auth_fc: show warning on password change page if user is linked to FranceConnect (#69989)

2022-11-22 15:34:26 +01:00 · 2022-11-22 15:34:26 +01:00 · 9171c30feb
parent 89b526066d
commit 9171c30feb
3 changed files with 46 additions and 0 deletions
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@ -1560,6 +1560,7 @@ class PasswordChangeView(HomeURLMixin, DjPasswordChangeView):
        if not utils_misc.user_can_change_password(request=request):
            messages.warning(request, _('Password change is forbidden'))
            return utils_misc.redirect(request, self.post_change_redirect)
+        hooks.call_hooks('password_change_view', request=self.request)
        return super().dispatch(request, *args, **kwargs)

    def post(self, request, *args, **kwargs):
--- a/src/authentic2_auth_fc/apps.py
+++ b/src/authentic2_auth_fc/apps.py
@ -115,3 +115,18 @@ class AppConfig(django.apps.AppConfig):
        if url:
            return [url]
        return []
+
+    def a2_hook_password_change_view(self, request=None, **kwargs):
+        from django.contrib import messages
+        from django.utils.translation import gettext as _
+
+        if request and request.user.is_authenticated and request.user.fc_accounts.exists():
+            messages.warning(
+                request,
+                _(
+                    '''\
+Watch out, this password is the one from your local account and not the one from your \
+FranceConnect provider. It will only be useful when you log in \
+locally and not through FranceConnect.'''
+                ),
+            )
--- a/tests/auth_fc/test_views.py
+++ b/tests/auth_fc/test_views.py
@ -0,0 +1,30 @@
+# authentic2 - authentic2 authentication for FranceConnect
+# Copyright (C) 2022 Entr'ouvert
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from authentic2.custom_user.models import User
+
+
+def test_password_change_view_with_fc(app, db):
+    user = User.objects.create(username='jdoe')
+    app.set_user('jdoe')
+
+    response = app.get('/accounts/password/change/')
+    assert len(response.pyquery('.messages')) == 0
+    assert User.objects.count() == 1
+
+    user.fc_accounts.create(sub='1234')
+    response = app.get('/accounts/password/change/')
+    assert 'FranceConnect' in response.pyquery('.messages .warning').text()