0003-app_settings-set-password-to-random-value-by-default.patch

Benjamin Dauvergne, 29 juin 2018 16:18

Voir les différences: en ligne côte à côte

Subject: [PATCH 3/3] app_settings: set password to random value by default
 (#24835)

 src/authentic2_auth_fc/app_settings.py |  1 +
 src/authentic2_auth_fc/views.py        | 17 +++++++++++------
 tests/test_auth_fc.py                  |  3 +++
 3 files changed, 15 insertions(+), 6 deletions(-)

src/authentic2_auth_fc/app_settings.py
70	70	'last_name': 'family_name',
71	71	'first_name': 'given_name',
72	72	'email': 'email',
	73	'password': {'compute': 'random'},
73	74	})
74	75
75	76	@property

         def get_form_class(self):
             form_class = Form
             if not self.request.user.has_usable_password():
             if self.must_set_password():
                 form_class = SET_PASSWORD_FORM_CLASS
             return form_class
         def get_form_kwargs(self, **kwargs):
             kwargs = super(UnlinkView, self).get_form_kwargs(**kwargs)
             if not self.request.user.has_usable_password():
             if self.must_set_password():
                 kwargs['user'] = self.request.user
             return kwargs
         def must_set_password(self):
             for event in self.request.session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, []):
                 if event['how'].startswith('password'):
                     return False
             return True
         def dispatch(self, request, *args, **kwargs):
             if not request.user.is_authenticated():
                 raise PermissionDenied()
             # We prevent unlinking if the user has no usable password and can't change it
             # because we assume that the password is the unique other mean of authentication
             # and unlinking would make the account unreachable.
             if not request.user.has_usable_password() and not \
                     a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
             if self.must_set_password() and not a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
                 # Prevent access to the view.
                 raise Http404
             return super(UnlinkView, self).dispatch(request, *args, **kwargs)
         def form_valid(self, form):
             if not self.request.user.has_usable_password():
             if self.must_set_password():
                 form.save()
                 self.logger.info(u'user %s has set a password', self.request.user)
             links = models.FcAccount.objects.filter(user=self.request.user)
-...
         def get_context_data(self, **kwargs):
             context = super(UnlinkView, self).get_context_data(**kwargs)
             if not self.request.user.has_usable_password():
             if self.must_set_password():
                 context['no_password'] = True
             return context

             # we must be connected
             assert app.session['_auth_user_id']
             assert models.FcAccount.objects.count() == 1
             # by default we set a random password on new users, so they can use the
             # recover my password form
             assert User.objects.get().has_usable_password()
             response = app.get('/accounts/')
             response = response.click('Delete link')
             response.form.set('new_password1', 'ikKL1234')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2 » Plugin FS FranceConnect

0003-app_settings-set-password-to-random-value-by-default.patch