Commit a69599b6 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

Optionally enforce token renewal via settings. Set initial value to True in the forms.

Refs: #2612
parent d79a2414
......@@ -89,6 +89,8 @@ ASTAKOS_ADMIN_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account created (
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME Account activation helpdesk notification email subject
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT 'Email change on %s alpha2 testing' % SITENAME Email change subject
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT 'Password reset on %s alpha2 testing' % SITENAME Password change email subject
ASTAKOS_ENFORCE_TOKEN_RENEWAL True Enforce token renewal on password change/reset. If set to False, user can optionally decide
whether to renew the token or not.
=========================================== ============================================================================= ===========================================================================================
Administrator functions
......
......@@ -36,7 +36,7 @@ from datetime import datetime
from django import forms
from django.utils.translation import ugettext as _
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm, \
PasswordResetForm, PasswordChangeForm
PasswordResetForm, PasswordChangeForm, SetPasswordForm
from django.core.mail import send_mail
from django.contrib.auth.tokens import default_token_generator
from django.template import Context, loader
......@@ -50,7 +50,8 @@ from django.utils.encoding import smart_str
from astakos.im.models import AstakosUser, Invitation, get_latest_terms, EmailChange
from astakos.im.settings import INVITATIONS_PER_LEVEL, DEFAULT_FROM_EMAIL, \
BASEURL, SITENAME, RECAPTCHA_PRIVATE_KEY, DEFAULT_CONTACT_EMAIL, \
RECAPTCHA_ENABLED, LOGGING_LEVEL, PASSWORD_RESET_EMAIL_SUBJECT
RECAPTCHA_ENABLED, LOGGING_LEVEL, PASSWORD_RESET_EMAIL_SUBJECT, \
ENFORCE_TOKEN_RENEWAL
from astakos.im.widgets import DummyWidget, RecaptchaWidget
from astakos.im.functions import send_change_email
......@@ -474,15 +475,44 @@ class ExtendedPasswordChangeForm(PasswordChangeForm):
Extends PasswordChangeForm by enabling user
to optionally renew also the token.
"""
renew = forms.BooleanField(label='Renew token', required=False)
if not ENFORCE_TOKEN_RENEWAL:
renew = forms.BooleanField(label='Renew token', required=False,
initial=True,
help_text='Unsetting this may result in security risk.')
def __init__(self, user, *args, **kwargs):
super(ExtendedPasswordChangeForm, self).__init__(user, *args, **kwargs)
def save(self, commit=True):
user = super(ExtendedPasswordChangeForm, self).save(commit=False)
if self.cleaned_data.get('renew'):
if ENFORCE_TOKEN_RENEWAL or self.cleaned_data.get('renew'):
user.renew_token()
if commit:
user.save()
return user
class ExtendedSetPasswordForm(SetPasswordForm):
"""
Extends SetPasswordForm by enabling user
to optionally renew also the token.
"""
if not ENFORCE_TOKEN_RENEWAL:
renew = forms.BooleanField(label='Renew token', required=False,
initial=True,
help_text='Unsetting this may result in security risk.')
def __init__(self, user, *args, **kwargs):
super(ExtendedSetPasswordForm, self).__init__(user, *args, **kwargs)
def save(self, commit=True):
user = super(ExtendedSetPasswordForm, self).save(commit=False)
if ENFORCE_TOKEN_RENEWAL or self.cleaned_data.get('renew'):
try:
user = AstakosUser.objects.get(id=user.id)
except AstakosUser.DoesNotExist:
pass
else:
user.renew_token()
if commit:
user.save()
return user
\ No newline at end of file
......@@ -118,3 +118,5 @@ EMAIL_CHANGE_EMAIL_SUBJECT = getattr(settings, 'ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJE
PASSWORD_RESET_EMAIL_SUBJECT = getattr(settings, 'ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT',
'Password reset on %s alpha2 testing' % SITENAME)
# Enforce token renewal on password change/reset
ENFORCE_TOKEN_RENEWAL = getattr(settings, 'ASTAKOS_ENFORCE_TOKEN_RENEWAL', True)
\ No newline at end of file
......@@ -26,7 +26,7 @@
}
$this.hide();
if ($this.is("checked")) {
if ($this.attr("checked")) {
el.addClass("checked");
}
......
......@@ -34,7 +34,9 @@
from django.conf.urls.defaults import patterns, include, url
from django.contrib.auth.views import password_change
from astakos.im.forms import ExtendedPasswordResetForm, ExtendedPasswordChangeForm, LoginForm
from astakos.im.forms import (ExtendedPasswordResetForm,
ExtendedPasswordChangeForm,
ExtendedSetPasswordForm, LoginForm)
from astakos.im.settings import IM_MODULES, INVITATIONS_ENABLED, EMAILCHANGE_ENABLED
urlpatterns = patterns('astakos.im.views',
......@@ -71,7 +73,7 @@ if 'local' in IM_MODULES:
'password_reset_form':ExtendedPasswordResetForm}),
url(r'^local/password_reset_done/?$', 'password_reset_done'),
url(r'^local/reset/confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/?$',
'password_reset_confirm'),
'password_reset_confirm', {'set_password_form':ExtendedSetPasswordForm}),
url(r'^local/password/reset/complete/?$', 'password_reset_complete'),
url(r'^password_change/?$', 'password_change', {'post_change_redirect':'profile',
'password_change_form':ExtendedPasswordChangeForm})
......
......@@ -111,3 +111,5 @@
#ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT = 'Email change on %s alpha2 testing' % SITENAME
#ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT = 'Password reset on %s alpha2 testing' % SITENAME
# Enforce token renewal on password change/reset
# ENFORCE_TOKEN_RENEWAL = getattr(settings, 'ASTAKOS_ENFORCE_TOKEN_RENEWAL', True)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment