Index: django/contrib/comments/views/comments.py =================================================================== --- django/contrib/comments/views/comments.py (revision 6914) +++ django/contrib/comments/views/comments.py (working copy) @@ -7,7 +7,6 @@ from django.template import RequestContext from django.contrib.comments.models import Comment, FreeComment, RATINGS_REQUIRED, RATINGS_OPTIONAL, IS_PUBLIC from django.contrib.contenttypes.models import ContentType -from django.contrib.auth.forms import AuthenticationForm from django.http import HttpResponseRedirect from django.utils.text import normalize_newlines from django.conf import settings @@ -17,6 +16,47 @@ COMMENTS_PER_PAGE = 20 + +class AuthenticationForm(oldforms.Manipulator): + """ + Oldforms-based Base class for authenticating users, extended by contrib.comments + """ + def __init__(self, request=None): + """ + If request is passed in, the manipulator will validate that cookies are + enabled. Note that the request (a HttpRequest object) must have set a + cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before + running this validator. + """ + self.request = request + self.fields = [ + oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True, + validator_list=[self.isValidUser, self.hasCookiesEnabled]), + oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True), + ] + self.user_cache = None + + def hasCookiesEnabled(self, field_data, all_data): + if self.request and not self.request.session.test_cookie_worked(): + raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.") + + def isValidUser(self, field_data, all_data): + username = field_data + password = all_data.get('password', None) + self.user_cache = authenticate(username=username, password=password) + if self.user_cache is None: + raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.") + elif not self.user_cache.is_active: + raise validators.ValidationError, _("This account is inactive.") + + def get_user_id(self): + if self.user_cache: + return self.user_cache.id + return None + + def get_user(self): + return self.user_cache + class PublicCommentManipulator(AuthenticationForm): "Manipulator that handles public registered comments" def __init__(self, user, ratings_required, ratings_range, num_rating_choices): Index: django/contrib/admin/views/auth.py =================================================================== --- django/contrib/admin/views/auth.py (revision 6914) +++ django/contrib/admin/views/auth.py (working copy) @@ -11,12 +11,10 @@ def user_add_stage(request): if not request.user.has_perm('auth.change_user'): raise PermissionDenied - manipulator = UserCreationForm() if request.method == 'POST': - new_data = request.POST.copy() - errors = manipulator.get_validation_errors(new_data) - if not errors: - new_user = manipulator.save(new_data) + form = UserCreationForm(request.POST) + if form.is_valid(): + new_user = form.save() msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user} if "_addanother" in request.POST: request.user.message_set.create(message=msg) @@ -25,8 +23,7 @@ request.user.message_set.create(message=msg + ' ' + _("You may edit it again below.")) return HttpResponseRedirect('../%s/' % new_user.id) else: - errors = new_data = {} - form = oldforms.FormWrapper(manipulator, new_data, errors) + form = UserCreationForm() return render_to_response('admin/auth/user/add_form.html', { 'title': _('Add user'), 'form': form, @@ -49,18 +46,15 @@ if not request.user.has_perm('auth.change_user'): raise PermissionDenied user = get_object_or_404(User, pk=id) - manipulator = AdminPasswordChangeForm(user) if request.method == 'POST': - new_data = request.POST.copy() - errors = manipulator.get_validation_errors(new_data) - if not errors: - new_user = manipulator.save(new_data) + form = AdminPasswordChangeForm(request_post=request.POST, user=user) + if form.is_valid(): + new_user = form.save() msg = _('Password changed successfully.') request.user.message_set.create(message=msg) return HttpResponseRedirect('..') else: - errors = new_data = {} - form = oldforms.FormWrapper(manipulator, new_data, errors) + form = AdminPasswordChangeForm(user=user) return render_to_response('admin/auth/user/change_password.html', { 'title': _('Change password: %s') % escape(user.username), 'form': form, Index: django/contrib/auth/views.py =================================================================== --- django/contrib/auth/views.py (revision 6914) +++ django/contrib/auth/views.py (working copy) @@ -1,6 +1,5 @@ from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm -from django import oldforms from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib.sites.models import Site, RequestSite @@ -11,21 +10,20 @@ def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME): "Displays the login form and handles the login action." - manipulator = AuthenticationForm(request) redirect_to = request.REQUEST.get(redirect_field_name, '') - if request.POST: - errors = manipulator.get_validation_errors(request.POST) - if not errors: + if request.method == 'POST': + form = AuthenticationForm(request.POST) + if form.is_valid(): # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: from django.conf import settings redirect_to = settings.LOGIN_REDIRECT_URL from django.contrib.auth import login - login(request, manipulator.get_user()) + login(request, form.get_user()) request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: - errors = {} + form = AuthenticationForm(request=request) request.session.set_test_cookie() if Site._meta.installed: @@ -34,7 +32,7 @@ current_site = RequestSite(request) return render_to_response(template_name, { - 'form': oldforms.FormWrapper(manipulator, request.POST, errors), + 'form': form, redirect_field_name: redirect_to, 'site_name': current_site.name, }, context_instance=RequestContext(request)) @@ -65,18 +63,17 @@ def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html', email_template_name='registration/password_reset_email.html'): - new_data, errors = {}, {} - form = PasswordResetForm() if request.POST: - new_data = request.POST.copy() - errors = form.get_validation_errors(new_data) - if not errors: + form = PasswordResetForm(request.POST) + if form.is_valid(): if is_admin_site: form.save(domain_override=request.META['HTTP_HOST']) else: form.save(email_template_name=email_template_name) return HttpResponseRedirect('%sdone/' % request.path) - return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, + else: + form = PasswordResetForm() + return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) def password_reset_done(request, template_name='registration/password_reset_done.html'): @@ -84,14 +81,14 @@ def password_change(request, template_name='registration/password_change_form.html'): new_data, errors = {}, {} - form = PasswordChangeForm(request.user) - if request.POST: - new_data = request.POST.copy() - errors = form.get_validation_errors(new_data) - if not errors: - form.save(new_data) + if request.method == 'POST': + form = PasswordChangeForm(request.POST, request.user) + if form.is_valid(): + form.save() return HttpResponseRedirect('%sdone/' % request.path) - return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, + else: + form = PasswordChangeForm(user=request.user) + return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) password_change = login_required(password_change) Index: django/contrib/auth/forms.py =================================================================== --- django/contrib/auth/forms.py (revision 6914) +++ django/contrib/auth/forms.py (working copy) @@ -2,38 +2,48 @@ from django.contrib.auth import authenticate from django.contrib.sites.models import Site from django.template import Context, loader -from django.core import validators -from django import oldforms +from django import newforms as forms from django.utils.translation import ugettext as _ +import re -class UserCreationForm(oldforms.Manipulator): +class UserCreationForm(forms.Form): "A form that creates a user, with no privileges, from the given username and password." - def __init__(self): - self.fields = ( - oldforms.TextField(field_name='username', length=30, max_length=30, is_required=True, - validator_list=[validators.isAlphaNumeric, self.isValidUsername]), - oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True), - oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]), - ) + username=forms.CharField(label=_("username"), max_length=30, required=True) + password1 = forms.CharField(label=_("password"), max_length=30, required=True, widget=forms.PasswordInput) + password2 = forms.CharField(label=_("password (again)"), max_length=30, required=True, widget=forms.PasswordInput) - def isValidUsername(self, field_data, all_data): + #Following regex and error is borrowed from django.core.validators for backwards compatability for now (including i18n), but in anticipation of them being passed as parameters (or overridden). + username_re = re.compile(r'^\w+$') + username_re_validation_text = "This value must contain only letters, numbers and underscores." + + def clean_password2(self): + if self._errors: return + if not self.cleaned_data['password1'] == self.cleaned_data['password2']: + raise forms.ValidationError, _("The two 'password' fields didn't match.") + return self.cleaned_data['password2'] + + def clean_username(self): + if not self.username_re.search(self.cleaned_data['username']): + raise forms.ValidationError, _(self.username_re_validation_text) try: - User.objects.get(username=field_data) + user = User.objects.get(username__exact=self.cleaned_data['username']) except User.DoesNotExist: - return - raise validators.ValidationError, _('A user with that username already exists.') - - def save(self, new_data): + return self.cleaned_data['username'] + raise forms.ValidationError, _('A user with that username already exists.') + + def save(self): "Creates the user." - return User.objects.create_user(new_data['username'], '', new_data['password1']) + return User.objects.create_user(self.cleaned_data['username'], '', self.cleaned_data['password1']) -class AuthenticationForm(oldforms.Manipulator): +class AuthenticationForm(forms.Form): """ Base class for authenticating users. Extend this to get a form that accepts username/password logins. """ - def __init__(self, request=None): + username = forms.CharField(label=_("username"), max_length=30, required=True) + password = forms.CharField(label=_("password"), max_length=30, required=True, widget=forms.PasswordInput) + + def __init__(self, request_post=None, request=None): """ If request is passed in, the manipulator will validate that cookies are enabled. Note that the request (a HttpRequest object) must have set a @@ -41,25 +51,24 @@ running this validator. """ self.request = request - self.fields = [ - oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True, - validator_list=[self.isValidUser, self.hasCookiesEnabled]), - oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True), - ] self.user_cache = None + super(AuthenticationForm, self).__init__(request_post) - def hasCookiesEnabled(self, field_data, all_data): + def clean(self): + """ + Test that cookies are enabled and that self.username is a valid user with the right password. + """ + if self._errors: return if self.request and not self.request.session.test_cookie_worked(): raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.") - - def isValidUser(self, field_data, all_data): - username = field_data - password = all_data.get('password', None) + username = self.cleaned_data['username'] + password = self.cleaned_data['password'] self.user_cache = authenticate(username=username, password=password) if self.user_cache is None: - raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.") + raise forms.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.") elif not self.user_cache.is_active: - raise validators.ValidationError, _("This account is inactive.") + raise forms.ValidationError, _("This account is inactive.") + return self.cleaned_data def get_user_id(self): if self.user_cache: @@ -69,19 +78,16 @@ def get_user(self): return self.user_cache -class PasswordResetForm(oldforms.Manipulator): +class PasswordResetForm(forms.Form): "A form that lets a user request a password reset" - def __init__(self): - self.fields = ( - oldforms.EmailField(field_name="email", length=40, is_required=True, - validator_list=[self.isValidUserEmail]), - ) - - def isValidUserEmail(self, new_data, all_data): + email = forms.EmailField(label=_("email"), max_length=40, required=True) + + def clean_email(self): "Validates that a user exists with the given e-mail address" - self.users_cache = list(User.objects.filter(email__iexact=new_data)) + self.users_cache = list(User.objects.filter(email__iexact=self.cleaned_data['email'])) if len(self.users_cache) == 0: - raise validators.ValidationError, _("That e-mail address doesn't have an associated user account. Are you sure you've registered?") + raise forms.ValidationError, _("That e-mail address doesn't have an associated user account. Are you sure you've registered?") + return self.cleaned_data['email'] def save(self, domain_override=None, email_template_name='registration/password_reset_email.html'): "Calculates a new password randomly and sends it to the user" @@ -106,39 +112,49 @@ } send_mail(_('Password reset on %s') % site_name, t.render(Context(c)), None, [user.email]) -class PasswordChangeForm(oldforms.Manipulator): - "A form that lets a user change his password." - def __init__(self, user): +class PasswordChangeForm(forms.Form): + "A form that lets a user change his or her password." + old_password = forms.CharField(label=_("old password"), max_length=30, required=True, widget=forms.PasswordInput) + new_password1 = forms.CharField(label=_("new password"), max_length=30, required=True, widget=forms.PasswordInput) + new_password2 = forms.CharField(label=_("new password again"), max_length=30, required=True, widget=forms.PasswordInput) + + def __init__(self, request_post=None, user=None): self.user = user - self.fields = ( - oldforms.PasswordField(field_name="old_password", length=30, max_length=30, is_required=True, - validator_list=[self.isValidOldPassword]), - oldforms.PasswordField(field_name="new_password1", length=30, max_length=30, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('new_password2', _("The two 'new password' fields didn't match."))]), - oldforms.PasswordField(field_name="new_password2", length=30, max_length=30, is_required=True), - ) + super(PasswordChangeForm,self).__init__(request_post) + + def clean_new_password2(self): + if self._errors: return + if not self.cleaned_data['new_password1'] == self.cleaned_data['new_password2']: + raise forms.ValidationError, _("The two 'new password' fields didn't match.") + return self.cleaned_data['new_password2'] - def isValidOldPassword(self, new_data, all_data): + def clean_old_password(self): "Validates that the old_password field is correct." - if not self.user.check_password(new_data): - raise validators.ValidationError, _("Your old password was entered incorrectly. Please enter it again.") + if not self.user.check_password(self.cleaned_data['old_password']): + raise forms.ValidationError, _("Your old password was entered incorrectly. Please enter it again.") + return self.cleaned_data['old_password'] - def save(self, new_data): + def save(self): "Saves the new password." - self.user.set_password(new_data['new_password1']) + self.user.set_password(self.cleaned_data['new_password1']) self.user.save() -class AdminPasswordChangeForm(oldforms.Manipulator): - "A form used to change the password of a user in the admin interface." - def __init__(self, user): +class AdminPasswordChangeForm(forms.Form): + "A form used to change the password of a user in the admin interface - it is not necessary to know the old password." + new_password1 = forms.CharField(label=_("new password"), max_length=30, required=True, widget=forms.PasswordInput) + new_password2 = forms.CharField(label=_("new password again"), max_length=30, required=True, widget=forms.PasswordInput) + + def __init__(self, request_post=None, user=None): self.user = user - self.fields = ( - oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True), - oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]), - ) + super(AdminPasswordChangeForm,self).__init__(request_post) - def save(self, new_data): + def clean_new_password2(self): + if self._errors: return + if not self.cleaned_data['new_password1'] == self.cleaned_data['new_password2']: + raise forms.ValidationError, _("The two 'new password' fields didn't match.") + return self.cleaned_data['new_password2'] + + def save(self): "Saves the new password." - self.user.set_password(new_data['password1']) + self.user.set_password(self.cleaned_data['new_password1']) self.user.save() Index: AUTHORS =================================================================== --- AUTHORS (revision 6914) +++ AUTHORS (working copy) @@ -325,6 +325,7 @@ tstromberg@google.com Makoto Tsuyuki tt@gurgle.no + Greg Turner Amit Upadhyay Geert Vanderkelen viestards.lists@gmail.com