secure email_change view
This commit is contained in:
parent
f6651ba004
commit
01fcbaf67e
|
@ -37,4 +37,19 @@ class UserProfileForm(forms.ModelForm):
|
|||
and field_name != 'email' ]
|
||||
|
||||
class EmailChangeForm(forms.Form):
|
||||
password = forms.CharField(label=_("Password"),
|
||||
widget=forms.PasswordInput)
|
||||
email = forms.EmailField(label=_('New email'))
|
||||
|
||||
def __init__(self, user, *args, **kwargs):
|
||||
self.user = user
|
||||
super(EmailChangeForm, self).__init__(*args, **kwargs)
|
||||
|
||||
def clean_password(self):
|
||||
password = self.cleaned_data["password"]
|
||||
if not self.user.check_password(password):
|
||||
raise forms.ValidationError(
|
||||
_('Incorrect password.'),
|
||||
code='password_incorrect',
|
||||
)
|
||||
return password
|
||||
|
|
|
@ -131,6 +131,13 @@ class EmailChangeView(FormView):
|
|||
body_template = 'profiles/email_change_body.txt'
|
||||
success_url = '../..'
|
||||
|
||||
def get_form_kwargs(self):
|
||||
kwargs = super(EmailChangeView, self).get_form_kwargs()
|
||||
kwargs.update({
|
||||
'user': self.request.user,
|
||||
})
|
||||
return kwargs
|
||||
|
||||
def form_valid(self, form):
|
||||
email = form.cleaned_data['email']
|
||||
site = get_current_site(self.request)
|
||||
|
@ -160,7 +167,7 @@ class EmailChangeView(FormView):
|
|||
'link contained inside.'))
|
||||
return super(EmailChangeView, self).form_valid(form)
|
||||
|
||||
email_change = EmailChangeView.as_view()
|
||||
email_change = prevent_access_to_transient_users(EmailChangeView.as_view())
|
||||
|
||||
class EmailChangeVerifyView(TemplateView):
|
||||
def get(self, request, *args, **kwargs):
|
||||
|
|
Loading…
Reference in New Issue