django.contrib.auth.forms: 175 total statements, 0.0% covered

Generated: Wed 2013-03-13 10:33 CET

Source file: /media/Envs/Envs/filer-gallery/lib/python2.7/site-packages/django/contrib/auth/forms.py

Stats: 0 executed, 162 missed, 13 excluded, 160 ignored

  1. from django import forms
  2. from django.forms.util import flatatt
  3. from django.template import loader
  4. from django.utils.encoding import smart_str
  5. from django.utils.http import int_to_base36
  6. from django.utils.safestring import mark_safe
  7. from django.utils.translation import ugettext, ugettext_lazy as _
  8. from django.contrib.auth import authenticate
  9. from django.contrib.auth.models import User
  10. from django.contrib.auth.hashers import UNUSABLE_PASSWORD, is_password_usable, get_hasher
  11. from django.contrib.auth.tokens import default_token_generator
  12. from django.contrib.sites.models import get_current_site
  13. UNMASKED_DIGITS_TO_SHOW = 6
  14. mask_password = lambda p: "%s%s" % (p[:UNMASKED_DIGITS_TO_SHOW], "*" * max(len(p) - UNMASKED_DIGITS_TO_SHOW, 0))
  15. class ReadOnlyPasswordHashWidget(forms.Widget):
  16. def render(self, name, value, attrs):
  17. encoded = value
  18. if not is_password_usable(encoded):
  19. return "None"
  20. final_attrs = self.build_attrs(attrs)
  21. encoded = smart_str(encoded)
  22. if len(encoded) == 32 and '$' not in encoded:
  23. algorithm = 'unsalted_md5'
  24. else:
  25. algorithm = encoded.split('$', 1)[0]
  26. try:
  27. hasher = get_hasher(algorithm)
  28. except ValueError:
  29. summary = "<strong>Invalid password format or unknown hashing algorithm.</strong>"
  30. else:
  31. summary = ""
  32. for key, value in hasher.safe_summary(encoded).iteritems():
  33. summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
  34. return mark_safe("<div%(attrs)s>%(summary)s</div>" % {"attrs": flatatt(final_attrs), "summary": summary})
  35. class ReadOnlyPasswordHashField(forms.Field):
  36. widget = ReadOnlyPasswordHashWidget
  37. def __init__(self, *args, **kwargs):
  38. kwargs.setdefault("required", False)
  39. super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
  40. class UserCreationForm(forms.ModelForm):
  41. """
  42. A form that creates a user, with no privileges, from the given username and
  43. password.
  44. """
  45. error_messages = {
  46. 'duplicate_username': _("A user with that username already exists."),
  47. 'password_mismatch': _("The two password fields didn't match."),
  48. }
  49. username = forms.RegexField(label=_("Username"), max_length=30,
  50. regex=r'^[\w.@+-]+$',
  51. help_text = _("Required. 30 characters or fewer. Letters, digits and "
  52. "@/./+/-/_ only."),
  53. error_messages = {
  54. 'invalid': _("This value may contain only letters, numbers and "
  55. "@/./+/-/_ characters.")})
  56. password1 = forms.CharField(label=_("Password"),
  57. widget=forms.PasswordInput)
  58. password2 = forms.CharField(label=_("Password confirmation"),
  59. widget=forms.PasswordInput,
  60. help_text = _("Enter the same password as above, for verification."))
  61. class Meta:
  62. model = User
  63. fields = ("username",)
  64. def clean_username(self):
  65. # Since User.username is unique, this check is redundant,
  66. # but it sets a nicer error message than the ORM. See #13147.
  67. username = self.cleaned_data["username"]
  68. try:
  69. User.objects.get(username=username)
  70. except User.DoesNotExist:
  71. return username
  72. raise forms.ValidationError(self.error_messages['duplicate_username'])
  73. def clean_password2(self):
  74. password1 = self.cleaned_data.get("password1", "")
  75. password2 = self.cleaned_data["password2"]
  76. if password1 != password2:
  77. raise forms.ValidationError(
  78. self.error_messages['password_mismatch'])
  79. return password2
  80. def save(self, commit=True):
  81. user = super(UserCreationForm, self).save(commit=False)
  82. user.set_password(self.cleaned_data["password1"])
  83. if commit:
  84. user.save()
  85. return user
  86. class UserChangeForm(forms.ModelForm):
  87. username = forms.RegexField(
  88. label=_("Username"), max_length=30, regex=r"^[\w.@+-]+$",
  89. help_text = _("Required. 30 characters or fewer. Letters, digits and "
  90. "@/./+/-/_ only."),
  91. error_messages = {
  92. 'invalid': _("This value may contain only letters, numbers and "
  93. "@/./+/-/_ characters.")})
  94. password = ReadOnlyPasswordHashField(label=_("Password"),
  95. help_text=_("Raw passwords are not stored, so there is no way to see "
  96. "this user's password, but you can change the password "
  97. "using <a href=\"password/\">this form</a>."))
  98. def clean_password(self):
  99. return self.initial["password"]
  100. class Meta:
  101. model = User
  102. def __init__(self, *args, **kwargs):
  103. super(UserChangeForm, self).__init__(*args, **kwargs)
  104. f = self.fields.get('user_permissions', None)
  105. if f is not None:
  106. f.queryset = f.queryset.select_related('content_type')
  107. class AuthenticationForm(forms.Form):
  108. """
  109. Base class for authenticating users. Extend this to get a form that accepts
  110. username/password logins.
  111. """
  112. username = forms.CharField(label=_("Username"), max_length=30)
  113. password = forms.CharField(label=_("Password"), widget=forms.PasswordInput)
  114. error_messages = {
  115. 'invalid_login': _("Please enter a correct username and password. "
  116. "Note that both fields are case-sensitive."),
  117. 'no_cookies': _("Your Web browser doesn't appear to have cookies "
  118. "enabled. Cookies are required for logging in."),
  119. 'inactive': _("This account is inactive."),
  120. }
  121. def __init__(self, request=None, *args, **kwargs):
  122. """
  123. If request is passed in, the form will validate that cookies are
  124. enabled. Note that the request (a HttpRequest object) must have set a
  125. cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before
  126. running this validation.
  127. """
  128. self.request = request
  129. self.user_cache = None
  130. super(AuthenticationForm, self).__init__(*args, **kwargs)
  131. def clean(self):
  132. username = self.cleaned_data.get('username')
  133. password = self.cleaned_data.get('password')
  134. if username and password:
  135. self.user_cache = authenticate(username=username,
  136. password=password)
  137. if self.user_cache is None:
  138. raise forms.ValidationError(
  139. self.error_messages['invalid_login'])
  140. elif not self.user_cache.is_active:
  141. raise forms.ValidationError(self.error_messages['inactive'])
  142. self.check_for_test_cookie()
  143. return self.cleaned_data
  144. def check_for_test_cookie(self):
  145. if self.request and not self.request.session.test_cookie_worked():
  146. raise forms.ValidationError(self.error_messages['no_cookies'])
  147. def get_user_id(self):
  148. if self.user_cache:
  149. return self.user_cache.id
  150. return None
  151. def get_user(self):
  152. return self.user_cache
  153. class PasswordResetForm(forms.Form):
  154. error_messages = {
  155. 'unknown': _("That e-mail address doesn't have an associated "
  156. "user account. Are you sure you've registered?"),
  157. 'unusable': _("The user account associated with this e-mail "
  158. "address cannot reset the password."),
  159. }
  160. email = forms.EmailField(label=_("E-mail"), max_length=75)
  161. def clean_email(self):
  162. """
  163. Validates that an active user exists with the given email address.
  164. """
  165. email = self.cleaned_data["email"]
  166. self.users_cache = User.objects.filter(email__iexact=email,
  167. is_active=True)
  168. if not len(self.users_cache):
  169. raise forms.ValidationError(self.error_messages['unknown'])
  170. if any((user.password == UNUSABLE_PASSWORD)
  171. for user in self.users_cache):
  172. raise forms.ValidationError(self.error_messages['unusable'])
  173. return email
  174. def save(self, domain_override=None,
  175. subject_template_name='registration/password_reset_subject.txt',
  176. email_template_name='registration/password_reset_email.html',
  177. use_https=False, token_generator=default_token_generator,
  178. from_email=None, request=None):
  179. """
  180. Generates a one-use only link for resetting password and sends to the
  181. user.
  182. """
  183. from django.core.mail import send_mail
  184. for user in self.users_cache:
  185. if not domain_override:
  186. current_site = get_current_site(request)
  187. site_name = current_site.name
  188. domain = current_site.domain
  189. else:
  190. site_name = domain = domain_override
  191. c = {
  192. 'email': user.email,
  193. 'domain': domain,
  194. 'site_name': site_name,
  195. 'uid': int_to_base36(user.id),
  196. 'user': user,
  197. 'token': token_generator.make_token(user),
  198. 'protocol': use_https and 'https' or 'http',
  199. }
  200. subject = loader.render_to_string(subject_template_name, c)
  201. # Email subject *must not* contain newlines
  202. subject = ''.join(subject.splitlines())
  203. email = loader.render_to_string(email_template_name, c)
  204. send_mail(subject, email, from_email, [user.email])
  205. class SetPasswordForm(forms.Form):
  206. """
  207. A form that lets a user change set his/her password without entering the
  208. old password
  209. """
  210. error_messages = {
  211. 'password_mismatch': _("The two password fields didn't match."),
  212. }
  213. new_password1 = forms.CharField(label=_("New password"),
  214. widget=forms.PasswordInput)
  215. new_password2 = forms.CharField(label=_("New password confirmation"),
  216. widget=forms.PasswordInput)
  217. def __init__(self, user, *args, **kwargs):
  218. self.user = user
  219. super(SetPasswordForm, self).__init__(*args, **kwargs)
  220. def clean_new_password2(self):
  221. password1 = self.cleaned_data.get('new_password1')
  222. password2 = self.cleaned_data.get('new_password2')
  223. if password1 and password2:
  224. if password1 != password2:
  225. raise forms.ValidationError(
  226. self.error_messages['password_mismatch'])
  227. return password2
  228. def save(self, commit=True):
  229. self.user.set_password(self.cleaned_data['new_password1'])
  230. if commit:
  231. self.user.save()
  232. return self.user
  233. class PasswordChangeForm(SetPasswordForm):
  234. """
  235. A form that lets a user change his/her password by entering
  236. their old password.
  237. """
  238. error_messages = dict(SetPasswordForm.error_messages, **{
  239. 'password_incorrect': _("Your old password was entered incorrectly. "
  240. "Please enter it again."),
  241. })
  242. old_password = forms.CharField(label=_("Old password"),
  243. widget=forms.PasswordInput)
  244. def clean_old_password(self):
  245. """
  246. Validates that the old_password field is correct.
  247. """
  248. old_password = self.cleaned_data["old_password"]
  249. if not self.user.check_password(old_password):
  250. raise forms.ValidationError(
  251. self.error_messages['password_incorrect'])
  252. return old_password
  253. PasswordChangeForm.base_fields.keyOrder = ['old_password', 'new_password1',
  254. 'new_password2']
  255. class AdminPasswordChangeForm(forms.Form):
  256. """
  257. A form used to change the password of a user in the admin interface.
  258. """
  259. error_messages = {
  260. 'password_mismatch': _("The two password fields didn't match."),
  261. }
  262. password1 = forms.CharField(label=_("Password"),
  263. widget=forms.PasswordInput)
  264. password2 = forms.CharField(label=_("Password (again)"),
  265. widget=forms.PasswordInput)
  266. def __init__(self, user, *args, **kwargs):
  267. self.user = user
  268. super(AdminPasswordChangeForm, self).__init__(*args, **kwargs)
  269. def clean_password2(self):
  270. password1 = self.cleaned_data.get('password1')
  271. password2 = self.cleaned_data.get('password2')
  272. if password1 and password2:
  273. if password1 != password2:
  274. raise forms.ValidationError(
  275. self.error_messages['password_mismatch'])
  276. return password2
  277. def save(self, commit=True):
  278. """
  279. Saves the new password.
  280. """
  281. self.user.set_password(self.cleaned_data["password1"])
  282. if commit:
  283. self.user.save()
  284. return self.user