Index: django/contrib/auth/forms.py =================================================================== --- django/contrib/auth/forms.py (revision 6996) +++ django/contrib/auth/forms.py (working copy) @@ -1,3 +1,6 @@ +from django import newforms as forms +import re +from django.newforms import ValidationError from django.contrib.auth.models import User from django.contrib.auth import authenticate from django.contrib.sites.models import Site @@ -2,141 +5,127 @@ from django.template import Context, loader -from django.core import validators -from django import oldforms from django.utils.translation import ugettext as _ -class UserCreationForm(oldforms.Manipulator): - "A form that creates a user, with no privileges, from the given username and password." - def __init__(self): - self.fields = ( - oldforms.TextField(field_name='username', length=30, max_length=30, is_required=True, - validator_list=[validators.isAlphaNumeric, self.isValidUsername]), - oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True), - oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]), - ) +class UserCreationForm(forms.Form): + """A form that creates a user, with no privileges, from the given username and password.""" + username = forms.CharField(max_length = 30, required = True) + password1 = forms.CharField(max_length = 30, required = True, widget = forms.PasswordInput) + password2 = forms.CharField(max_length = 30, required = True, widget = forms.PasswordInput) - def isValidUsername(self, field_data, all_data): + def clean_username (self): + alnum_re = re.compile(r'^\w+$') + if not alnum_re.search(self.cleaned_data['username']): + raise ValidationError("This value must contain only letters, numbers and underscores.") + self.isValidUsername() + return self.cleaned_data['username'] + + def clean (self): + if self.cleaned_data['password1'] != self.cleaned_data['password2']: + raise ValidationError(_("The two password fields didn't match.")) + return super(forms.Form, self).clean() + + def isValidUsername(self): try: - User.objects.get(username=field_data) + User.objects.get(username=self.cleaned_data['username']) except User.DoesNotExist: return - raise validators.ValidationError, _('A user with that username already exists.') + raise ValidationError(_('A user with that username already exists.')) - def save(self, new_data): - "Creates the user." - return User.objects.create_user(new_data['username'], '', new_data['password1']) - -class AuthenticationForm(oldforms.Manipulator): +class AuthenticationForm(forms.Form): """ Base class for authenticating users. Extend this to get a form that accepts username/password logins. """ - def __init__(self, request=None): - """ - If request is passed in, the manipulator will validate that cookies are - enabled. Note that the request (a HttpRequest object) must have set a - cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before - running this validator. - """ + username = forms.CharField(required = True, max_length = 30) + password = forms.CharField(required = True, max_length = 30, widget = forms.PasswordInput) + def set_request (self, request): self.request = request - self.fields = [ - oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True, - validator_list=[self.isValidUser, self.hasCookiesEnabled]), - oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True), - ] - self.user_cache = None + + + def clean (self): + user = authenticate(username=self.cleaned_data['username'], password=self.cleaned_data['password']) + if self.request and not self.request.session.test_cookie_worked(): + raise ValidationError(_("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.")) + if user is None: + raise ValidationError(_("Please enter a correct username and password. Note that both fields are case-sensitive.")) + elif not user.is_active: + raise ValidationError(_("This account is inactive.")) + else: + self.user = user + return super(forms.Form, self).clean() - def hasCookiesEnabled(self, field_data, all_data): - if self.request and not self.request.session.test_cookie_worked(): - raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.") +class PasswordResetForm(forms.Form): + """A form that lets a user request a password reset""" + email = forms.EmailField(required = True) - def isValidUser(self, field_data, all_data): - username = field_data - password = all_data.get('password', None) - self.user_cache = authenticate(username=username, password=password) - if self.user_cache is None: - raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.") - elif not self.user_cache.is_active: - raise validators.ValidationError, _("This account is inactive.") + def clean_email (self): + try: + self.user = User.objects.get(email__iexact=self.cleaned_data['email']) + except User.DoesNotExist: + print '***' + raise ValidationError(_("That e-mail address doesn't have an associated user account. Are you sure you've registered?")) + return self.cleaned_data['email'] - def get_user_id(self): - if self.user_cache: - return self.user_cache.id - return None - - def get_user(self): - return self.user_cache - -class PasswordResetForm(oldforms.Manipulator): - "A form that lets a user request a password reset" - def __init__(self): - self.fields = ( - oldforms.EmailField(field_name="email", length=40, is_required=True, - validator_list=[self.isValidUserEmail]), - ) - - def isValidUserEmail(self, new_data, all_data): - "Validates that a user exists with the given e-mail address" - self.users_cache = list(User.objects.filter(email__iexact=new_data)) - if len(self.users_cache) == 0: - raise validators.ValidationError, _("That e-mail address doesn't have an associated user account. Are you sure you've registered?") - def save(self, domain_override=None, email_template_name='registration/password_reset_email.html'): "Calculates a new password randomly and sends it to the user" from django.core.mail import send_mail - for user in self.users_cache: - new_pass = User.objects.make_random_password() - user.set_password(new_pass) - user.save() - if not domain_override: - current_site = Site.objects.get_current() - site_name = current_site.name - domain = current_site.domain - else: - site_name = domain = domain_override - t = loader.get_template(email_template_name) - c = { - 'new_password': new_pass, - 'email': user.email, - 'domain': domain, - 'site_name': site_name, - 'user': user, - } - send_mail(_('Password reset on %s') % site_name, t.render(Context(c)), None, [user.email]) + user = self.user + new_pass = User.objects.make_random_password() + user.set_password(new_pass) + user.save() + if not domain_override: + current_site = Site.objects.get_current() + site_name = current_site.name + domain = current_site.domain + else: + site_name = domain = domain_override + t = loader.get_template(email_template_name) + c = { + 'new_password': new_pass, + 'email': user.email, + 'domain': domain, + 'site_name': site_name, + 'user': user, + } + send_mail(_('Password reset on %s') % site_name, t.render(Context(c)), None, [user.email]) -class PasswordChangeForm(oldforms.Manipulator): - "A form that lets a user change his password." - def __init__(self, user): +class PasswordChangeForm(forms.Form): + """A form that lets a user change his password.""" + old_password = forms.CharField(widget=forms.PasswordInput, required = True, max_length = 30) + new_password1 = forms.CharField(widget=forms.PasswordInput, required = True, max_length = 30) + new_password2 = forms.CharField(widget=forms.PasswordInput, required = True, max_length = 30) + + def set_user (self, user): self.user = user - self.fields = ( - oldforms.PasswordField(field_name="old_password", length=30, max_length=30, is_required=True, - validator_list=[self.isValidOldPassword]), - oldforms.PasswordField(field_name="new_password1", length=30, max_length=30, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('new_password2', _("The two 'new password' fields didn't match."))]), - oldforms.PasswordField(field_name="new_password2", length=30, max_length=30, is_required=True), - ) - def isValidOldPassword(self, new_data, all_data): - "Validates that the old_password field is correct." - if not self.user.check_password(new_data): - raise validators.ValidationError, _("Your old password was entered incorrectly. Please enter it again.") + def clean_old_password (self): + if not self.user.check_password(self.cleaned_data['old_password']): + raise ValidationError(_("Your old password was entered incorrectly. Please enter it again.")) + return self.cleaned_data['old_password'] - def save(self, new_data): + def clean (self): + if self.cleaned_data['new_password1'] != self.cleaned_data['new_password2']: + raise ValidationError(_("The two new password fields didn't match.")) + return super(forms.Form, self).clean() + + def save (self, new_password): "Saves the new password." - self.user.set_password(new_data['new_password1']) + self.user.set_password(new_password) self.user.save() -class AdminPasswordChangeForm(oldforms.Manipulator): - "A form used to change the password of a user in the admin interface." - def __init__(self, user): +class AdminPasswordChangeForm(forms.Form): + """A form used to change the password of a user in the admin interface.""" + password1 = forms.CharField(widget = forms.PasswordInput, max_length = 30, required = True) + password2 = forms.CharField(widget = forms.PasswordInput, max_length = 30, required = True) + + def set_user (self, user): self.user = user - self.fields = ( - oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True), - oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True, - validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]), - ) + + def clean (self): + if self.cleaned_data['password1'] != self.cleaned_data['password2']: + raise ValidationError(_("The two password fields didn't match.")) + return super(forms.Form, self).clean() - def save(self, new_data): - "Saves the new password." - self.user.set_password(new_data['password1']) - self.user.save() + def save(self): + self.user.set_password(self.cleaned_data['password1']) + self.user.save() + \ No newline at end of file Index: django/contrib/auth/views.py =================================================================== --- django/contrib/auth/views.py (revision 6996) +++ django/contrib/auth/views.py (working copy) @@ -1,43 +1,52 @@ -from django.contrib.auth.forms import AuthenticationForm -from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm, AdminPasswordChangeForm -from django.core.exceptions import PermissionDenied -from django import oldforms +import forms from django.shortcuts import render_to_response, get_object_or_404 +from django.http import HttpResponse, HttpResponseRedirect +from django.contrib.auth.models import User +from django.contrib.auth import REDIRECT_FIELD_NAME from django.template import RequestContext from django.contrib.sites.models import Site, RequestSite -from django.http import HttpResponseRedirect -from django.contrib.auth.decorators import login_required -from django.contrib.auth import REDIRECT_FIELD_NAME -from django.utils.html import escape from django.utils.translation import ugettext as _ -from django.contrib.auth.models import User +from django.contrib.auth.decorators import login_required +from django.core.exceptions import PermissionDenied + +def user_creation (request, template_name='registration/create_user.html'): + if request.method == 'POST': + user_creation_form = forms.UserCreationForm(request.POST) + if user_creation_form.is_valid(): + username = user_creation_form.cleaned_data['username'] + password = user_creation_form.cleaned_data['password1'] + User.objects.create_user(username, '', password) + return HttpResponseRedirect('.') + elif request.method == 'GET': + user_creation_form = forms.UserCreationForm() + return render_to_response(template_name, {'form':user_creation_form}, context_instance=RequestContext(request)) + def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME): - "Displays the login form and handles the login action." - manipulator = AuthenticationForm(request) + """Displays the login form and handles the login action.""" redirect_to = request.REQUEST.get(redirect_field_name, '') - if request.POST: - errors = manipulator.get_validation_errors(request.POST) - if not errors: + if Site._meta.installed: + current_site = Site.objects.get_current() + else: + current_site = RequestSite(request) + if request.method == 'POST': + login_form = forms.AuthenticationForm(request.POST) + login_form.set_request(request) + if login_form.is_valid(): # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: from django.conf import settings redirect_to = settings.LOGIN_REDIRECT_URL from django.contrib.auth import login - login(request, manipulator.get_user()) + user = login_form.user + login(request, user) request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) - else: - errors = {} + elif request.method == 'GET': + login_form = forms.AuthenticationForm() request.session.set_test_cookie() - - if Site._meta.installed: - current_site = Site.objects.get_current() - else: - current_site = RequestSite(request) - return render_to_response(template_name, { - 'form': oldforms.FormWrapper(manipulator, request.POST, errors), + 'form': login_form, redirect_field_name: redirect_to, 'site_name': current_site.name, }, context_instance=RequestContext(request)) @@ -68,65 +77,47 @@ def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html', email_template_name='registration/password_reset_email.html'): - new_data, errors = {}, {} - form = PasswordResetForm() - if request.POST: - new_data = request.POST.copy() - errors = form.get_validation_errors(new_data) - if not errors: + if request.method == 'POST': + form = forms.PasswordResetForm(request.POST) + if form.is_valid(): if is_admin_site: form.save(domain_override=request.META['HTTP_HOST']) else: form.save(email_template_name=email_template_name) - return HttpResponseRedirect('%sdone/' % request.path) - return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, - context_instance=RequestContext(request)) + return HttpResponseRedirect('%sdone/' % request.path) + elif request.method == 'GET': + form = forms.PasswordResetForm() + print template_name + return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) -def password_reset_done(request, template_name='registration/password_reset_done.html'): - return render_to_response(template_name, context_instance=RequestContext(request)) +def index(request): + return render_to_response('registration/password_reset_form.html', {}, context_instance=RequestContext(request)) def password_change(request, template_name='registration/password_change_form.html'): - new_data, errors = {}, {} - form = PasswordChangeForm(request.user) - if request.POST: - new_data = request.POST.copy() - errors = form.get_validation_errors(new_data) - if not errors: - form.save(new_data) - return HttpResponseRedirect('%sdone/' % request.path) - return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)}, + if request.method == 'POST': + form = forms.PasswordChangeForm(request.POST) + form.set_user(request.user) + if form.is_valid(): + form.save(form.cleaned_data['new_password1']) + return HttpResponseRedirect('%sdone/' % request.path) + if request.method == 'GET': + form = forms.PasswordChangeForm() + return render_to_response(template_name, {'form': form}, context_instance=RequestContext(request)) password_change = login_required(password_change) -def password_change_done(request, template_name='registration/password_change_done.html'): - return render_to_response(template_name, context_instance=RequestContext(request)) - def user_change_password(request, id): if not request.user.has_perm('auth.change_user'): - raise PermissionDenied + raise PermissionDenied user = get_object_or_404(User, pk=id) - manipulator = AdminPasswordChangeForm(user) if request.method == 'POST': - new_data = request.POST.copy() - errors = manipulator.get_validation_errors(new_data) - if not errors: - new_user = manipulator.save(new_data) + form = forms.AdminPasswordChangeForm(request.POST) + form.set_user(user) + if form.is_valid(): + new_user = form.save() msg = _('Password changed successfully.') request.user.message_set.create(message=msg) return HttpResponseRedirect('..') - else: - errors = new_data = {} - form = oldforms.FormWrapper(manipulator, new_data, errors) - return render_to_response('admin/auth/user/change_password.html', { - 'title': _('Change password: %s') % escape(user.username), - 'form': form, - 'is_popup': '_popup' in request.REQUEST, - 'add': True, - 'change': False, - 'has_delete_permission': False, - 'has_change_permission': True, - 'has_absolute_url': False, - 'opts': User._meta, - 'original': user, - 'show_save': True, - }, context_instance=RequestContext(request)) + elif request.method == 'GET': + form = forms.AdminPasswordChangeForm() + return render_to_response('admin/auth/user/change_password.html', {'title': _('Change password: %s') % user.username, 'form': form, 'is_popup': '_popup' in request.REQUEST, 'add': True, 'change': False, 'has_delete_permission': False, 'has_change_permission': True, 'has_absolute_url': False, 'opts': User._meta, 'original': user, 'show_save': True, }, context_instance=RequestContext(request)) \ No newline at end of file