diff --git a/accounts/templates/profile.html b/accounts/templates/profile.html index 54a8bd0..4d11564 100644 --- a/accounts/templates/profile.html +++ b/accounts/templates/profile.html @@ -18,7 +18,7 @@
{% if perms.accounts.change_password %} - {% icon 'lock' %} {% trans "Change Password" %} + {% icon 'lock' %} {% trans "Change Password" %} {% endif %}
{% csrf_token %}
diff --git a/admin/forms.py b/admin/forms.py index 5c658aa..6856d7b 100644 --- a/admin/forms.py +++ b/admin/forms.py @@ -1,5 +1,8 @@ from django import forms from django.contrib.auth.models import Group, User +from django.contrib.auth.forms import ReadOnlyPasswordHashField +from django.urls import reverse_lazy +from django.utils.text import format_lazy from django.utils.translation import ugettext_lazy as _ from accounts.models import UserAttributes @@ -68,6 +71,16 @@ class UserForm(forms.ModelForm): 'is_superuser', ] + def __init__(self, *args, **kwargs): + super(UserForm, self).__init__(*args, **kwargs) + password = ReadOnlyPasswordHashField(label=_("Password"), + help_text=format_lazy(_("""Raw passwords are not stored, so there is no way to see + this user's password, but you can change the password + using this form."""), + reverse_lazy('admin:user_update_password', args=[self.instance.id,])) + ) + self.fields['Password'] = password + class UserCreateForm(UserForm): password = forms.CharField(widget=forms.PasswordInput) diff --git a/admin/urls.py b/admin/urls.py index 5e934c0..205cbc0 100644 --- a/admin/urls.py +++ b/admin/urls.py @@ -1,5 +1,4 @@ from django.urls import path -from django.contrib.auth.views import PasswordChangeView, PasswordChangeDoneView from . import views @@ -10,6 +9,7 @@ urlpatterns = [ path('groups//delete/', views.group_delete, name='group_delete'), path('users/', views.user_list, name='user_list'), path('users/create/', views.user_create, name='user_create'), + path('users//update_password/', views.user_update_password, name='user_update_password'), path('users//update/', views.user_update, name='user_update'), path('users//delete/', views.user_delete, name='user_delete'), path('users//block/', views.user_block, name='user_block'), diff --git a/admin/views.py b/admin/views.py index 3a5f72e..2cd1e71 100644 --- a/admin/views.py +++ b/admin/views.py @@ -1,4 +1,7 @@ from django.conf import settings +from django.contrib import messages +from django.contrib.auth import update_session_auth_hash +from django.contrib.auth.forms import AdminPasswordChangeForm from django.contrib.auth.models import Group, User from django.core.paginator import Paginator from django.shortcuts import get_object_or_404, redirect, render @@ -133,6 +136,29 @@ def user_update(request, pk): }, ) +@superuser_only +def user_update_password(request, pk): + user = get_object_or_404(User, pk=pk) + if request.method == 'POST': + form = AdminPasswordChangeForm(user, request.POST) + if form.is_valid(): + user = form.save() + update_session_auth_hash(request, user) # Important! + messages.success(request, _('User password changed: {}'.format(user.username))) + return redirect('admin:user_list') + else: + messages.error(request, _('Wrong Data Provided')) + else: + form = AdminPasswordChangeForm(user) + + return render( + request, + 'accounts/change_password_form.html', + { + 'form': form, + 'user': user.username + } + ) @superuser_only def user_delete(request, pk):