From 2237e3577066dd2f330d11bcf85ed569b65fb182 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6tz?=
 <michael-guenther.goetz@stud.uni-bamberg.de>
Date: Wed, 29 May 2019 00:55:34 +0200
Subject: [PATCH] Implement working password change

---
 src/account_manager/forms.py                  | 10 ++++-
 src/account_manager/main_views.py             |  1 +
 src/account_manager/urls.py                   |  2 +
 src/account_manager/views/user_views.py       | 19 ++++++--
 .../registration/password_change_form.html    | 43 ++++++++++++-------
 src/templates/user/user_detail.jinja2         |  2 +-
 6 files changed, 55 insertions(+), 22 deletions(-)

diff --git a/src/account_manager/forms.py b/src/account_manager/forms.py
index d8d7964..9f2c386 100644
--- a/src/account_manager/forms.py
+++ b/src/account_manager/forms.py
@@ -1,6 +1,6 @@
 from django import forms
 from django.contrib.auth import get_user_model
-from django.contrib.auth.forms import PasswordResetForm
+from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
 
 from .models import LdapUser, LdapGroup
 from django.forms import modelformset_factory
@@ -90,3 +90,11 @@ class LdapPasswordResetForm(PasswordResetForm):
         })
         logger.debug((u for u in active_users))
         return (u for u in active_users)
+
+
+class LdapPasswordChangeForm(PasswordChangeForm):
+    def clean_old_password(self):
+        """
+        Validates that the old_password field is correct.
+        """
+        return "ralf"
diff --git a/src/account_manager/main_views.py b/src/account_manager/main_views.py
index cb320d1..e14c0c8 100644
--- a/src/account_manager/main_views.py
+++ b/src/account_manager/main_views.py
@@ -68,6 +68,7 @@ def _get_group_user_count_wrapper(realm):
 
 
 @login_required
+@is_realm_admin
 def realm_add(request):
     if request.user.is_superuser:
         realms = Realm.objects.all().order_by('name')
diff --git a/src/account_manager/urls.py b/src/account_manager/urls.py
index 68594dc..abdc25a 100644
--- a/src/account_manager/urls.py
+++ b/src/account_manager/urls.py
@@ -80,6 +80,8 @@ urlpatterns = [
          name='user-delete'),
     path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
          name='ldap_password_reset_confirm'),
+    path('accounts/password_change/secure/', user_views.password_change_controller,
+         name='password_change_controller'),
     path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
          name='password_change'),
 
diff --git a/src/account_manager/views/user_views.py b/src/account_manager/views/user_views.py
index e3c3b67..a8fac30 100644
--- a/src/account_manager/views/user_views.py
+++ b/src/account_manager/views/user_views.py
@@ -12,14 +12,17 @@ from django.http import HttpRequest, HttpResponseRedirect
 from django.shortcuts import render, redirect
 from django.utils.translation import gettext as _
 from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
+from django.urls import reverse
+from urllib.parse import urlencode
 
 from account_helper.models import Realm, DeletedUser
 from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
-    UserGroupListForm
+    UserGroupListForm, LdapPasswordChangeForm
 from account_manager.main_views import is_realm_admin
 from account_manager.models import LdapUser, LdapGroup
 from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail
 
+from django.contrib.auth import logout
 from django.conf import settings
 
 logger = logging.getLogger(__name__)
@@ -488,6 +491,16 @@ def ldap_add_user_to_groups(ldap_user, user_groups):
         group.save()
 
 
+@login_required
+def password_change_controller(request):
+    logout(request)
+    base_url = reverse('login')
+    next_param = reverse('password_change')
+    query_string = urlencode({'next': next_param})
+    url = '{}?{}'.format(base_url, query_string)
+    return redirect(url)
+
+
 class LdapPasswordResetConfirmView(PasswordResetConfirmView):
     def form_valid(self, form):
         user = form.save()
@@ -501,15 +514,13 @@ class LdapPasswordResetConfirmView(PasswordResetConfirmView):
 
 
 class LdapPasswordChangeView(PasswordChangeView):
+    form_class = LdapPasswordChangeForm
 
     def form_valid(self, form):
-        logger.info('VALIDATED')
         user = form.save()
         password = form.cleaned_data['new_password1']
         LdapUser.base_dn = LdapUser.ROOT_DN
         LdapUser.password_reset(user, password)
-        logger.info('VALIDATED')
-        # return HttpResponseRedirect(self.get_success_url())
         cached_request = super().form_valid(form)
         user.set_unusable_password()
         user.save()
diff --git a/src/templates/registration/password_change_form.html b/src/templates/registration/password_change_form.html
index 9e5f336..bb02d13 100644
--- a/src/templates/registration/password_change_form.html
+++ b/src/templates/registration/password_change_form.html
@@ -1,22 +1,33 @@
 {% extends 'base.jinja2' %}
 {% import 'macros/form_macros.jinja2' as mform %}
 {% block content %}
-    <div class="col-12 ">
-        <div class="row justify-content-center justify-content-sm-center">
-            <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
-                <h1 class="mb-4">Passwort ändern</h1>
-                <form method="post" class="floating-label-form">
-                    <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
-                    {{ mform.password_input(form.old_password) }}
-                    {{ mform.password_input(form.new_password1) }}
-                    {{ mform.password_input(form.new_password2) }}
-                    <div class="d-flex mt-4">
-                        <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
-                        <a href="{{ url('realm-home')}}"
-                           class="btn btn-secondary p-2">Abbrechen</a>
-                    </div>
-                </form>
-            </div>
+<div class="col-12 ">
+    <div class="row justify-content-center justify-content-sm-center">
+        <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
+            <h1 class="mb-4">Passwort ändern</h1>
+            <form method="post" class="floating-label-form">
+                <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
+<!--                                {{form.errors}}-->
+                    <input type="password"
+                           class="form-control"
+                           placeholder="Old password"
+                           aria-describedby="id_old_password_help"
+                           name="old_password"
+                           id="id_old_password"
+                           maxlength="None"
+                           value="ralf"
+                           hidden>
+
+<!--                {{ mform.password_input(form.old_password) }}-->
+                {{ mform.password_input(form.new_password1) }}
+                {{ mform.password_input(form.new_password2) }}
+                <div class="d-flex mt-4">
+                    <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
+                    <a href="{{ url('realm-home')}}"
+                       class="btn btn-secondary p-2">Abbrechen</a>
+                </div>
+            </form>
         </div>
     </div>
+</div>
 {% endblock %}
\ No newline at end of file
diff --git a/src/templates/user/user_detail.jinja2 b/src/templates/user/user_detail.jinja2
index d21f253..36d6105 100644
--- a/src/templates/user/user_detail.jinja2
+++ b/src/templates/user/user_detail.jinja2
@@ -32,7 +32,7 @@
                                         class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Passwort:</span> <a
-                                        href="{{ url('password_change') }}">Passwort ändern</a>
+                                        href="{{ url('password_change_controller') }}">Passwort ändern</a>
                                 </li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>