Implement working password change

src/account_manager/forms.py

@@ -1,6 +1,6 @@
 from django import forms
 from django.contrib.auth import get_user_model
-from django.contrib.auth.forms import PasswordResetForm
+from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
 
 from .models import LdapUser, LdapGroup
 from django.forms import modelformset_factory
@@ -90,3 +90,11 @@ class LdapPasswordResetForm(PasswordResetForm):
         })
         logger.debug((u for u in active_users))
         return (u for u in active_users)
+
+
+class LdapPasswordChangeForm(PasswordChangeForm):
+    def clean_old_password(self):
+        """
+        Validates that the old_password field is correct.
+        """
+        return "ralf"

src/account_manager/main_views.py

@@ -68,6 +68,7 @@ def _get_group_user_count_wrapper(realm):
 
 
 @login_required
+@is_realm_admin
 def realm_add(request):
     if request.user.is_superuser:
         realms = Realm.objects.all().order_by('name')

src/account_manager/urls.py

@@ -80,6 +80,8 @@ urlpatterns = [
          name='user-delete'),
     path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
          name='ldap_password_reset_confirm'),
+    path('accounts/password_change/secure/', user_views.password_change_controller,
+         name='password_change_controller'),
     path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
          name='password_change'),
 

src/account_manager/views/user_views.py

@@ -12,14 +12,17 @@ from django.http import HttpRequest, HttpResponseRedirect
 from django.shortcuts import render, redirect
 from django.utils.translation import gettext as _
 from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
+from django.urls import reverse
+from urllib.parse import urlencode
 
 from account_helper.models import Realm, DeletedUser
 from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
-    UserGroupListForm
+    UserGroupListForm, LdapPasswordChangeForm
 from account_manager.main_views import is_realm_admin
 from account_manager.models import LdapUser, LdapGroup
 from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail
 
+from django.contrib.auth import logout
 from django.conf import settings
 
 logger = logging.getLogger(__name__)
@@ -488,6 +491,16 @@ def ldap_add_user_to_groups(ldap_user, user_groups):
         group.save()
 
 
+@login_required
+def password_change_controller(request):
+    logout(request)
+    base_url = reverse('login')
+    next_param = reverse('password_change')
+    query_string = urlencode({'next': next_param})
+    url = '{}?{}'.format(base_url, query_string)
+    return redirect(url)
+
+
 class LdapPasswordResetConfirmView(PasswordResetConfirmView):
     def form_valid(self, form):
         user = form.save()
@@ -501,15 +514,13 @@ class LdapPasswordResetConfirmView(PasswordResetConfirmView):
 
 
 class LdapPasswordChangeView(PasswordChangeView):
+    form_class = LdapPasswordChangeForm
 
     def form_valid(self, form):
-        logger.info('VALIDATED')
         user = form.save()
         password = form.cleaned_data['new_password1']
         LdapUser.base_dn = LdapUser.ROOT_DN
         LdapUser.password_reset(user, password)
-        logger.info('VALIDATED')
-        # return HttpResponseRedirect(self.get_success_url())
         cached_request = super().form_valid(form)
         user.set_unusable_password()
         user.save()

src/templates/registration/password_change_form.html

@@ -1,22 +1,33 @@
 {% extends 'base.jinja2' %}
 {% import 'macros/form_macros.jinja2' as mform %}
 {% block content %}
-    <div class="col-12 ">
+<div class="col-12 ">
-        <div class="row justify-content-center justify-content-sm-center">
+    <div class="row justify-content-center justify-content-sm-center">
-            <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
+        <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
-                <h1 class="mb-4">Passwort ändern</h1>
+            <h1 class="mb-4">Passwort ändern</h1>
-                <form method="post" class="floating-label-form">
+            <form method="post" class="floating-label-form">
-                    <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
+                <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
-                    {{ mform.password_input(form.old_password) }}
+<!--                                {{form.errors}}-->
-                    {{ mform.password_input(form.new_password1) }}
+                    <input type="password"
-                    {{ mform.password_input(form.new_password2) }}
+                           class="form-control"
-                    <div class="d-flex mt-4">
+                           placeholder="Old password"
-                        <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
+                           aria-describedby="id_old_password_help"
-                        <a href="{{ url('realm-home')}}"
+                           name="old_password"
-                           class="btn btn-secondary p-2">Abbrechen</a>
+                           id="id_old_password"
-                    </div>
+                           maxlength="None"
-                </form>
+                           value="ralf"
-            </div>
+                           hidden>
+
+<!--                {{ mform.password_input(form.old_password) }}-->
+                {{ mform.password_input(form.new_password1) }}
+                {{ mform.password_input(form.new_password2) }}
+                <div class="d-flex mt-4">
+                    <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
+                    <a href="{{ url('realm-home')}}"
+                       class="btn btn-secondary p-2">Abbrechen</a>
+                </div>
+            </form>
         </div>
     </div>
+</div>
 {% endblock %}

src/templates/user/user_detail.jinja2

@@ -32,7 +32,7 @@
                                         class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Passwort:</span> <a
-                                        href="{{ url('password_change') }}">Passwort ändern</a>
+                                        href="{{ url('password_change_controller') }}">Passwort ändern</a>
                                 </li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>