0001-secure-email_change-view.patch
authentic2/forms.py | ||
---|---|---|
37 | 37 |
and field_name != 'email' ] |
38 | 38 | |
39 | 39 |
class EmailChangeForm(forms.Form): |
40 |
password = forms.CharField(label=_("Password"), |
|
41 |
widget=forms.PasswordInput) |
|
40 | 42 |
email = forms.EmailField(label=_('New email')) |
43 | ||
44 |
def __init__(self, user, *args, **kwargs): |
|
45 |
self.user = user |
|
46 |
super(EmailChangeForm, self).__init__(*args, **kwargs) |
|
47 | ||
48 |
def clean_password(self): |
|
49 |
password = self.cleaned_data["password"] |
|
50 |
if not self.user.check_password(password): |
|
51 |
raise forms.ValidationError( |
|
52 |
_('Incorrect password.'), |
|
53 |
code='password_incorrect', |
|
54 |
) |
|
55 |
return password |
authentic2/views.py | ||
---|---|---|
131 | 131 |
body_template = 'profiles/email_change_body.txt' |
132 | 132 |
success_url = '../..' |
133 | 133 | |
134 |
def get_form_kwargs(self): |
|
135 |
kwargs = super(EmailChangeView, self).get_form_kwargs() |
|
136 |
kwargs.update({ |
|
137 |
'user': self.request.user, |
|
138 |
}) |
|
139 |
return kwargs |
|
140 | ||
134 | 141 |
def form_valid(self, form): |
135 | 142 |
email = form.cleaned_data['email'] |
136 | 143 |
site = get_current_site(self.request) |
... | ... | |
160 | 167 |
'link contained inside.')) |
161 | 168 |
return super(EmailChangeView, self).form_valid(form) |
162 | 169 | |
163 |
email_change = EmailChangeView.as_view()
|
|
170 |
email_change = prevent_access_to_transient_users(EmailChangeView.as_view())
|
|
164 | 171 | |
165 | 172 |
class EmailChangeVerifyView(TemplateView): |
166 | 173 |
def get(self, request, *args, **kwargs): |
167 |
- |