Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2025-07-22 13:39:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

Ability to switch off new password confirmation on password change endpoint

Browse Source
This commit is contained in:
eugena 2015-09-29 13:00:23 +05:00
parent d25df33a79
commit b56f909002
3 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/configuration.rst
View File

@ -34,3 +34,6 @@ Configuration
- **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False) - **OLD_PASSWORD_FIELD_ENABLED** - set it to True if you want to have old password verification on password change enpoint (default: False)
- **NEW_PASSWORD_2_FIELD_ENABLED** - set it to False if you don't need new password confirmation (default: True)

11
rest_auth/serializers.py
View File

@ -182,11 +182,18 @@ class PasswordChangeSerializer(serializers.Serializer):
self.old_password_field_enabled = getattr( self.old_password_field_enabled = getattr(
settings, 'OLD_PASSWORD_FIELD_ENABLED', False settings, 'OLD_PASSWORD_FIELD_ENABLED', False
) )
self.new_password_2_field_enabled = getattr(
settings, 'NEW_PASSWORD_2_FIELD_ENABLED', True
)
super(PasswordChangeSerializer, self).__init__(*args, **kwargs) super(PasswordChangeSerializer, self).__init__(*args, **kwargs)
if not self.old_password_field_enabled: if not self.old_password_field_enabled:
self.fields.pop('old_password') self.fields.pop('old_password')
if not self.new_password_2_field_enabled:
self.fields.pop('new_password2')
self.request = self.context.get('request') self.request = self.context.get('request')
self.user = getattr(self.request, 'user', None) self.user = getattr(self.request, 'user', None)
@ -202,6 +209,10 @@ class PasswordChangeSerializer(serializers.Serializer):
return value return value
def validate(self, attrs): def validate(self, attrs):
if not self.new_password_2_field_enabled:
attrs['new_password2'] = attrs['new_password1']
self.set_password_form = self.set_password_form_class( self.set_password_form = self.set_password_form_class(
user=self.user, data=attrs user=self.user, data=attrs
) )

38
rest_auth/tests.py
View File

@ -282,6 +282,44 @@ class APITestCase1(TestCase, BaseAPITestCase):
login_payload['password'] = new_password_payload['new_password1'] login_payload['password'] = new_password_payload['new_password1']
self.post(self.login_url, data=login_payload, status_code=200) self.post(self.login_url, data=login_payload, status_code=200)
@override_settings(OLD_PASSWORD_FIELD_ENABLED=True, NEW_PASSWORD_2_FIELD_ENABLED=False)
def test_password_change_without_confirmation(self):
login_payload = {
"username": self.USERNAME,
"password": self.PASS
}
get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=login_payload, status_code=200)
self.token = self.response.json['key']
new_password_payload = {
"old_password": "%s!" % self.PASS, # wrong password
"new_password1": "new_person",
}
self.post(
self.password_change_url,
data=new_password_payload,
status_code=400
)
new_password_payload = {
"old_password": self.PASS,
"new_password1": "new_person",
}
self.post(
self.password_change_url,
data=new_password_payload,
status_code=200
)
# user should not be able to login using old password
self.post(self.login_url, data=login_payload, status_code=400)
# new password should work
login_payload['password'] = new_password_payload['new_password1']
self.post(self.login_url, data=login_payload, status_code=200)
def test_password_reset(self): def test_password_reset(self):
user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS) user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)