auth_fc: show warning on password change page if user is linked to FranceConnect (#69989)
This commit is contained in:
parent
89b526066d
commit
9171c30feb
|
@ -1560,6 +1560,7 @@ class PasswordChangeView(HomeURLMixin, DjPasswordChangeView):
|
|||
if not utils_misc.user_can_change_password(request=request):
|
||||
messages.warning(request, _('Password change is forbidden'))
|
||||
return utils_misc.redirect(request, self.post_change_redirect)
|
||||
hooks.call_hooks('password_change_view', request=self.request)
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
|
|
|
@ -115,3 +115,18 @@ class AppConfig(django.apps.AppConfig):
|
|||
if url:
|
||||
return [url]
|
||||
return []
|
||||
|
||||
def a2_hook_password_change_view(self, request=None, **kwargs):
|
||||
from django.contrib import messages
|
||||
from django.utils.translation import gettext as _
|
||||
|
||||
if request and request.user.is_authenticated and request.user.fc_accounts.exists():
|
||||
messages.warning(
|
||||
request,
|
||||
_(
|
||||
'''\
|
||||
Watch out, this password is the one from your local account and not the one from your \
|
||||
FranceConnect provider. It will only be useful when you log in \
|
||||
locally and not through FranceConnect.'''
|
||||
),
|
||||
)
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# authentic2 - authentic2 authentication for FranceConnect
|
||||
# Copyright (C) 2022 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from authentic2.custom_user.models import User
|
||||
|
||||
|
||||
def test_password_change_view_with_fc(app, db):
|
||||
user = User.objects.create(username='jdoe')
|
||||
app.set_user('jdoe')
|
||||
|
||||
response = app.get('/accounts/password/change/')
|
||||
assert len(response.pyquery('.messages')) == 0
|
||||
assert User.objects.count() == 1
|
||||
|
||||
user.fc_accounts.create(sub='1234')
|
||||
response = app.get('/accounts/password/change/')
|
||||
assert 'FranceConnect' in response.pyquery('.messages .warning').text()
|
Loading…
Reference in New Issue