mirror of
https://github.com/Tivix/django-rest-auth.git
synced 2024-11-25 18:43:44 +03:00
add old_password field in PasswordChangeSerializer, disabled by default
This commit is contained in:
parent
0fc4d56dae
commit
e8a7b0bdf4
|
@ -37,5 +37,3 @@ PasswordChangeSerializer = import_callable(
|
|||
serializers.get('PASSWORD_CHANGE_SERIALIZER',
|
||||
DefaultPasswordChangeSerializer)
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -121,14 +121,31 @@ class PasswordResetConfirmSerializer(serializers.Serializer):
|
|||
|
||||
class PasswordChangeSerializer(serializers.Serializer):
|
||||
|
||||
old_password = serializers.CharField(max_length=128)
|
||||
new_password1 = serializers.CharField(max_length=128)
|
||||
new_password2 = serializers.CharField(max_length=128)
|
||||
|
||||
set_password_form_class = SetPasswordForm
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
self.old_password_field_enabled = getattr(settings,
|
||||
'OLD_PASSWORD_FIELD_ENABLED', False)
|
||||
super(PasswordChangeSerializer, self).__init__(*args, **kwargs)
|
||||
|
||||
if not self.old_password_field_enabled:
|
||||
self.fields.pop('old_password')
|
||||
|
||||
self.request = self.context.get('request')
|
||||
self.user = self.request.user
|
||||
|
||||
def validate_old_password(self, attrs, source):
|
||||
if self.old_password_field_enabled and \
|
||||
not self.user.check_password(attrs.get(source, '')):
|
||||
raise serializers.ValidationError('Invalid password')
|
||||
return attrs
|
||||
|
||||
def validate(self, attrs):
|
||||
request = self.context.get('request')
|
||||
self.set_password_form = self.set_password_form_class(user=request.user,
|
||||
self.set_password_form = self.set_password_form_class(user=self.user,
|
||||
data=attrs)
|
||||
|
||||
if not self.set_password_form.is_valid():
|
||||
|
|
|
@ -248,6 +248,40 @@ class APITestCase1(TestCase, BaseAPITestCase):
|
|||
# send empty payload
|
||||
self.post(self.password_change_url, data={}, status_code=400)
|
||||
|
||||
@override_settings(OLD_PASSWORD_FIELD_ENABLED=True)
|
||||
def test_password_change_with_old_password(self):
|
||||
login_payload = {
|
||||
"username": self.USERNAME,
|
||||
"password": self.PASS
|
||||
}
|
||||
User.objects.create_user(self.USERNAME, '', self.PASS)
|
||||
self.post(self.login_url, data=login_payload, status_code=200)
|
||||
self.token = self.response.json['key']
|
||||
|
||||
new_password_payload = {
|
||||
"old_password": "%s!" % self.PASS, # wrong password
|
||||
"new_password1": "new_person",
|
||||
"new_password2": "new_person"
|
||||
}
|
||||
self.post(self.password_change_url, data=new_password_payload,
|
||||
status_code=400)
|
||||
|
||||
new_password_payload = {
|
||||
"old_password": self.PASS,
|
||||
"new_password1": "new_person",
|
||||
"new_password2": "new_person"
|
||||
}
|
||||
self.post(self.password_change_url, data=new_password_payload,
|
||||
status_code=200)
|
||||
|
||||
# user should not be able to login using old password
|
||||
self.post(self.login_url, data=login_payload, status_code=400)
|
||||
|
||||
# new password should work
|
||||
login_payload['password'] = new_password_payload['new_password1']
|
||||
self.post(self.login_url, data=login_payload, status_code=200)
|
||||
|
||||
|
||||
def test_password_reset(self):
|
||||
user = User.objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user