mirror of https://github.com/jumpserver/jumpserver
98 lines
3.1 KiB
Python
98 lines
3.1 KiB
Python
# ~*~ coding: utf-8 ~*~
|
|
import time
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth import authenticate
|
|
from django.shortcuts import redirect
|
|
from django.urls import reverse_lazy
|
|
from django.utils.translation import ugettext as _
|
|
from django.views.generic.edit import UpdateView, FormView
|
|
from django.contrib.auth import logout as auth_logout
|
|
|
|
from common.utils import get_logger
|
|
from common.permissions import (
|
|
PermissionsMixin, IsValidUser,
|
|
UserCanUpdatePassword
|
|
)
|
|
from ... import forms
|
|
from ...models import User
|
|
from ...utils import (
|
|
get_user_or_pre_auth_user,
|
|
check_password_rules, get_password_check_rules,
|
|
)
|
|
|
|
__all__ = ['UserPasswordUpdateView', 'UserVerifyPasswordView']
|
|
|
|
logger = get_logger(__name__)
|
|
|
|
|
|
class UserPasswordUpdateView(PermissionsMixin, UpdateView):
|
|
template_name = 'users/user_password_update.html'
|
|
model = User
|
|
form_class = forms.UserPasswordForm
|
|
success_url = reverse_lazy('users:user-profile')
|
|
permission_classes = [IsValidUser, UserCanUpdatePassword]
|
|
|
|
def get_object(self, queryset=None):
|
|
return self.request.user
|
|
|
|
def get_context_data(self, **kwargs):
|
|
check_rules = get_password_check_rules()
|
|
context = {
|
|
'app': _('Users'),
|
|
'action': _('Password update'),
|
|
'password_check_rules': check_rules,
|
|
}
|
|
kwargs.update(context)
|
|
return super().get_context_data(**kwargs)
|
|
|
|
def get_success_url(self):
|
|
auth_logout(self.request)
|
|
return super().get_success_url()
|
|
|
|
def form_valid(self, form):
|
|
password = form.cleaned_data.get('new_password')
|
|
is_ok = check_password_rules(password)
|
|
if not is_ok:
|
|
form.add_error(
|
|
"new_password",
|
|
_("* Your password does not meet the requirements")
|
|
)
|
|
return self.form_invalid(form)
|
|
return super().form_valid(form)
|
|
|
|
|
|
class UserVerifyPasswordView(FormView):
|
|
template_name = 'users/user_password_verify.html'
|
|
form_class = forms.UserCheckPasswordForm
|
|
|
|
def form_valid(self, form):
|
|
user = get_user_or_pre_auth_user(self.request)
|
|
password = form.cleaned_data.get('password')
|
|
user = authenticate(request=self.request, username=user.username, password=password)
|
|
if not user:
|
|
form.add_error("password", _("Password invalid"))
|
|
return self.form_invalid(form)
|
|
if not user.mfa_is_otp():
|
|
user.enable_mfa()
|
|
user.save()
|
|
self.request.session['user_id'] = str(user.id)
|
|
self.request.session['auth_password'] = 1
|
|
self.request.session['auth_password_expired_at'] = time.time() + settings.AUTH_EXPIRED_SECONDS
|
|
return redirect(self.get_success_url())
|
|
|
|
def get_success_url(self):
|
|
referer = self.request.META.get('HTTP_REFERER')
|
|
next_url = self.request.GET.get("next")
|
|
if next_url:
|
|
return next_url
|
|
else:
|
|
return referer
|
|
|
|
def get_context_data(self, **kwargs):
|
|
context = {
|
|
'user': get_user_or_pre_auth_user(self.request)
|
|
}
|
|
kwargs.update(context)
|
|
return super().get_context_data(**kwargs)
|