Better password form on account activation

6e0385ab · Dan Braghis · Todd Dembrey · e2d89e2d · 6e0385ab · 6e0385ab
Commit 6e0385ab authored 7 years ago by Dan Braghis Committed by Todd Dembrey 7 years ago
--- a/opentech/apply/users/templates/users/change_password.html
+++ b/opentech/apply/users/templates/users/change_password.html
@@ -25,7 +25,7 @@
        </div>
    {% endif %}

-    <form action="{% url 'users:password_change' %}" method="POST" novalidate>
+    <form action="" method="POST" novalidate>
        {% csrf_token %}

        {% for field in form %}

--- a/opentech/apply/users/urls.py
+++ b/opentech/apply/users/urls.py
@@ -2,7 +2,7 @@ from django.conf.urls import url
 from django.contrib.auth import views as auth_views
 from django.urls import reverse_lazy

-from opentech.apply.users.views import account, oauth, ActivationView
+from opentech.apply.users.views import account, oauth, ActivationView, create_password

 urlpatterns = [
    url(r'^$', account, name='account'),
@@ -58,5 +58,6 @@ urlpatterns = [
        ActivationView.as_view(),
        name='activate'
    ),
+    url(r'^activate/password/', create_password, name="activate_password"),
    url(r'^oauth$', oauth, name='oauth'),
 ]
--- a/opentech/apply/users/views.py
+++ b/opentech/apply/users/views.py
-from django.contrib.auth import get_user_model, login
+from django.contrib import messages
+from django.contrib.auth import get_user_model, login, update_session_auth_hash
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.forms import AdminPasswordChangeForm
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.shortcuts import redirect, render
 from django.template.response import TemplateResponse
@@ -40,7 +42,7 @@ class ActivationView(TemplateView):
        if user:
            user.backend = 'django.contrib.auth.backends.ModelBackend'
            login(request, user)
-            return redirect('users:password_change')
+            return redirect('users:activate_password')

        return render(request, 'users/activation/invalid.html')

@@ -84,3 +86,20 @@ class ActivationView(TemplateView):
            return user
        except (TypeError, ValueError, OverflowError, User.DoesNotExist):
            return None
+
+
+def create_password(request):
+    if request.method == 'POST':
+        form = AdminPasswordChangeForm(request.user, request.POST)
+        if form.is_valid():
+            user = form.save()
+            update_session_auth_hash(request, user)  # Important!
+            messages.success(request, 'Your password was successfully updated!')
+            return redirect('users:account')
+        else:
+            messages.error(request, 'Please correct the errors below.')
+    else:
+        form = AdminPasswordChangeForm(request.user)
+    return render(request, 'users/change_password.html', {
+        'form': form
+    })