entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

utils: add hook to decide if user can change/set password (fixes #28848)

This commit is contained in:
Frédéric Péters 2019-01-17 08:25:02 +01:00 committed by Benjamin Dauvergne
parent 1097339aeb
commit 6a8eed17d2
5 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/authentic2/backends/ldap_backend.py
View File

@ -221,7 +221,7 @@ class LDAPUser(get_user_model()):
return self.block['can_reset_password'] return self.block['can_reset_password']
def can_change_password(self): def can_change_password(self):
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD and self.block['user_can_change_password'] return self.block['user_can_change_password']
class LDAPBackend(object): class LDAPBackend(object):

2
src/authentic2/custom_user/models.py
View File

@ -274,4 +274,4 @@ class User(AbstractBaseUser, PermissionMixin):
return rc return rc
def can_change_password(self): def can_change_password(self):
return app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD return True

10
src/authentic2/utils.py
View File

@ -1075,3 +1075,13 @@ def get_user_flag(user, name, default=None):
if ou_value is not None: if ou_value is not None:
return ou_value return ou_value
return default return default
def user_can_change_password(user, request=None):
from . import hooks
if not app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD:
return False
for can in hooks.call_hooks('user_can_change_password', user=user, request=request):
if can is False:
return can
return True

4
src/authentic2/views.py
View File

@ -503,7 +503,7 @@ class ProfileView(cbv.TemplateNamesMixin, TemplateView):
'allow_profile_edit': EditProfile.can_edit_profile(), 'allow_profile_edit': EditProfile.can_edit_profile(),
'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL, 'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
# TODO: deprecated should be removed when publik-base-theme is updated # TODO: deprecated should be removed when publik-base-theme is updated
'allow_password_change': request.user.can_change_password(), 'allow_password_change': utils.user_can_change_password(user=request.user, request=request),
'federation_management': federation_management, 'federation_management': federation_management,
}) })
hooks.call_hooks('modify_context_data', self, context) hooks.call_hooks('modify_context_data', self, context)
@ -582,7 +582,7 @@ def logout(request, next_url=None, default_next_url='auth_homepage',
def login_password_profile(request, *args, **kwargs): def login_password_profile(request, *args, **kwargs):
context = kwargs.pop('context', {}) context = kwargs.pop('context', {})
can_change_password = app_settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD can_change_password = utils.user_can_change_password(user=request.user, request=request)
has_usable_password = request.user.has_usable_password() has_usable_password = request.user.has_usable_password()
context.update( context.update(
{'can_change_password': can_change_password, {'can_change_password': can_change_password,

8
tests/test_utils.py
View File

@ -1,4 +1,4 @@
from authentic2.utils import good_next_url, same_origin, select_next_url from authentic2.utils import good_next_url, same_origin, select_next_url, user_can_change_password
def test_good_next_url(rf, settings): def test_good_next_url(rf, settings):
@ -46,3 +46,9 @@ def test_select_next_url(rf, settings):
assert select_next_url(request, '/') == '/' assert select_next_url(request, '/') == '/'
settings.A2_REDIRECT_WHITELIST = ['//example.com/'] settings.A2_REDIRECT_WHITELIST = ['//example.com/']
assert select_next_url(request, '/') == 'http://example.com/' assert select_next_url(request, '/') == 'http://example.com/'
def test_user_can_change_password(simple_user, settings):
assert user_can_change_password(user=simple_user) is True
settings.A2_REGISTRATION_CAN_CHANGE_PASSWORD = False
assert user_can_change_password(user=simple_user) is False