From 8c827cc84516ae152a9c7940b8072e5431c9fc82 Mon Sep 17 00:00:00 2001
From: Jean-Romain Garnier <jean-romain.garnier@supelec.fr>
Date: Thu, 16 Apr 2020 17:16:33 +0000
Subject: [PATCH] Add option to enable the password field during account
 creation

---
 ...allow_set_password_during_user_creation.py | 20 +++++++++
 preferences/models.py                         |  9 ++++
 .../preferences/display_preferences.html      |  4 ++
 users/forms.py                                | 42 ++++++++++---------
 users/views.py                                | 30 ++++---------
 5 files changed, 64 insertions(+), 41 deletions(-)
 create mode 100644 preferences/migrations/0068_optionaluser_allow_set_password_during_user_creation.py

diff --git a/preferences/migrations/0068_optionaluser_allow_set_password_during_user_creation.py b/preferences/migrations/0068_optionaluser_allow_set_password_during_user_creation.py
new file mode 100644
index 00000000..63d9e4c9
--- /dev/null
+++ b/preferences/migrations/0068_optionaluser_allow_set_password_during_user_creation.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.28 on 2020-04-16 17:06
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('preferences', '0067_auto_20191120_0159'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='optionaluser',
+            name='allow_set_password_during_user_creation',
+            field=models.BooleanField(default=False, help_text='If True, users have the choice to receive an email containing a link to reset their password during creation, or to directly set their password in the page. If False, an email is always sent.'),
+        ),
+    ]
diff --git a/preferences/models.py b/preferences/models.py
index b8189384..8570e79b 100644
--- a/preferences/models.py
+++ b/preferences/models.py
@@ -117,6 +117,15 @@ class OptionalUser(AclMixin, PreferencesModel):
             " If False, only when a valid registration has been paid."
         ),
     )
+    allow_set_password_during_user_creation = models.BooleanField(
+        default=False,
+        help_text=_(
+            "If True, users have the choice to receive an email containing"
+            " a link to reset their password during creation, or to directly"
+            " set their password in the page."
+            " If False, an email is always sent."
+        ),
+    )
     allow_archived_connexion = models.BooleanField(
         default=False, help_text=_("If True, archived users are allowed to connect.")
     )
diff --git a/preferences/templates/preferences/display_preferences.html b/preferences/templates/preferences/display_preferences.html
index 8e00962e..89858ddc 100644
--- a/preferences/templates/preferences/display_preferences.html
+++ b/preferences/templates/preferences/display_preferences.html
@@ -125,6 +125,10 @@ with this program; if not, write to the Free Software Foundation, Inc.,
                 <tr>
                     <th>{% trans "All users are active by default" %}</th>
                     <td>{{ useroptions.all_users_active|tick }}</td>
+                    <th>{% trans "Allow directly entering a password during account creation" %}</th>
+                    <td>{{ useroptions.allow_set_password_during_user_creation|tick }}</td>
+                </tr>
+                <tr>
                     <th>{% trans "Allow archived users to log in" %}</th>
                     <td>{{ useroptions.allow_archived_connexion|tick }}</td>
                 </tr>
diff --git a/users/forms.py b/users/forms.py
index c5200fc2..7b133c4b 100644
--- a/users/forms.py
+++ b/users/forms.py
@@ -382,26 +382,27 @@ class AdherentCreationForm(AdherentForm):
     AdherentForm auquel on ajoute une checkbox afin d'éviter les
     doublons d'utilisateurs et, optionnellement,
     un champ mot de passe"""
-    # Champ pour choisir si un lien est envoyé par mail pour le mot de passe
-    init_password_by_mail = forms.BooleanField(required=False, initial=True)
-    init_password_by_mail.label = _("Send password reset link by email.")
+    if OptionalUser.get_cached_value("allow_set_password_during_user_creation"):
+        # Champ pour choisir si un lien est envoyé par mail pour le mot de passe
+        init_password_by_mail = forms.BooleanField(required=False, initial=True)
+        init_password_by_mail.label = _("Send password reset link by email.")
 
-    # Champs pour initialiser le mot de passe
-    # Validators are handled manually since theses fields aren't always required
-    password1 = forms.CharField(
-        required=False,
-        label=_("Password"),
-        widget=forms.PasswordInput,
-    #    validators=[MinLengthValidator(8)],
-        max_length=255,
-    )
-    password2 = forms.CharField(
-        required=False,
-        label=_("Password confirmation"),
-        widget=forms.PasswordInput,
-    #    validators=[MinLengthValidator(8)],
-        max_length=255,
-    )
+        # Champs pour initialiser le mot de passe
+        # Validators are handled manually since theses fields aren't always required
+        password1 = forms.CharField(
+            required=False,
+            label=_("Password"),
+            widget=forms.PasswordInput,
+            #validators=[MinLengthValidator(8)],
+            max_length=255,
+        )
+        password2 = forms.CharField(
+            required=False,
+            label=_("Password confirmation"),
+            widget=forms.PasswordInput,
+            #validators=[MinLengthValidator(8)],
+            max_length=255,
+        )
 
     # Champ permettant d'éviter au maxium les doublons d'utilisateurs
     former_user_check_info = _(
@@ -476,7 +477,8 @@ class AdherentCreationForm(AdherentForm):
         # Save the provided password in hashed format
         user = super(AdherentForm, self).save(commit=False)
 
-        send_email = self.cleaned_data.get("init_password_by_mail")
+        is_set_password_allowed = OptionalUser.get_cached_value("allow_set_password_during_user_creation")
+        send_email = not is_set_password_allowed or self.cleaned_data.get("init_password_by_mail")
         if not send_email:
             user.set_password(self.cleaned_data["password1"])
 
diff --git a/users/views.py b/users/views.py
index f14cb295..3f41a990 100644
--- a/users/views.py
+++ b/users/views.py
@@ -119,12 +119,13 @@ def new_user(request):
     user = AdherentCreationForm(request.POST or None, user=request.user)
     GTU_sum_up = GeneralOption.get_cached_value("GTU_sum_up")
     GTU = GeneralOption.get_cached_value("GTU")
+    is_set_password_allowed = OptionalUser.get_cached_value("allow_set_password_during_user_creation")
 
     if user.is_valid():
         user = user.save()
 
         # Use "is False" so that if None, the email is sent
-        if user.should_send_password_reset_email is False:
+        if is_set_password_allowed and user.should_send_password_reset_email is False:
             messages.success(
                 request,
                 _("The user %s was created.")
@@ -143,30 +144,17 @@ def new_user(request):
     # Anonymous users are allowed to create new accounts
     # but they should be treated differently
     params = {
-            "userform": user,
-            "GTU_sum_up": GTU_sum_up,
-            "GTU": GTU,
-            "showCGU": True,
-            "action_name": _("Commit"),
-        }
+        "userform": user,
+        "GTU_sum_up": GTU_sum_up,
+        "GTU": GTU,
+        "showCGU": True,
+        "action_name": _("Commit"),
+    }
 
-    if request.user.is_anonymous:
+    if is_set_password_allowed:
         params["load_js_file"] = "/static/js/toggle_password_fields.js"
 
     return form(params, "users/user.html", request)
-    """
-    return form(
-        {
-            "userform": user,
-            "GTU_sum_up": GTU_sum_up,
-            "GTU": GTU,
-            "showCGU": True,
-            "action_name": _("Commit"),
-        },
-        "users/user.html",
-        request,
-    )
-    """
 
 
 @login_required