uid_int)
+ context_instance = RequestContext(request)
+
+ if token_generator.check_token(user, token):
+ context_instance['validlink'] = True
+ if request.method == 'POST':
+ form = set_password_form(user, request.POST)
+ if form.is_valid():
+ form.save()
+ return HttpResponseRedirect(post_reset_redirect)
+ else:
+ form = set_password_form(None)
+ else:
+ context_instance['validlink'] = False
+ form = None
+ context_instance['form'] = form
+ return render_to_response(template_name, context_instance=context_instance)
+
+def password_reset_complete(request, template_name='registration/password_reset_complete.html'):
+ return render_to_response(template_name, context_instance=RequestContext(request,
+ {'login_url': settings.LOGIN_URL}))
+
+def password_change(request, template_name='registration/password_change_form.html',
+ post_change_redirect=None):
+ if post_change_redirect is None:
+ post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
+ if request.method == "POST":
+ form = PasswordChangeForm(request.user, request.POST)
+ if form.is_valid():
+ form.save()
+ return HttpResponseRedirect(post_change_redirect)
+ else:
+ form = PasswordChangeForm(request.user)
+ return render_to_response(template_name, {
+ 'form': form,
+ }, context_instance=RequestContext(request))
password_change = login_required(password_change)
def password_change_done(request, template_name='registration/password_change_done.html'):