Small changes to password changing (#3213)

* fix formatting * also check for the old password * validate that password matches the rules
2024-08-30 18:33:04 +00:00 · 2022-06-17 02:36:36 +02:00 · 2022-06-17 02:36:36 +02:00 · 50a4bda184
commit 50a4bda184
parent 136924cd3f
2 changed files with 46 additions and 23 deletions
--- a/InvenTree/InvenTree/forms.py
+++ b/InvenTree/InvenTree/forms.py
@ -124,21 +124,31 @@ class EditUserForm(HelperForm):
 class SetPasswordForm(HelperForm):
    """Form for setting user password."""

-    enter_password = forms.CharField(max_length=100,
+    enter_password = forms.CharField(
+        max_length=100,
        min_length=8,
        required=True,
        initial='',
        widget=forms.PasswordInput(attrs={'autocomplete': 'off'}),
        label=_('Enter password'),
-                                     help_text=_('Enter new password'))
+        help_text=_('Enter new password')
+    )

-    confirm_password = forms.CharField(max_length=100,
+    confirm_password = forms.CharField(
+        max_length=100,
        min_length=8,
        required=True,
        initial='',
        widget=forms.PasswordInput(attrs={'autocomplete': 'off'}),
        label=_('Confirm password'),
-                                       help_text=_('Confirm new password'))
+        help_text=_('Confirm new password')
+    )
+
+    old_password = forms.CharField(
+        label=_("Old password"),
+        strip=False,
+        widget=forms.PasswordInput(attrs={'autocomplete': 'current-password', 'autofocus': True}),
+    )

    class Meta:
        """Metaclass options."""
@ -146,7 +156,8 @@ class SetPasswordForm(HelperForm):
        model = User
        fields = [
            'enter_password',
-            'confirm_password'
+            'confirm_password',
+            'old_password',
        ]


--- a/InvenTree/InvenTree/views.py
+++ b/InvenTree/InvenTree/views.py
@ -8,8 +8,10 @@ import json
 import os

 from django.conf import settings
+from django.contrib.auth import password_validation
 from django.contrib.auth.mixins import (LoginRequiredMixin,
                                        PermissionRequiredMixin)
+from django.core.exceptions import ValidationError
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@ -540,6 +542,8 @@ class SetPasswordView(AjaxUpdateView):

        p1 = request.POST.get('enter_password', '')
        p2 = request.POST.get('confirm_password', '')
+        old_password = request.POST.get('old_password', '')
+        user = self.request.user

        if valid:
            # Passwords must match
@ -548,20 +552,28 @@ class SetPasswordView(AjaxUpdateView):
                error = _('Password fields must match')
                form.add_error('enter_password', error)
                form.add_error('confirm_password', error)
-
                valid = False

-        data = {
-            'form_valid': valid
-        }
+        if valid:
+            # Old password must be correct
+
+            if not user.check_password(old_password):
+                form.add_error('old_password', _('Wrong password provided'))
+                valid = False

        if valid:
-            user = self.request.user
+            try:
+                # Validate password
+                password_validation.validate_password(p1, user)

+                # Update the user
                user.set_password(p1)
                user.save()
+            except ValidationError as error:
+                form.add_error('confirm_password', str(error))
+                valid = False

-        return self.renderJsonResponse(request, form, data=data)
+        return self.renderJsonResponse(request, form, data={'form_valid': valid})


 class IndexView(TemplateView):