0001-utils-add-hook-to-decide-if-user-can-change-set-pass.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
38 | 38 |
from django_rbac.utils import get_ou_model |
39 | 39 |
from authentic2.a2_rbac.utils import get_default_ou |
40 | 40 |
from authentic2.ldap_utils import FilterFormatter |
41 |
from authentic2.utils import utf8_encode |
|
41 |
from authentic2.utils import utf8_encode, user_can_change_password
|
|
42 | 42 | |
43 | 43 |
from authentic2.backends import is_user_authenticable |
44 | 44 | |
... | ... | |
221 | 221 |
return self.block['can_reset_password'] |
222 | 222 | |
223 | 223 |
def can_change_password(self): |
224 |
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD and self.block['user_can_change_password']
|
|
224 |
return self.block['user_can_change_password'] and user_can_change_password(user=self)
|
|
225 | 225 | |
226 | 226 | |
227 | 227 |
class LDAPBackend(object): |
src/authentic2/custom_user/models.py | ||
---|---|---|
274 | 274 |
return rc |
275 | 275 | |
276 | 276 |
def can_change_password(self): |
277 |
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD |
|
277 |
return utils.user_can_change_password(user=self) |
src/authentic2/utils.py | ||
---|---|---|
1073 | 1073 |
if ou_value is not None: |
1074 | 1074 |
return ou_value |
1075 | 1075 |
return default |
1076 | ||
1077 | ||
1078 |
def user_can_change_password(user, request=None): |
|
1079 |
from . import hooks |
|
1080 |
if not app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD: |
|
1081 |
return False |
|
1082 |
for can in hooks.call_hooks('user_can_change_password', user=user, request=request): |
|
1083 |
if can is False: |
|
1084 |
return can |
|
1085 |
return True |
src/authentic2/views.py | ||
---|---|---|
582 | 582 | |
583 | 583 |
def login_password_profile(request, *args, **kwargs): |
584 | 584 |
context = kwargs.pop('context', {}) |
585 |
can_change_password = app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD
|
|
585 |
can_change_password = utils.user_can_change_password(user=request.user)
|
|
586 | 586 |
has_usable_password = request.user.has_usable_password() |
587 | 587 |
context.update( |
588 | 588 |
{'can_change_password': can_change_password, |
tests/test_utils.py | ||
---|---|---|
1 |
from authentic2.utils import good_next_url, same_origin, select_next_url |
|
1 |
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password
|
|
2 | 2 | |
3 | 3 | |
4 | 4 |
def test_good_next_url(rf, settings): |
... | ... | |
46 | 46 |
assert select_next_url(request, '/') == '/' |
47 | 47 |
settings.A2_REDIRECT_WHITELIST = ['//example.com/'] |
48 | 48 |
assert select_next_url(request, '/') == 'http://example.com/' |
49 | ||
50 | ||
51 |
def test_user_can_change_password(simple_user, settings): |
|
52 |
assert user_can_change_password(user=simple_user) is True |
|
53 |
settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False |
|
54 |
assert user_can_change_password(user=simple_user) is False |
|
49 |
- |