From d3b41d6a5956874d25eb000acf51acc970446c80 Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Wed, 31 Jan 2018 05:51:47 +0100
Subject: [PATCH] Demande le mot de passe de soit quand on reinit un mdp

---
 users/forms.py  | 25 +++++++++++++++++++++++--
 users/models.py |  4 ++++
 users/views.py  | 36 +++++++++++++++++-------------------
 3 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/users/forms.py b/users/forms.py
index 72094d22..861fd292 100644
--- a/users/forms.py
+++ b/users/forms.py
@@ -50,10 +50,15 @@ from re2o.field_permissions import FieldPermissionFormMixin
 NOW = timezone.now()
 
 
-class PassForm(forms.Form):
+class PassForm(FieldPermissionFormMixin, forms.ModelForm):
     """Formulaire de changement de mot de passe. Verifie que les 2
     nouveaux mots de passe renseignés sont identiques et respectent
     une norme"""
+    selfpasswd = forms.CharField(
+        label=u'Saisir le mot de passe existant',
+        max_length=255,
+        widget=forms.PasswordInput
+    )
     passwd1 = forms.CharField(
         label=u'Nouveau mot de passe',
         max_length=255,
@@ -67,15 +72,31 @@ class PassForm(forms.Form):
         widget=forms.PasswordInput
     )
 
+    class Meta:
+        model = User
+        fields = []
+
     def clean_passwd2(self):
         """Verifie que passwd1 et 2 sont identiques"""
         # Check that the two password entries match
         password1 = self.cleaned_data.get("passwd1")
         password2 = self.cleaned_data.get("passwd2")
         if password1 and password2 and password1 != password2:
-            raise forms.ValidationError("Passwords don't match")
+            raise forms.ValidationError("Les 2 nouveaux mots de passe sont différents")
         return password2
 
+    def clean_selfpasswd(self):
+        """Verifie si il y a lieu que le mdp self est correct"""
+        if not self.instance.check_password(self.cleaned_data.get("selfpasswd")):
+            raise forms.ValidationError("Le mot de passe actuel est incorrect")
+        return
+
+    def save(self, commit=True):
+        """Changement du mot de passe"""
+        user = super(PassForm, self).save(commit=False)
+        user.set_password(self.cleaned_data.get("passwd1"))
+        user.save()
+
 
 class UserCreationForm(forms.ModelForm):
     """A form for creating new users. Includes all the required
diff --git a/users/models.py b/users/models.py
index eb6b835c..5c145f54 100644
--- a/users/models.py
+++ b/users/models.py
@@ -735,6 +735,9 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
             else:
                 return False, u"Vous ne pouvez éditer un autre utilisateur que vous même"
 
+    def check_selfpasswd(self, user_request, *args, **kwargs):
+        return user_request == self, None
+
     @staticmethod
     def can_change_state(user_request, *args, **kwargs):
         return user_request.has_perm('users.change_user_state'), "Droit requis pour changer l'état"
@@ -801,6 +804,7 @@ class User(FieldPermissionModelMixin, AbstractBaseUser, PermissionsMixin):
         self.field_permissions = {
             'shell' : self.can_change_shell,
             'force' : self.can_change_force,
+            'selfpasswd' : self.check_selfpasswd,
         }
 
     def __str__(self):
diff --git a/users/views.py b/users/views.py
index 9b4b818a..5640b003 100644
--- a/users/views.py
+++ b/users/views.py
@@ -102,21 +102,6 @@ from re2o.acl import (
     can_change
 )
 
-def password_change_action(u_form, user, request, req=False):
-    """ Fonction qui effectue le changeemnt de mdp bdd"""
-    user.set_user_password(u_form.cleaned_data['passwd1'])
-    with transaction.atomic(), reversion.create_revision():
-        user.save()
-        reversion.set_comment("Réinitialisation du mot de passe")
-    messages.success(request, "Le mot de passe a changé")
-    if req:
-        req.delete()
-        return redirect(reverse('index'))
-    return redirect(reverse(
-        'users:profil',
-        kwargs={'userid':str(user.id)}
-        ))
-
 @can_create(Adherent)
 def new_user(request):
     """ Vue de création d'un nouvel utilisateur,
@@ -268,9 +253,17 @@ def password(request, user, userid):
     """ Reinitialisation d'un mot de passe à partir de l'userid,
     pour self par défaut, pour tous sans droit si droit cableur,
     pour tous si droit bureau """
-    u_form = PassForm(request.POST or None)
+    u_form = PassForm(request.POST or None, instance=user, user=request.user)
     if u_form.is_valid():
-        return password_change_action(u_form, user, request)
+        with transaction.atomic(), reversion.create_revision():
+            u_form.save()
+            reversion.set_user(request.user)
+            reversion.set_comment("Changement du mot de passe")
+        messages.success(request, "Le mot de passe a changé")
+        return redirect(reverse(
+        'users:profil',
+        kwargs={'userid':str(user.id)}
+        ))
     return form({'userform': u_form}, 'users/user.html', request)
 
 
@@ -827,10 +820,15 @@ def process(request, token):
 def process_passwd(request, req):
     """Process le changeemnt de mot de passe, renvoie le formulaire
     demandant le nouveau password"""
-    u_form = PassForm(request.POST or None)
     user = req.user
+    u_form = PassForm(request.POST or None, instance=user, user=request.user)
     if u_form.is_valid():
-        return password_change_action(u_form, user, request, req=req)
+        with transaction.atomic(), reversion.create_revision():
+            u_form.save()
+            reversion.set_comment("Réinitialisation du mot de passe")
+        req.delete()
+        messages.success(request, "Le mot de passe a changé")
+        return redirect(reverse('index'))       
     return form({'userform': u_form}, 'users/user.html', request)