utils: add hook to decide if user can change/set password (fixes #28848)
This commit is contained in:
parent
1097339aeb
commit
6a8eed17d2
|
@ -221,7 +221,7 @@ class LDAPUser(get_user_model()):
|
|||
return self.block['can_reset_password']
|
||||
|
||||
def can_change_password(self):
|
||||
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD and self.block['user_can_change_password']
|
||||
return self.block['user_can_change_password']
|
||||
|
||||
|
||||
class LDAPBackend(object):
|
||||
|
|
|
@ -274,4 +274,4 @@ class User(AbstractBaseUser, PermissionMixin):
|
|||
return rc
|
||||
|
||||
def can_change_password(self):
|
||||
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD
|
||||
return True
|
||||
|
|
|
@ -1075,3 +1075,13 @@ def get_user_flag(user, name, default=None):
|
|||
if ou_value is not None:
|
||||
return ou_value
|
||||
return default
|
||||
|
||||
|
||||
def user_can_change_password(user, request=None):
|
||||
from . import hooks
|
||||
if not app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
|
||||
return False
|
||||
for can in hooks.call_hooks('user_can_change_password', user=user, request=request):
|
||||
if can is False:
|
||||
return can
|
||||
return True
|
||||
|
|
|
@ -503,7 +503,7 @@ class ProfileView(cbv.TemplateNamesMixin, TemplateView):
|
|||
'allow_profile_edit': EditProfile.can_edit_profile(),
|
||||
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
|
||||
# TODO: deprecated should be removed when publik-base-theme is updated
|
||||
'allow_password_change': request.user.can_change_password(),
|
||||
'allow_password_change': utils.user_can_change_password(user=request.user, request=request),
|
||||
'federation_management': federation_management,
|
||||
})
|
||||
hooks.call_hooks('modify_context_data', self, context)
|
||||
|
@ -582,7 +582,7 @@ def logout(request, next_url=None, default_next_url='auth_homepage',
|
|||
|
||||
def login_password_profile(request, *args, **kwargs):
|
||||
context = kwargs.pop('context', {})
|
||||
can_change_password = app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD
|
||||
can_change_password = utils.user_can_change_password(user=request.user, request=request)
|
||||
has_usable_password = request.user.has_usable_password()
|
||||
context.update(
|
||||
{'can_change_password': can_change_password,
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
from authentic2.utils import good_next_url, same_origin, select_next_url
|
||||
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password
|
||||
|
||||
|
||||
def test_good_next_url(rf, settings):
|
||||
|
@ -46,3 +46,9 @@ def test_select_next_url(rf, settings):
|
|||
assert select_next_url(request, '/') == '/'
|
||||
settings.A2_REDIRECT_WHITELIST = ['//example.com/']
|
||||
assert select_next_url(request, '/') == 'http://example.com/'
|
||||
|
||||
|
||||
def test_user_can_change_password(simple_user, settings):
|
||||
assert user_can_change_password(user=simple_user) is True
|
||||
settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False
|
||||
assert user_can_change_password(user=simple_user) is False
|
||||
|
|
Loading…
Reference in New Issue