From f1444b2462836d9e09ec2c053628342cfffd3c4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Delobelle?= Date: Thu, 1 Sep 2016 16:31:18 +0200 Subject: [PATCH] Changer le pwd d'un account --- kfet/forms.py | 15 +++++++++++++++ kfet/migrations/0044_auto_20160901_1614.py | 18 ++++++++++++++++++ kfet/models.py | 1 + kfet/templates/kfet/account_update.html | 1 + kfet/views.py | 14 ++++++++++++++ 5 files changed, 49 insertions(+) create mode 100644 kfet/migrations/0044_auto_20160901_1614.py diff --git a/kfet/forms.py b/kfet/forms.py index ad2814c9..d587b6a9 100644 --- a/kfet/forms.py +++ b/kfet/forms.py @@ -66,6 +66,21 @@ class AccountRestrictForm(AccountForm): class Meta(AccountForm.Meta): fields = ['promo'] +class AccountPwdForm(forms.Form): + pwd1 = forms.CharField( + widget=forms.PasswordInput) + pwd2 = forms.CharField( + widget=forms.PasswordInput) + + def clean(self): + pwd1 = self.cleaned_data['pwd1'] + pwd2 = self.cleaned_data['pwd2'] + if len(pwd1) < 8: + raise ValidationError("Mot de passe trop court") + if pwd1 != pwd2: + raise ValidationError("Les mots de passes sont différents") + super(AccountPwdForm, self).clean() + class CofForm(forms.ModelForm): def clean_is_cof(self): instance = getattr(self, 'instance', None) diff --git a/kfet/migrations/0044_auto_20160901_1614.py b/kfet/migrations/0044_auto_20160901_1614.py new file mode 100644 index 00000000..2a91206a --- /dev/null +++ b/kfet/migrations/0044_auto_20160901_1614.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('kfet', '0043_auto_20160901_0046'), + ] + + operations = [ + migrations.AlterModelOptions( + name='globalpermissions', + options={'managed': False, 'permissions': (('is_team', 'Is part of the team'), ('perform_deposit', 'Effectuer une charge'), ('perform_negative_operations', 'Enregistrer des commandes en n\xe9gatif'), ('override_frozen_protection', "Forcer le gel d'un compte"), ('cancel_old_operations', 'Annuler des commandes non r\xe9centes'), ('manage_perms', 'G\xe9rer les permissions K-F\xeat'), ('manage_addcosts', 'G\xe9rer les majorations'), ('perform_commented_operations', 'Enregistrer des commandes avec commentaires'), ('view_negs', 'Voir la liste des n\xe9gatifs'), ('order_to_inventory', "G\xe9n\xe9rer un inventaire \xe0 partir d'une commande"), ('edit_balance_account', "Modifier la balance d'un compte"), ('change_account_password', "Modifier le mot de passe d'une personne de l'\xe9quipe"))}, + ), + ] diff --git a/kfet/models.py b/kfet/models.py index dd7001dc..69098ac9 100644 --- a/kfet/models.py +++ b/kfet/models.py @@ -562,6 +562,7 @@ class GlobalPermissions(models.Model): ('view_negs', 'Voir la liste des négatifs'), ('order_to_inventory', "Générer un inventaire à partir d'une commande"), ('edit_balance_account', "Modifier la balance d'un compte"), + ('change_account_password', "Modifier le mot de passe d'une personne de l'équipe"), ) class Settings(models.Model): diff --git a/kfet/templates/kfet/account_update.html b/kfet/templates/kfet/account_update.html index 0c63d6a3..83e56934 100644 --- a/kfet/templates/kfet/account_update.html +++ b/kfet/templates/kfet/account_update.html @@ -38,6 +38,7 @@ {{ cof_form.as_p }} {{ account_form.as_p }} {{ group_form.as_p }} + {{ pwd_form.as_p }} {{ negative_form.non_field_errors }} {% for field in negative_form %} {{ field.errors }} diff --git a/kfet/views.py b/kfet/views.py index 1b10de3a..0d6e2901 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -32,6 +32,7 @@ from collections import defaultdict from kfet import consumers from datetime import timedelta import django_cas_ng +import hashlib import heapq import statistics @@ -276,6 +277,7 @@ def account_update(request, trigramme): group_form = UserGroupForm(instance=account.user) account_form = AccountForm(instance=account) cof_form = CofRestrictForm(instance=account.cofprofile) + pwd_form = AccountPwdForm() if hasattr(account, 'negative'): negative_form = AccountNegativeForm(instance=account.negative) else: @@ -286,6 +288,7 @@ def account_update(request, trigramme): cof_form = None group_form = None negative_form = None + pwd_form = None if request.method == "POST": # Update attempt @@ -297,6 +300,7 @@ def account_update(request, trigramme): cof_form = CofRestrictForm(request.POST, instance=account.cofprofile) user_form = UserRestrictTeamForm(request.POST, instance=account.user) group_form = UserGroupForm(request.POST, instance=account.user) + pwd_form = AccountPwdForm(request.POST) if hasattr(account, 'negative'): negative_form = AccountNegativeForm(request.POST, instance=account.negative) @@ -311,6 +315,15 @@ def account_update(request, trigramme): # Updating account_form.save(data = data) + # Checking perm to update password + if (request.user.has_perm('kfet.change_account_password') + and pwd_form.is_valid()): + pwd = pwd_form.cleaned_data['pwd1'] + pwd_sha1 = hashlib.sha1(pwd.encode()).hexdigest() + Account.objects.filter(pk=account.pk).update( + password = pwd_sha1) + messages.success(request, 'Mot de passe mis à jour') + # Checking perm to manage perms if (request.user.has_perm('kfet.manage_perms') and group_form.is_valid()): @@ -363,6 +376,7 @@ def account_update(request, trigramme): 'user_form' : user_form, 'group_form' : group_form, 'negative_form': negative_form, + 'pwd_form' : pwd_form, }) @permission_required('kfet.manage_perms')