Ask password at unlinking when the user has no usable password (fixes #10524).

2016-04-13 10:03:09 +02:00 · 2016-04-13 10:03:09 +02:00 · f1b2ced61b
parent b9899c719a
commit f1b2ced61b
3 changed files with 113 additions and 65 deletions
--- a/src/authentic2_auth_fc/locale/fr/LC_MESSAGES/django.po
+++ b/src/authentic2_auth_fc/locale/fr/LC_MESSAGES/django.po
@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: authentic2-auth-fc 1.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2016-04-11 23:14+0200\n"
+"POT-Creation-Date: 2016-04-13 12:45+0200\n"
 "PO-Revision-Date: 2016-02-29 19:56+0100\n"
 "Last-Translator: Benjamin Dauvergne <bdauvergne@entrouvert.com>\n"
 "Language-Team: french <fr@li.org>\n"
@ -33,11 +33,6 @@ msgstr "sub"
 msgid "access token"
 msgstr "jeton d'accès"

-#: models.py:52
-#, python-brace-format
-msgid "{0} (Last connection from : {1})"
-msgstr "{0} (Dernière connexion depuis : {1})"
-
 #: templates/authentic2_auth_fc/connecting.html:11
 msgid "Log in with FranceConnect"
 msgstr "Connectez-vous avec FranceConnect"
@ -64,63 +59,70 @@ msgstr "Comptes FranceConnect associés"
 msgid "Delete link"
 msgstr "Supprimer la liaison"

-#: templates/authentic2_auth_fc/unlink.html:8
-#, python-format
+#: templates/authentic2_auth_fc/unlink.html:7
 msgid ""
-"You're about to delete the link between your third party account and your "
-"FranceConnect account : %(fc_account)s."
-msgstr ""
-"Vous êtes sur le point de supprimer la liaison entre votre compte Partenaire "
-"et votre compte FranceConnect : %(fc_account)s."
+"\n"
+"        You're about to delete the link between your local account and your "
+"FranceConnect account :\n"
+"        %(fc_account)s.\n"
+"        "
+msgstr "\n"
+"Vous êtes sur le point de supprimer la liaison entre votre compte local et votre compte "
+"FranceConnect : %(fc_account)s."

-#: templates/authentic2_auth_fc/unlink.html:9
+#: templates/authentic2_auth_fc/unlink.html:13
 msgid ""
-"Delete this link won't delete those accounts. However, once all the links "
-"with FranceConnect are deleted, it's no more possible to use the "
-"FranceConnect features from your third party account. It is still possible "
-"to link those accounts once again by clicking on the button FranceConnect on "
-"the login page."
-msgstr ""
-"Supprimer la liaison ne supprimera pas ces comptes. Cependant, une fois "
-"toutes les liaisons avec FranceConnect supprimées, il ne sera plus possible "
-"d'utiliser les fonctionnalités FranceConnect depuis votre compte Partenaire. "
-"Il sera toujours possible de lier à nouveau ces comptes en cliquant sur le "
-"bouton FranceConnect sur la page de connexion."
+"\n"
+"        Delete this link won't delete those accounts. However, once all the "
+"links with FranceConnect\n"
+"        are deleted, it's no more possible to use the FranceConnect to "
+"automatically login on this\n"
+"        site. It is still possible to link those accounts once again by "
+"clicking on the button\n"
+"        FranceConnect on the login page.\n"
+"        "
+msgstr "\n"
+"Supprimer cette liaison ne supprimera pas ces comptes. Cependant, une fois toutes les liaisons "
+"FranceConnect avec ce compte supprimées, il ne sera plus possible de se connecter automatiquement "
+"à ce site en utilisant FranceConnect. Il sera toujours possible de lier à nouveau ces comptes en "
+"cliquant sur le bouton FranceConnect sur la page de connexion."

-#: templates/authentic2_auth_fc/unlink.html:10
-#, python-format
+#: templates/authentic2_auth_fc/unlink.html:22
 msgid ""
-"Do you confirm the deletion of the link with the FranceConnect account "
-"%(fc_account)s ?"
-msgstr ""
-"Confirmez-vous la suppression de la liaison avec le compte FranceConnect "
-"%(fc_account)s ?"
+"\n"
+"        Your local account has no password and remove this link may make "
+"this account inaccessible.\n"
+"        Please provide a password to pursue the unlinking.\n"
+"        "
+msgstr "\n"
+"Votre compte local n'a pas de mot de passe et supprimer ce lien pourrait rendre ce compte "
+"inaccessible. Merci de fournir un mot de passe afin de permettre la suppression du lien."

-#: templates/authentic2_auth_fc/unlink.html:11
+#: templates/authentic2_auth_fc/unlink.html:32
 msgid "Unlink"
 msgstr "Délier"

-#: templates/authentic2_auth_fc/unlink.html:12
+#: templates/authentic2_auth_fc/unlink.html:36
 msgid "Cancel"
 msgstr "Annuler"

-#: views.py:206
+#: views.py:208
 msgid "You refused the connection."
 msgstr "Vous avez refusé la connexion."

-#: views.py:218 views.py:227 views.py:240
+#: views.py:220 views.py:229 views.py:242
 msgid "Unable to connect to FranceConnect."
 msgstr "Impossible de se connecter à FranceConnect."

-#: views.py:297
+#: views.py:299
 msgid "Your FranceConnect account {} has been linked."
 msgstr "Votre compte FranceConnect {} a été associé."

-#: views.py:303
+#: views.py:305
 msgid "Your local account has been updated."
 msgstr "Votre compte local a été mis à jour."

-#: views.py:318
+#: views.py:320
 msgid ""
 "To link with your FranceConnect account, please authenticate or create a new "
 "account."
@ -128,11 +130,11 @@ msgstr ""
 "Pour associer le compte FranceConnect, authentifiez-vous ou créez-vous un "
 "nouveau compte."

-#: views.py:336
+#: views.py:338
 msgid "FranceConnect didn't provide your email address, please do."
 msgstr "FranceConnect n'a pas fourni votre adresse email, merci de le faire."

-#: views.py:370
+#: views.py:388
 #, python-brace-format
 msgid "The link with the FranceConnect account {fc_account} has been deleted."
 msgstr "La liaison avec le compte FranceConnect {fc_account} a été supprimée"
--- a/src/authentic2_auth_fc/templates/authentic2_auth_fc/unlink.html
+++ b/src/authentic2_auth_fc/templates/authentic2_auth_fc/unlink.html
@ -3,12 +3,32 @@
 {% load i18n %}

 {% block content %}
-  <form method="post">
-    {% csrf_token %}
-    <p>{% blocktrans %}You're about to delete the link between your third party account and your FranceConnect account : {{ fc_account }}.{% endblocktrans %}</p>
-    <p>{% blocktrans %}Delete this link won't delete those accounts. However, once all the links with FranceConnect are deleted, it's no more possible to use the FranceConnect features from your third party account. It is still possible to link those accounts once again by clicking on the button FranceConnect on the login page.{% endblocktrans %}</p>
-    <p>{% blocktrans %}Do you confirm the deletion of the link with the FranceConnect account {{ fc_account }} ?{% endblocktrans %}</p>
-    <input type="submit" name="unlink" value="{% trans "Unlink" %}"/>
-    <input type="submit" name="cancel" value="{% trans "Cancel" %}"/>
-  </form>
+    <p>
+        {% blocktrans %}
+        You're about to delete the link between your local account and your FranceConnect account :
+        {{ fc_account }}.
+        {% endblocktrans %}
+    </p>
+    <p>
+        {% blocktrans %}
+        Delete this link won't delete those accounts. However, once all the links with FranceConnect
+        are deleted, it's no more possible to use the FranceConnect to automatically login on this
+        site. It is still possible to link those accounts once again by clicking on the button
+        FranceConnect on the login page.
+        {% endblocktrans %}
+    </p>
+    {% if no_password %}
+    <p>
+        {% blocktrans %}
+        Your local account has no password and remove this link may make this account inaccessible.
+        Please provide a password to pursue the unlinking.
+        {% endblocktrans %}
+    </p>
+    {% endif %}
+    <form method="post">
+        {% csrf_token %}
+        {{ form.as_p }}
+        <input type="submit" name="unlink" value="{% trans "Unlink" %}"/>
+        <input type="submit" name="cancel" value="{% trans "Cancel" %}"/>
+    </form>
 {% endblock %}
--- a/src/authentic2_auth_fc/views.py
+++ b/src/authentic2_auth_fc/views.py
@ -8,7 +8,7 @@ import json
 from requests_oauthlib import OAuth2Session


-from django.views.generic import TemplateView, View
+from django.views.generic import TemplateView, View, FormView
 from django.views.generic.detail import SingleObjectMixin
 from django.http import HttpResponse, HttpResponseRedirect
 from django.contrib.auth import authenticate, login as auth_login, \
@ -23,8 +23,10 @@ from django.core import signing
 from django.core.cache import InvalidCacheBackendError, get_cache
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
+from django.forms import Form

 from authentic2 import utils as a2_utils
+from authentic2.registration_backend import forms as registration_forms

 from . import app_settings, models, utils

@ -344,10 +346,30 @@ class RegistrationView(LoggerMixin, View):
        return HttpResponseRedirect(activation_url)


-class UnlinkView(LoggerMixin, SingleObjectMixin, TemplateView):
+class UnlinkView(LoggerMixin, SingleObjectMixin, FormView):
    model = models.FcAccount
    template_name = 'authentic2_auth_fc/unlink.html'

+    def get_success_url(self):
+        next = app_settings.logout_at_unlink_return_url
+        if app_settings.logout_when_unlink:
+            target = utils.build_logout_url(self.request, next)
+            if target:
+                next = target
+        return next
+
+    def get_form_class(self):
+        form_class = Form
+        if not self.fc_account.user.has_usable_password():
+            form_class = registration_forms.SetPasswordForm
+        return form_class
+
+    def get_form_kwargs(self, **kwargs):
+        kwargs = super(UnlinkView, self).get_form_kwargs(**kwargs)
+        if not self.fc_account.user.has_usable_password():
+            kwargs['user'] = self.fc_account.user
+        return kwargs
+
    def dispatch(self, request, *args, **kwargs):
        self.fc_account = self.object = self.get_object()
        self.check_access(self.fc_account)
@ -362,21 +384,25 @@ class UnlinkView(LoggerMixin, SingleObjectMixin, TemplateView):
        ctx['fc_account'] = self.fc_account
        return ctx

+    def form_valid(self, form):
+        msg_tpl = _('The link with the FranceConnect account {fc_account} has been deleted.')
+        msg = msg_tpl.format(fc_account=self.fc_account)
+        self.logger.info(u'user %s unlinked from %s', self.fc_account.user, self.fc_account)
+        self.fc_account.delete()
+        messages.info(self.request, msg)
+        return super(UnlinkView, self).form_valid(form)
+
+    def get_context_data(self, **kwargs):
+        context = super(UnlinkView, self).get_context_data(**kwargs)
+        context['fc_account'] = self.fc_account
+        if not self.fc_account.user.has_usable_password():
+            context['no_password'] = True
+        return context
+
    def post(self, request, *args, **kwargs):
-        next = app_settings.logout_at_unlink_return_url
-        if 'cancel' not in request.POST:
-            models.FcAccount.objects.filter(pk=self.fc_account.pk).delete()
-            msg = _('The link with the FranceConnect '
-                'account {fc_account} has been deleted.') \
-                .format(fc_account=self.fc_account)
-            self.logger.info(u'user %s unlinked from %s', request.user, self.fc_account)
-            messages.info(request, msg)
-            if app_settings.logout_when_unlink:
-                target = utils.build_logout_url(request, next)
-                # target is assumed empty if no active session on the OP.
-                if target:
-                    return HttpResponseRedirect(target)
-        return HttpResponseRedirect(next)
+        if 'cancel' in request.POST:
+            return a2_utils.redirect(request, 'account_management')
+        return super(UnlinkView, self).post(request, *args, **kwargs)


 login_or_link = LoginOrLinkView.as_view()