From 6e0385abaa8c1b2571a99bc55780ea11072926fc Mon Sep 17 00:00:00 2001
From: Dan Braghis <dan.braghis@torchbox.com>
Date: Thu, 25 Jan 2018 15:05:29 +0000
Subject: [PATCH] Better password form on account activation

---
 .../templates/users/change_password.html      |  2 +-
 opentech/apply/users/urls.py                  |  3 ++-
 opentech/apply/users/views.py                 | 23 +++++++++++++++++--
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/opentech/apply/users/templates/users/change_password.html b/opentech/apply/users/templates/users/change_password.html
index 26799c69d..178f25355 100644
--- a/opentech/apply/users/templates/users/change_password.html
+++ b/opentech/apply/users/templates/users/change_password.html
@@ -25,7 +25,7 @@
         </div>
     {% endif %}
 
-    <form action="{% url 'users:password_change' %}" method="POST" novalidate>
+    <form action="" method="POST" novalidate>
         {% csrf_token %}
 
         {% for field in form %}
diff --git a/opentech/apply/users/urls.py b/opentech/apply/users/urls.py
index 76a7b0563..de7070648 100644
--- a/opentech/apply/users/urls.py
+++ b/opentech/apply/users/urls.py
@@ -2,7 +2,7 @@ from django.conf.urls import url
 from django.contrib.auth import views as auth_views
 from django.urls import reverse_lazy
 
-from opentech.apply.users.views import account, oauth, ActivationView
+from opentech.apply.users.views import account, oauth, ActivationView, create_password
 
 urlpatterns = [
     url(r'^$', account, name='account'),
@@ -58,5 +58,6 @@ urlpatterns = [
         ActivationView.as_view(),
         name='activate'
     ),
+    url(r'^activate/password/', create_password, name="activate_password"),
     url(r'^oauth$', oauth, name='oauth'),
 ]
diff --git a/opentech/apply/users/views.py b/opentech/apply/users/views.py
index 893b203c1..a194121dd 100644
--- a/opentech/apply/users/views.py
+++ b/opentech/apply/users/views.py
@@ -1,5 +1,7 @@
-from django.contrib.auth import get_user_model, login
+from django.contrib import messages
+from django.contrib.auth import get_user_model, login, update_session_auth_hash
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.forms import AdminPasswordChangeForm
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.shortcuts import redirect, render
 from django.template.response import TemplateResponse
@@ -40,7 +42,7 @@ class ActivationView(TemplateView):
         if user:
             user.backend = 'django.contrib.auth.backends.ModelBackend'
             login(request, user)
-            return redirect('users:password_change')
+            return redirect('users:activate_password')
 
         return render(request, 'users/activation/invalid.html')
 
@@ -84,3 +86,20 @@ class ActivationView(TemplateView):
             return user
         except (TypeError, ValueError, OverflowError, User.DoesNotExist):
             return None
+
+
+def create_password(request):
+    if request.method == 'POST':
+        form = AdminPasswordChangeForm(request.user, request.POST)
+        if form.is_valid():
+            user = form.save()
+            update_session_auth_hash(request, user)  # Important!
+            messages.success(request, 'Your password was successfully updated!')
+            return redirect('users:account')
+        else:
+            messages.error(request, 'Please correct the errors below.')
+    else:
+        form = AdminPasswordChangeForm(request.user)
+    return render(request, 'users/change_password.html', {
+        'form': form
+    })
-- 
GitLab