Projet

Général

Profil

0003-views-ask-for-new-passord-on-unlink-only-if-logged-u.patch

Benjamin Dauvergne, 29 juin 2018 16:36

Télécharger (2,71 ko)

Voir les différences: 

Subject: [PATCH 3/5] views: ask for new passord on unlink only if logged using
 FC (#24835)


 src/authentic2_auth_fc/views.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)
src/authentic2_auth_fc/views.py
478 478 

  		




  479
  479
  
    
    def get_form_class(self):

  		




  480
  480
  
    
        form_class = Form

  		




  481
  
  
    
        if not self.request.user.has_usable_password():

  		




  
  481
  
    
        if self.must_set_password():

  		




  482
  482
  
    
            form_class = SET_PASSWORD_FORM_CLASS

  		




  483
  483
  
    
        return form_class

  		




  484
  484
  
    

  		




  485
  485
  
    
    def get_form_kwargs(self, **kwargs):

  		




  486
  486
  
    
        kwargs = super(UnlinkView, self).get_form_kwargs(**kwargs)

  		




  487
  
  
    
        if not self.request.user.has_usable_password():

  		




  
  487
  
    
        if self.must_set_password():

  		




  488
  488
  
    
            kwargs['user'] = self.request.user

  		




  489
  489
  
    
        return kwargs

  		




  490
  490
  
    

  		




  
  491
  
    
    def must_set_password(self):

  		




  
  492
  
    
        for event in self.request.session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, []):

  		




  
  493
  
    
            if event['how'].startswith('password'):

  		




  
  494
  
    
                return False

  		




  
  495
  
    
        return True

  		




  
  496
  
    

  		




  491
  497
  
    
    def dispatch(self, request, *args, **kwargs):

  		




  492
  498
  
    
        if not request.user.is_authenticated():

  		




  493
  499
  
    
            raise PermissionDenied()

  		




  494
  500
  
    
        # We prevent unlinking if the user has no usable password and can't change it

  		




  495
  501
  
    
        # because we assume that the password is the unique other mean of authentication

  		




  496
  502
  
    
        # and unlinking would make the account unreachable.

  		




  497
  
  
    
        if not request.user.has_usable_password() and not \

  		




  498
  
  
    
                a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:

  		




  
  503
  
    
        if self.must_set_password() and not a2_app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:

  		




  499
  504
  
    
            # Prevent access to the view.

  		




  500
  505
  
    
            raise Http404

  		




  501
  506
  
    
        return super(UnlinkView, self).dispatch(request, *args, **kwargs)

  		




  502
  507
  
    

  		




  503
  508
  
    
    def form_valid(self, form):

  		




  504
  
  
    
        if not self.request.user.has_usable_password():

  		




  
  509
  
    
        if self.must_set_password():

  		




  505
  510
  
    
            form.save()

  		




  506
  511
  
    
            self.logger.info(u'user %s has set a password', self.request.user)

  		




  507
  512
  
    
        links = models.FcAccount.objects.filter(user=self.request.user)

  		




  ......




  514
  519
  
    

  		




  515
  520
  
    
    def get_context_data(self, **kwargs):

  		




  516
  521
  
    
        context = super(UnlinkView, self).get_context_data(**kwargs)

  		




  517
  
  
    
        if not self.request.user.has_usable_password():

  		




  
  522
  
    
        if self.must_set_password():

  		




  518
  523
  
    
            context['no_password'] = True

  		




  519
  524
  
    
        return context

  		




  520
  525
  
    

  		




  521
  
  
    
-