utils: add hook to decide if user can change/set password (fixes #28848)
This commit is contained in:
parent
1097339aeb
commit
6a8eed17d2
|
@ -221,7 +221,7 @@ class LDAPUser(get_user_model()):
|
||||||
return self.block['can_reset_password']
|
return self.block['can_reset_password']
|
||||||
|
|
||||||
def can_change_password(self):
|
def can_change_password(self):
|
||||||
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD and self.block['user_can_change_password']
|
return self.block['user_can_change_password']
|
||||||
|
|
||||||
|
|
||||||
class LDAPBackend(object):
|
class LDAPBackend(object):
|
||||||
|
|
|
@ -274,4 +274,4 @@ class User(AbstractBaseUser, PermissionMixin):
|
||||||
return rc
|
return rc
|
||||||
|
|
||||||
def can_change_password(self):
|
def can_change_password(self):
|
||||||
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD
|
return True
|
||||||
|
|
|
@ -1075,3 +1075,13 @@ def get_user_flag(user, name, default=None):
|
||||||
if ou_value is not None:
|
if ou_value is not None:
|
||||||
return ou_value
|
return ou_value
|
||||||
return default
|
return default
|
||||||
|
|
||||||
|
|
||||||
|
def user_can_change_password(user, request=None):
|
||||||
|
from . import hooks
|
||||||
|
if not app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
|
||||||
|
return False
|
||||||
|
for can in hooks.call_hooks('user_can_change_password', user=user, request=request):
|
||||||
|
if can is False:
|
||||||
|
return can
|
||||||
|
return True
|
||||||
|
|
|
@ -503,7 +503,7 @@ class ProfileView(cbv.TemplateNamesMixin, TemplateView):
|
||||||
'allow_profile_edit': EditProfile.can_edit_profile(),
|
'allow_profile_edit': EditProfile.can_edit_profile(),
|
||||||
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
|
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
|
||||||
# TODO: deprecated should be removed when publik-base-theme is updated
|
# TODO: deprecated should be removed when publik-base-theme is updated
|
||||||
'allow_password_change': request.user.can_change_password(),
|
'allow_password_change': utils.user_can_change_password(user=request.user, request=request),
|
||||||
'federation_management': federation_management,
|
'federation_management': federation_management,
|
||||||
})
|
})
|
||||||
hooks.call_hooks('modify_context_data', self, context)
|
hooks.call_hooks('modify_context_data', self, context)
|
||||||
|
@ -582,7 +582,7 @@ def logout(request, next_url=None, default_next_url='auth_homepage',
|
||||||
|
|
||||||
def login_password_profile(request, *args, **kwargs):
|
def login_password_profile(request, *args, **kwargs):
|
||||||
context = kwargs.pop('context', {})
|
context = kwargs.pop('context', {})
|
||||||
can_change_password = app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD
|
can_change_password = utils.user_can_change_password(user=request.user, request=request)
|
||||||
has_usable_password = request.user.has_usable_password()
|
has_usable_password = request.user.has_usable_password()
|
||||||
context.update(
|
context.update(
|
||||||
{'can_change_password': can_change_password,
|
{'can_change_password': can_change_password,
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
from authentic2.utils import good_next_url, same_origin, select_next_url
|
from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password
|
||||||
|
|
||||||
|
|
||||||
def test_good_next_url(rf, settings):
|
def test_good_next_url(rf, settings):
|
||||||
|
@ -46,3 +46,9 @@ def test_select_next_url(rf, settings):
|
||||||
assert select_next_url(request, '/') == '/'
|
assert select_next_url(request, '/') == '/'
|
||||||
settings.A2_REDIRECT_WHITELIST = ['//example.com/']
|
settings.A2_REDIRECT_WHITELIST = ['//example.com/']
|
||||||
assert select_next_url(request, '/') == 'http://example.com/'
|
assert select_next_url(request, '/') == 'http://example.com/'
|
||||||
|
|
||||||
|
|
||||||
|
def test_user_can_change_password(simple_user, settings):
|
||||||
|
assert user_can_change_password(user=simple_user) is True
|
||||||
|
settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False
|
||||||
|
assert user_can_change_password(user=simple_user) is False
|
||||||
|
|
Loading…
Reference in New Issue