Skip to content
Snippets Groups Projects
Commit b2280cba authored by Dan Braghis's avatar Dan Braghis Committed by Todd Dembrey
Browse files

Only allow non-active users to set password on activation path

parent 6e0385ab
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
opentech/apply/users/views.py
+ 7
0
View file @ b2280cba
......@@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model, login, update_session_auth_hash
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AdminPasswordChangeForm
from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.core.exceptions import PermissionDenied
from django.shortcuts import redirect, render
from django.template.response import TemplateResponse
from django.urls import reverse_lazy
......@@ -89,6 +90,12 @@ class ActivationView(TemplateView):
def create_password(request):
"""
A custom view for the admin password change form used for account activation.
"""
if request.user.is_active:
raise PermissionDenied
if request.method == 'POST':
form = AdminPasswordChangeForm(request.user, request.POST)
if form.is_valid():
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment