0001-secure-email_change-view.patch
| authentic2/forms.py | ||
|---|---|---|
| 37 | 37 |
and field_name != 'email' ] |
| 38 | 38 | |
| 39 | 39 |
class EmailChangeForm(forms.Form): |
| 40 |
password = forms.CharField(label=_("Password"),
|
|
| 41 |
widget=forms.PasswordInput) |
|
| 40 | 42 |
email = forms.EmailField(label=_('New email'))
|
| 43 | ||
| 44 |
def __init__(self, user, *args, **kwargs): |
|
| 45 |
self.user = user |
|
| 46 |
super(EmailChangeForm, self).__init__(*args, **kwargs) |
|
| 47 | ||
| 48 |
def clean_password(self): |
|
| 49 |
password = self.cleaned_data["password"] |
|
| 50 |
if not self.user.check_password(password): |
|
| 51 |
raise forms.ValidationError( |
|
| 52 |
_('Incorrect password.'),
|
|
| 53 |
code='password_incorrect', |
|
| 54 |
) |
|
| 55 |
return password |
|
| authentic2/views.py | ||
|---|---|---|
| 131 | 131 |
body_template = 'profiles/email_change_body.txt' |
| 132 | 132 |
success_url = '../..' |
| 133 | 133 | |
| 134 |
def get_form_kwargs(self): |
|
| 135 |
kwargs = super(EmailChangeView, self).get_form_kwargs() |
|
| 136 |
kwargs.update({
|
|
| 137 |
'user': self.request.user, |
|
| 138 |
}) |
|
| 139 |
return kwargs |
|
| 140 | ||
| 134 | 141 |
def form_valid(self, form): |
| 135 | 142 |
email = form.cleaned_data['email'] |
| 136 | 143 |
site = get_current_site(self.request) |
| ... | ... | |
| 160 | 167 |
'link contained inside.')) |
| 161 | 168 |
return super(EmailChangeView, self).form_valid(form) |
| 162 | 169 | |
| 163 |
email_change = EmailChangeView.as_view()
|
|
| 170 |
email_change = prevent_access_to_transient_users(EmailChangeView.as_view())
|
|
| 164 | 171 | |
| 165 | 172 |
class EmailChangeVerifyView(TemplateView): |
| 166 | 173 |
def get(self, request, *args, **kwargs): |
| 167 |
- |
|