From a99767549ae340d01747bbdc6cc75154d128ffde Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 22 Nov 2022 15:34:26 +0100 Subject: [PATCH 2/3] auth_fc: show warning on password change page if user is linked to FranceConnect (#69989) --- src/authentic2/views.py | 1 + src/authentic2_auth_fc/apps.py | 15 +++++++++++++++ tests/auth_fc/test_views.py | 30 ++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 tests/auth_fc/test_views.py diff --git a/src/authentic2/views.py b/src/authentic2/views.py index 69e58edc..e8193837 100644 --- a/src/authentic2/views.py +++ b/src/authentic2/views.py @@ -1560,6 +1560,7 @@ class PasswordChangeView(HomeURLMixin, DjPasswordChangeView): if not utils_misc.user_can_change_password(request=request): messages.warning(request, _('Password change is forbidden')) return utils_misc.redirect(request, self.post_change_redirect) + hooks.call_hooks('password_change_view', request=self.request) return super().dispatch(request, *args, **kwargs) def post(self, request, *args, **kwargs): diff --git a/src/authentic2_auth_fc/apps.py b/src/authentic2_auth_fc/apps.py index 2a5ef20b..0f721514 100644 --- a/src/authentic2_auth_fc/apps.py +++ b/src/authentic2_auth_fc/apps.py @@ -115,3 +115,18 @@ class AppConfig(django.apps.AppConfig): if url: return [url] return [] + + def a2_hook_password_change_view(self, request=None, **kwargs): + from django.contrib import messages + from django.utils.translation import gettext as _ + + if request and request.user.is_authenticated and request.user.fc_accounts.exists(): + messages.warning( + request, + _( + '''\ +Watch out, this password is the one from your local account and not the one from your \ +FranceConnect provider. It will only be useful when you log in \ +locally and not through FranceConnect.''' + ), + ) diff --git a/tests/auth_fc/test_views.py b/tests/auth_fc/test_views.py new file mode 100644 index 00000000..ce8f7ce3 --- /dev/null +++ b/tests/auth_fc/test_views.py @@ -0,0 +1,30 @@ +# authentic2 - authentic2 authentication for FranceConnect +# Copyright (C) 2022 Entr'ouvert +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from authentic2.custom_user.models import User + + +def test_password_change_view_with_fc(app, db): + user = User.objects.create(username='jdoe') + app.set_user('jdoe') + + response = app.get('/accounts/password/change/') + assert not len(response.pyquery('.messages')) + assert User.objects.count() == 1 + + user.fc_accounts.create(sub='1234') + response = app.get('/accounts/password/change/') + assert 'FranceConnect' in response.pyquery('.messages .warning').text() -- 2.37.2