PasswordChangeView: show success message only on success (#69463)

License: MIT
This commit is contained in:
Benjamin Renard 2022-09-22 15:13:40 +02:00 committed by Benjamin Dauvergne
parent 46d10c9cf7
commit 0d88a9a610
2 changed files with 32 additions and 6 deletions

View File

@ -1569,13 +1569,13 @@ class PasswordChangeView(HomeURLMixin, DjPasswordChangeView):
def form_valid(self, form):
hooks.call_hooks('event', name='change-password', user=self.request.user, request=self.request)
messages.info(self.request, _('Password changed'))
models.PasswordReset.objects.filter(user=self.request.user).delete()
try:
response = super().form_valid(form)
except utils_misc.PasswordChangeError as e:
messages.error(self.request, e.message)
return utils_misc.redirect(self.request, self.post_change_redirect)
messages.info(self.request, _('Password changed'))
self.request.journal.record('user.password.change', session=self.request.session)
return response

View File

@ -16,6 +16,7 @@
# authentic2
import datetime
from unittest import mock
from urllib.parse import urlparse
import pytest
@ -38,7 +39,7 @@ def test_profile(app, simple_user):
def test_password_change(app, simple_user):
simple_user.set_password('hop')
simple_user.save()
resp = login(app, simple_user, password='hop', path=reverse('password_change'))
resp = login(app, simple_user, password='hop', path='/accounts/password/change/')
old_session_key = app.session.session_key
assert resp.form['old_password'].attrs['autocomplete'] == 'current-password'
@ -49,13 +50,38 @@ def test_password_change(app, simple_user):
resp.form['new_password2'] = 'hopAbcde1'
resp = resp.form.submit()
new_session_key = app.session.session_key
assert old_session_key != new_session_key, 'session\'s key has not been cycled'
assert resp.location == '/accounts/password/change/done/'
new_session_key = app.session.session_key
assert old_session_key != new_session_key, 'session\'s key has not been cycled'
assert_event('user.password.change', user=simple_user, session=app.session)
resp = resp.follow()
assert 'Password changed' in resp
def test_password_change_error(
app,
simple_user,
):
from authentic2.utils.misc import PasswordChangeError
simple_user.set_password('hop')
simple_user.save()
resp = login(app, simple_user, password='hop', path='/accounts/password/change/')
resp.form['old_password'] = 'hop'
resp.form['new_password1'] = 'hopAbcde1'
resp.form['new_password2'] = 'hopAbcde1'
with mock.patch(
'authentic2.custom_user.models.User.set_password', side_effect=PasswordChangeError('boum!')
):
resp = resp.form.submit()
resp = resp.follow()
assert 'Password changed' not in resp
assert 'boum!' in resp
def test_well_known_password_change(app):
resp = app.get('/.well-known/change-password')