jumpserver/apps/users/views/profile/password.py

98 lines
3.1 KiB
Python

# ~*~ coding: utf-8 ~*~
import time
from django.conf import settings
from django.contrib.auth import authenticate
from django.shortcuts import redirect
from django.urls import reverse_lazy
from django.utils.translation import ugettext as _
from django.views.generic.edit import UpdateView, FormView
from django.contrib.auth import logout as auth_logout
from common.utils import get_logger
from common.permissions import (
PermissionsMixin, IsValidUser,
UserCanUpdatePassword
)
from ... import forms
from ...models import User
from ...utils import (
get_user_or_pre_auth_user,
check_password_rules, get_password_check_rules,
)
__all__ = ['UserPasswordUpdateView', 'UserVerifyPasswordView']
logger = get_logger(__name__)
class UserPasswordUpdateView(PermissionsMixin, UpdateView):
template_name = 'users/user_password_update.html'
model = User
form_class = forms.UserPasswordForm
success_url = reverse_lazy('users:user-profile')
permission_classes = [IsValidUser, UserCanUpdatePassword]
def get_object(self, queryset=None):
return self.request.user
def get_context_data(self, **kwargs):
check_rules = get_password_check_rules()
context = {
'app': _('Users'),
'action': _('Password update'),
'password_check_rules': check_rules,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def get_success_url(self):
auth_logout(self.request)
return super().get_success_url()
def form_valid(self, form):
password = form.cleaned_data.get('new_password')
is_ok = check_password_rules(password)
if not is_ok:
form.add_error(
"new_password",
_("* Your password does not meet the requirements")
)
return self.form_invalid(form)
return super().form_valid(form)
class UserVerifyPasswordView(FormView):
template_name = 'users/user_password_verify.html'
form_class = forms.UserCheckPasswordForm
def form_valid(self, form):
user = get_user_or_pre_auth_user(self.request)
password = form.cleaned_data.get('password')
user = authenticate(request=self.request, username=user.username, password=password)
if not user:
form.add_error("password", _("Password invalid"))
return self.form_invalid(form)
if not user.mfa_is_otp():
user.enable_mfa()
user.save()
self.request.session['user_id'] = str(user.id)
self.request.session['auth_password'] = 1
self.request.session['auth_password_expired_at'] = time.time() + settings.AUTH_EXPIRED_SECONDS
return redirect(self.get_success_url())
def get_success_url(self):
referer = self.request.META.get('HTTP_REFERER')
next_url = self.request.GET.get("next")
if next_url:
return next_url
else:
return referer
def get_context_data(self, **kwargs):
context = {
'user': get_user_or_pre_auth_user(self.request)
}
kwargs.update(context)
return super().get_context_data(**kwargs)