Changer le pwd d'un account

2016-09-01 16:31:18 +02:00 · 2016-09-01 16:31:18 +02:00 · f1444b2462
parent 150731c2e9
commit f1444b2462
5 changed files with 49 additions and 0 deletions
--- a/kfet/forms.py
+++ b/kfet/forms.py
@ -66,6 +66,21 @@ class AccountRestrictForm(AccountForm):
    class Meta(AccountForm.Meta):
        fields = ['promo']

+class AccountPwdForm(forms.Form):
+    pwd1 = forms.CharField(
+            widget=forms.PasswordInput)
+    pwd2 = forms.CharField(
+            widget=forms.PasswordInput)
+
+    def clean(self):
+        pwd1 = self.cleaned_data['pwd1']
+        pwd2 = self.cleaned_data['pwd2']
+        if len(pwd1) < 8:
+            raise ValidationError("Mot de passe trop court")
+        if pwd1 != pwd2:
+            raise ValidationError("Les mots de passes sont différents")
+        super(AccountPwdForm, self).clean()
+
 class CofForm(forms.ModelForm):
    def clean_is_cof(self):
        instance = getattr(self, 'instance', None)
--- a/kfet/migrations/0044_auto_20160901_1614.py
+++ b/kfet/migrations/0044_auto_20160901_1614.py
@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('kfet', '0043_auto_20160901_0046'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='globalpermissions',
+            options={'managed': False, 'permissions': (('is_team', 'Is part of the team'), ('perform_deposit', 'Effectuer une charge'), ('perform_negative_operations', 'Enregistrer des commandes en n\xe9gatif'), ('override_frozen_protection', "Forcer le gel d'un compte"), ('cancel_old_operations', 'Annuler des commandes non r\xe9centes'), ('manage_perms', 'G\xe9rer les permissions K-F\xeat'), ('manage_addcosts', 'G\xe9rer les majorations'), ('perform_commented_operations', 'Enregistrer des commandes avec commentaires'), ('view_negs', 'Voir la liste des n\xe9gatifs'), ('order_to_inventory', "G\xe9n\xe9rer un inventaire \xe0 partir d'une commande"), ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'\xe9quipe"))},
+        ),
+    ]
--- a/kfet/models.py
+++ b/kfet/models.py
@ -562,6 +562,7 @@ class GlobalPermissions(models.Model):
            ('view_negs', 'Voir la liste des négatifs'),
            ('order_to_inventory', "Générer un inventaire à partir d'une commande"),
            ('edit_balance_account', "Modifier la balance d'un compte"),
+            ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"),
        )

 class Settings(models.Model):
--- a/kfet/templates/kfet/account_update.html
+++ b/kfet/templates/kfet/account_update.html
@ -38,6 +38,7 @@
          {{ cof_form.as_p }}
          {{ account_form.as_p }}
          {{ group_form.as_p }}
+          {{ pwd_form.as_p }}
          {{ negative_form.non_field_errors }}
          {% for field in negative_form %}
            {{ field.errors }}
--- a/kfet/views.py
+++ b/kfet/views.py
@ -32,6 +32,7 @@ from collections import defaultdict
 from kfet import consumers
 from datetime import timedelta
 import django_cas_ng
+import hashlib
 import heapq
 import statistics

@ -276,6 +277,7 @@ def account_update(request, trigramme):
        group_form   = UserGroupForm(instance=account.user)
        account_form = AccountForm(instance=account)
        cof_form     = CofRestrictForm(instance=account.cofprofile)
+        pwd_form     = AccountPwdForm()
        if hasattr(account, 'negative'):
            negative_form = AccountNegativeForm(instance=account.negative)
        else:
@ -286,6 +288,7 @@ def account_update(request, trigramme):
        cof_form     = None
        group_form   = None
        negative_form = None
+        pwd_form     = None

    if request.method == "POST":
        # Update attempt
@ -297,6 +300,7 @@ def account_update(request, trigramme):
            cof_form     = CofRestrictForm(request.POST, instance=account.cofprofile)
            user_form    = UserRestrictTeamForm(request.POST, instance=account.user)
            group_form   = UserGroupForm(request.POST, instance=account.user)
+            pwd_form     = AccountPwdForm(request.POST)
            if hasattr(account, 'negative'):
                negative_form = AccountNegativeForm(request.POST, instance=account.negative)

@ -311,6 +315,15 @@ def account_update(request, trigramme):
                # Updating
                account_form.save(data = data)

+                # Checking perm to update password
+                if (request.user.has_perm('kfet.change_account_password')
+                        and pwd_form.is_valid()):
+                    pwd = pwd_form.cleaned_data['pwd1']
+                    pwd_sha1 = hashlib.sha1(pwd.encode()).hexdigest()
+                    Account.objects.filter(pk=account.pk).update(
+                            password = pwd_sha1)
+                    messages.success(request, 'Mot de passe mis à jour')
+
                # Checking perm to manage perms
                if (request.user.has_perm('kfet.manage_perms')
                        and group_form.is_valid()):
@ -363,6 +376,7 @@ def account_update(request, trigramme):
        'user_form'    : user_form,
        'group_form'   : group_form,
        'negative_form': negative_form,
+        'pwd_form'     : pwd_form,
    })

@permission_required('kfet.manage_perms')