jumpserver/apps/users/views/profile/password.py

95 lines
3.0 KiB
Python

# ~*~ coding: utf-8 ~*~
from django.contrib.auth import authenticate
from django.shortcuts import redirect
from django.urls import reverse_lazy, reverse
from django.utils.translation import ugettext as _
from django.views.generic.edit import UpdateView, FormView
from django.contrib.auth import logout as auth_logout
from common.utils import get_logger
from common.permissions import (
PermissionsMixin, IsValidUser,
UserCanUpdatePassword
)
from ... import forms
from ...models import User
from ...utils import (
get_user_or_pre_auth_user,
check_password_rules, get_password_check_rules,
)
__all__ = ['UserPasswordUpdateView', 'UserVerifyPasswordView']
logger = get_logger(__name__)
class UserPasswordUpdateView(PermissionsMixin, UpdateView):
template_name = 'users/user_password_update.html'
model = User
form_class = forms.UserPasswordForm
success_url = reverse_lazy('users:user-profile')
permission_classes = [IsValidUser, UserCanUpdatePassword]
def get_object(self, queryset=None):
return self.request.user
def get_context_data(self, **kwargs):
check_rules = get_password_check_rules()
context = {
'app': _('Users'),
'action': _('Password update'),
'password_check_rules': check_rules,
}
kwargs.update(context)
return super().get_context_data(**kwargs)
def get_success_url(self):
auth_logout(self.request)
return super().get_success_url()
def form_valid(self, form):
password = form.cleaned_data.get('new_password')
is_ok = check_password_rules(password)
if not is_ok:
form.add_error(
"new_password",
_("* Your password does not meet the requirements")
)
return self.form_invalid(form)
return super().form_valid(form)
class UserVerifyPasswordView(FormView):
template_name = 'users/user_password_verify.html'
form_class = forms.UserCheckPasswordForm
def form_valid(self, form):
user = get_user_or_pre_auth_user(self.request)
password = form.cleaned_data.get('password')
user = authenticate(username=user.username, password=password)
if not user:
form.add_error("password", _("Password invalid"))
return self.form_invalid(form)
if not user.mfa_is_otp():
user.enable_mfa()
user.save()
self.request.session['user_id'] = str(user.id)
self.request.session['auth_password'] = 1
return redirect(self.get_success_url())
def get_success_url(self):
referer = self.request.META.get('HTTP_REFERER')
next_url = self.request.GET.get("next")
if next_url:
return next_url
else:
return referer
def get_context_data(self, **kwargs):
context = {
'user': get_user_or_pre_auth_user(self.request)
}
kwargs.update(context)
return super().get_context_data(**kwargs)