/python-packages/django/contrib/auth/forms.py
Python | 358 lines | 294 code | 33 blank | 31 comment | 31 complexity | 3a052d54f7566ed5903bc3e6342097cc MD5 | raw file
- from __future__ import unicode_literals
- from django import forms
- from django.forms.util import flatatt
- from django.template import loader
- from django.utils.datastructures import SortedDict
- from django.utils.html import format_html, format_html_join
- from django.utils.http import int_to_base36
- from django.utils.safestring import mark_safe
- from django.utils.text import capfirst
- from django.utils.translation import ugettext, ugettext_lazy as _
- from django.contrib.auth import authenticate, get_user_model
- from django.contrib.auth.models import User
- from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher
- from django.contrib.auth.tokens import default_token_generator
- from django.contrib.sites.models import get_current_site
- UNMASKED_DIGITS_TO_SHOW = 6
- mask_password = lambda p: "%s%s" % (p[:UNMASKED_DIGITS_TO_SHOW], "*" * max(len(p) - UNMASKED_DIGITS_TO_SHOW, 0))
- class ReadOnlyPasswordHashWidget(forms.Widget):
- def render(self, name, value, attrs):
- encoded = value
- final_attrs = self.build_attrs(attrs)
- if not encoded or encoded == UNUSABLE_PASSWORD:
- summary = mark_safe("<strong>%s</strong>" % ugettext("No password set."))
- else:
- try:
- hasher = identify_hasher(encoded)
- except ValueError:
- summary = mark_safe("<strong>%s</strong>" % ugettext(
- "Invalid password format or unknown hashing algorithm."))
- else:
- summary = format_html_join('',
- "<strong>{0}</strong>: {1} ",
- ((ugettext(key), value)
- for key, value in hasher.safe_summary(encoded).items())
- )
- return format_html("<div{0}>{1}</div>", flatatt(final_attrs), summary)
- class ReadOnlyPasswordHashField(forms.Field):
- widget = ReadOnlyPasswordHashWidget
- def __init__(self, *args, **kwargs):
- kwargs.setdefault("required", False)
- super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
- def bound_data(self, data, initial):
- # Always return initial because the widget doesn't
- # render an input field.
- return initial
- class UserCreationForm(forms.ModelForm):
- """
- A form that creates a user, with no privileges, from the given username and
- password.
- """
- error_messages = {
- 'duplicate_username': _("A user with that username already exists."),
- 'password_mismatch': _("The two password fields didn't match."),
- }
- #Changed to modify username length from 30 to 75 (matching email addresses)
- username = forms.RegexField(label=_("Username"), max_length=75, # KA-LITE-MOD (using email addr for username)
- regex=r'^[\w.@+-]+$',
- help_text=_("Required. 30 characters or fewer. Letters, digits and "
- "@/./+/-/_ only."),
- error_messages={
- 'invalid': _("This value may contain only letters, numbers and "
- "@/./+/-/_ characters.")})
- password1 = forms.CharField(label=_("Password"),
- widget=forms.PasswordInput)
- password2 = forms.CharField(label=_("Password confirmation"),
- widget=forms.PasswordInput,
- help_text=_("Enter the same password as above, for verification."))
- class Meta:
- model = User
- fields = ("username",)
- def clean_username(self):
- # Since User.username is unique, this check is redundant,
- # but it sets a nicer error message than the ORM. See #13147.
- username = self.cleaned_data["username"]
- try:
- User._default_manager.get(username=username)
- except User.DoesNotExist:
- return username
- raise forms.ValidationError(self.error_messages['duplicate_username'])
- def clean_password2(self):
- password1 = self.cleaned_data.get("password1")
- password2 = self.cleaned_data.get("password2")
- if password1 and password2 and password1 != password2:
- raise forms.ValidationError(
- self.error_messages['password_mismatch'])
- return password2
- def save(self, commit=True):
- user = super(UserCreationForm, self).save(commit=False)
- user.set_password(self.cleaned_data["password1"])
- if commit:
- user.save()
- return user
- class UserChangeForm(forms.ModelForm):
- username = forms.RegexField(
- label=_("Username"), max_length=30, regex=r"^[\w.@+-]+$",
- help_text=_("Required. 30 characters or fewer. Letters, digits and "
- "@/./+/-/_ only."),
- error_messages={
- 'invalid': _("This value may contain only letters, numbers and "
- "@/./+/-/_ characters.")})
- password = ReadOnlyPasswordHashField(label=_("Password"),
- help_text=_("Raw passwords are not stored, so there is no way to see "
- "this user's password, but you can change the password "
- "using <a href=\"password/\">this form</a>."))
- class Meta:
- model = User
- def __init__(self, *args, **kwargs):
- super(UserChangeForm, self).__init__(*args, **kwargs)
- f = self.fields.get('user_permissions', None)
- if f is not None:
- f.queryset = f.queryset.select_related('content_type')
- def clean_password(self):
- # Regardless of what the user provides, return the initial value.
- # This is done here, rather than on the field, because the
- # field does not have access to the initial value
- return self.initial["password"]
- class AuthenticationForm(forms.Form):
- """
- Base class for authenticating users. Extend this to get a form that accepts
- username/password logins.
- """
- username = forms.CharField(max_length=254)
- password = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
- error_messages = {
- 'invalid_login': _("Please enter a correct %(username)s and password. "
- "Note that both fields may be case-sensitive."),
- 'no_cookies': _("Your Web browser doesn't appear to have cookies "
- "enabled. Cookies are required for logging in."),
- 'inactive': _("This account is inactive."),
- }
- def __init__(self, request=None, *args, **kwargs):
- """
- If request is passed in, the form will validate that cookies are
- enabled. Note that the request (a HttpRequest object) must have set a
- cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before
- running this validation.
- """
- self.request = request
- self.user_cache = None
- super(AuthenticationForm, self).__init__(*args, **kwargs)
- # Set the label for the "username" field.
- UserModel = get_user_model()
- self.username_field = UserModel._meta.get_field(UserModel.USERNAME_FIELD)
- if not self.fields['username'].label:
- self.fields['username'].label = capfirst(self.username_field.verbose_name)
- def clean(self):
- username = self.cleaned_data.get('username')
- password = self.cleaned_data.get('password')
- if username and password:
- self.user_cache = authenticate(username=username,
- password=password)
- if self.user_cache is None:
- raise forms.ValidationError(
- self.error_messages['invalid_login'] % {
- 'username': self.username_field.verbose_name
- })
- elif not self.user_cache.is_active:
- raise forms.ValidationError(self.error_messages['inactive'])
- self.check_for_test_cookie()
- return self.cleaned_data
- def check_for_test_cookie(self):
- if self.request and not self.request.session.test_cookie_worked():
- raise forms.ValidationError(self.error_messages['no_cookies'])
- def get_user_id(self):
- if self.user_cache:
- return self.user_cache.id
- return None
- def get_user(self):
- return self.user_cache
- class PasswordResetForm(forms.Form):
- error_messages = {
- 'unknown': _("That email address doesn't have an associated "
- "user account. Are you sure you've registered?"),
- 'unusable': _("The user account associated with this email "
- "address cannot reset the password."),
- }
- email = forms.EmailField(label=_("Email"), max_length=254)
- def clean_email(self):
- """
- Validates that an active user exists with the given email address.
- """
- UserModel = get_user_model()
- email = self.cleaned_data["email"]
- self.users_cache = UserModel._default_manager.filter(email__iexact=email)
- if not len(self.users_cache):
- raise forms.ValidationError(self.error_messages['unknown'])
- if not any(user.is_active for user in self.users_cache):
- # none of the filtered users are active
- raise forms.ValidationError(self.error_messages['unknown'])
- if any((user.password == UNUSABLE_PASSWORD)
- for user in self.users_cache):
- raise forms.ValidationError(self.error_messages['unusable'])
- return email
- def save(self, domain_override=None,
- subject_template_name='registration/password_reset_subject.txt',
- email_template_name='registration/password_reset_email.html',
- use_https=False, token_generator=default_token_generator,
- from_email=None, request=None):
- """
- Generates a one-use only link for resetting password and sends to the
- user.
- """
- from django.core.mail import send_mail
- for user in self.users_cache:
- if not domain_override:
- current_site = get_current_site(request)
- site_name = current_site.name
- domain = current_site.domain
- else:
- site_name = domain = domain_override
- c = {
- 'email': user.email,
- 'domain': domain,
- 'site_name': site_name,
- 'uid': int_to_base36(user.pk),
- 'user': user,
- 'token': token_generator.make_token(user),
- 'protocol': use_https and 'https' or 'http',
- }
- subject = loader.render_to_string(subject_template_name, c)
- # Email subject *must not* contain newlines
- subject = ''.join(subject.splitlines())
- email = loader.render_to_string(email_template_name, c)
- send_mail(subject, email, from_email, [user.email])
- class SetPasswordForm(forms.Form):
- """
- A form that lets a user change set his/her password without entering the
- old password
- """
- error_messages = {
- 'password_mismatch': _("The two password fields didn't match."),
- }
- new_password1 = forms.CharField(label=_("New password"),
- widget=forms.PasswordInput)
- new_password2 = forms.CharField(label=_("New password confirmation"),
- widget=forms.PasswordInput)
- def __init__(self, user, *args, **kwargs):
- self.user = user
- super(SetPasswordForm, self).__init__(*args, **kwargs)
- def clean_new_password2(self):
- password1 = self.cleaned_data.get('new_password1')
- password2 = self.cleaned_data.get('new_password2')
- if password1 and password2:
- if password1 != password2:
- raise forms.ValidationError(
- self.error_messages['password_mismatch'])
- return password2
- def save(self, commit=True):
- self.user.set_password(self.cleaned_data['new_password1'])
- if commit:
- self.user.save()
- return self.user
- class PasswordChangeForm(SetPasswordForm):
- """
- A form that lets a user change his/her password by entering
- their old password.
- """
- error_messages = dict(SetPasswordForm.error_messages, **{
- 'password_incorrect': _("Your old password was entered incorrectly. "
- "Please enter it again."),
- })
- old_password = forms.CharField(label=_("Old password"),
- widget=forms.PasswordInput)
- def clean_old_password(self):
- """
- Validates that the old_password field is correct.
- """
- old_password = self.cleaned_data["old_password"]
- if not self.user.check_password(old_password):
- raise forms.ValidationError(
- self.error_messages['password_incorrect'])
- return old_password
- PasswordChangeForm.base_fields = SortedDict([
- (k, PasswordChangeForm.base_fields[k])
- for k in ['old_password', 'new_password1', 'new_password2']
- ])
- class AdminPasswordChangeForm(forms.Form):
- """
- A form used to change the password of a user in the admin interface.
- """
- error_messages = {
- 'password_mismatch': _("The two password fields didn't match."),
- }
- password1 = forms.CharField(label=_("Password"),
- widget=forms.PasswordInput)
- password2 = forms.CharField(label=_("Password (again)"),
- widget=forms.PasswordInput)
- def __init__(self, user, *args, **kwargs):
- self.user = user
- super(AdminPasswordChangeForm, self).__init__(*args, **kwargs)
- def clean_password2(self):
- password1 = self.cleaned_data.get('password1')
- password2 = self.cleaned_data.get('password2')
- if password1 and password2:
- if password1 != password2:
- raise forms.ValidationError(
- self.error_messages['password_mismatch'])
- return password2
- def save(self, commit=True):
- """
- Saves the new password.
- """
- self.user.set_password(self.cleaned_data["password1"])
- if commit:
- self.user.save()
- return self.user