Skip to content
Snippets Groups Projects
Commit b2280cba authored by Dan Braghis's avatar Dan Braghis Committed by Todd Dembrey
Browse files

Only allow non-active users to set password on activation path

parent 6e0385ab
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
opentech/apply/users/views.py
+ 7
0
View file @ b2280cba
...@@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model, login, update_session_auth_hash ...@@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model, login, update_session_auth_hash
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AdminPasswordChangeForm from django.contrib.auth.forms import AdminPasswordChangeForm
from django.contrib.auth.tokens import PasswordResetTokenGenerator from django.contrib.auth.tokens import PasswordResetTokenGenerator
from django.core.exceptions import PermissionDenied
from django.shortcuts import redirect, render from django.shortcuts import redirect, render
from django.template.response import TemplateResponse from django.template.response import TemplateResponse
from django.urls import reverse_lazy from django.urls import reverse_lazy
...@@ -89,6 +90,12 @@ class ActivationView(TemplateView): ...@@ -89,6 +90,12 @@ class ActivationView(TemplateView):
def create_password(request): def create_password(request):
"""
A custom view for the admin password change form used for account activation.
"""
if request.user.is_active:
raise PermissionDenied
if request.method == 'POST': if request.method == 'POST':
form = AdminPasswordChangeForm(request.user, request.POST) form = AdminPasswordChangeForm(request.user, request.POST)
if form.is_valid(): if form.is_valid():
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment