Ticket #6083: auth-uses-newforms-2.diff

django/contrib/comments/views/comments.py

@@ -7 +7 @@
 from django.template import RequestContext
 from django.contrib.comments.models import Comment, FreeComment, RATINGS_REQUIRED, RATINGS_OPTIONAL, IS_PUBLIC
 from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.forms import AuthenticationForm
 from django.http import HttpResponseRedirect
 from django.utils.text import normalize_newlines
 from django.conf import settings
@@ -17 +16 @@
 
 COMMENTS_PER_PAGE = 20
 
+
+class AuthenticationForm(oldforms.Manipulator):
+    """
+    Oldforms-based Base class for authenticating users, extended by contrib.comments
+    """
+    def __init__(self, request=None):
+        """
+        If request is passed in, the manipulator will validate that cookies are
+        enabled. Note that the request (a HttpRequest object) must have set a
+        cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before
+        running this validator.
+        """
+        self.request = request
+        self.fields = [
+            oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True,
+                validator_list=[self.isValidUser, self.hasCookiesEnabled]),
+            oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True),
+        ]
+        self.user_cache = None
+
+    def hasCookiesEnabled(self, field_data, all_data):
+        if self.request and not self.request.session.test_cookie_worked():
+            raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.")
+
+    def isValidUser(self, field_data, all_data):
+        username = field_data
+        password = all_data.get('password', None)
+        self.user_cache = authenticate(username=username, password=password)
+        if self.user_cache is None:
+            raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
+        elif not self.user_cache.is_active:
+            raise validators.ValidationError, _("This account is inactive.")
+
+    def get_user_id(self):
+        if self.user_cache:
+            return self.user_cache.id
+        return None
+
+    def get_user(self):
+        return self.user_cache
+
 class PublicCommentManipulator(AuthenticationForm):
     "Manipulator that handles public registered comments"
     def __init__(self, user, ratings_required, ratings_range, num_rating_choices):

django/contrib/admin/views/auth.py

@@ -11 +11 @@
 def user_add_stage(request):
     if not request.user.has_perm('auth.change_user'):
         raise PermissionDenied
-    manipulator = UserCreationForm()
     if request.method == 'POST':
-        new_data = request.POST.copy()
-        errors = manipulator.get_validation_errors(new_data)
-        if not errors:
-            new_user = manipulator.save(new_data)
+        form = UserCreationForm(request.POST)
+        if form.is_valid():
+            new_user = form.save()
             msg = _('The %(name)s "%(obj)s" was added successfully.') % {'name': 'user', 'obj': new_user}
             if "_addanother" in request.POST:
                 request.user.message_set.create(message=msg)
@@ -25 +23 @@
                 request.user.message_set.create(message=msg + ' ' + _("You may edit it again below."))
                 return HttpResponseRedirect('../%s/' % new_user.id)
     else:
-        errors = new_data = {}
-    form = oldforms.FormWrapper(manipulator, new_data, errors)
+        form = UserCreationForm()
     return render_to_response('admin/auth/user/add_form.html', {
         'title': _('Add user'),
         'form': form,
@@ -49 +46 @@
     if not request.user.has_perm('auth.change_user'):
         raise PermissionDenied
     user = get_object_or_404(User, pk=id)
-    manipulator = AdminPasswordChangeForm(user)
     if request.method == 'POST':
-        new_data = request.POST.copy()
-        errors = manipulator.get_validation_errors(new_data)
-        if not errors:
-            new_user = manipulator.save(new_data)
+        form = AdminPasswordChangeForm(request_post=request.POST, user=user)
+        if form.is_valid():
+            new_user = form.save()
             msg = _('Password changed successfully.')
             request.user.message_set.create(message=msg)
             return HttpResponseRedirect('..')
     else:
-        errors = new_data = {}
-    form = oldforms.FormWrapper(manipulator, new_data, errors)
+        form = AdminPasswordChangeForm(user=user)
     return render_to_response('admin/auth/user/change_password.html', {
         'title': _('Change password: %s') % escape(user.username),
         'form': form,

django/contrib/auth/views.py

@@ -1 +1 @@
 from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
-from django import oldforms
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.sites.models import Site, RequestSite
@@ -11 +10 @@
 
 def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
     "Displays the login form and handles the login action."
-    manipulator = AuthenticationForm(request)
     redirect_to = request.REQUEST.get(redirect_field_name, '')
-    if request.POST:
-        errors = manipulator.get_validation_errors(request.POST)
-        if not errors:
+    if request.method == 'POST':
+        form = AuthenticationForm(request.POST)
+        if form.is_valid():
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                 from django.conf import settings
                 redirect_to = settings.LOGIN_REDIRECT_URL
             from django.contrib.auth import login
-            login(request, manipulator.get_user())
-            request.session.delete_test_cookie()
+            login(request, form.get_user())           
+            if request.session.test_cookie_worked():
+                request.session.delete_test_cookie()
             return HttpResponseRedirect(redirect_to)
     else:
-        errors = {}
+        form = AuthenticationForm(request=request)
     request.session.set_test_cookie()
 
     if Site._meta.installed:
@@ -34 +33 @@
         current_site = RequestSite(request)
 
     return render_to_response(template_name, {
-        'form': oldforms.FormWrapper(manipulator, request.POST, errors),
+        'form': form,
         redirect_field_name: redirect_to,
         'site_name': current_site.name,
     }, context_instance=RequestContext(request))
@@ -65 +64 @@
 
 def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',
         email_template_name='registration/password_reset_email.html'):
-    new_data, errors = {}, {}
-    form = PasswordResetForm()
     if request.POST:
-        new_data = request.POST.copy()
-        errors = form.get_validation_errors(new_data)
-        if not errors:
+        form = PasswordResetForm(request.POST)
+        if form.is_valid():
             if is_admin_site:
                 form.save(domain_override=request.META['HTTP_HOST'])
             else:
                 form.save(email_template_name=email_template_name)
             return HttpResponseRedirect('%sdone/' % request.path)
-    return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)},
+    else:
+        form = PasswordResetForm()      
+    return render_to_response(template_name, {'form': form},
         context_instance=RequestContext(request))
 
 def password_reset_done(request, template_name='registration/password_reset_done.html'):
@@ -84 +82 @@
 
 def password_change(request, template_name='registration/password_change_form.html'):
     new_data, errors = {}, {}
-    form = PasswordChangeForm(request.user)
-    if request.POST:
-        new_data = request.POST.copy()
-        errors = form.get_validation_errors(new_data)
-        if not errors:
-            form.save(new_data)
+    if request.method == 'POST':
+        form = PasswordChangeForm(request.POST, request.user)
+        if form.is_valid():
+            form.save()
             return HttpResponseRedirect('%sdone/' % request.path)
-    return render_to_response(template_name, {'form': oldforms.FormWrapper(form, new_data, errors)},
+    else:
+        form = PasswordChangeForm(user=request.user)
+    return render_to_response(template_name, {'form': form},
         context_instance=RequestContext(request))
 password_change = login_required(password_change)
 

django/contrib/auth/forms.py

@@ -2 +2 @@
 from django.contrib.auth import authenticate
 from django.contrib.sites.models import Site
 from django.template import Context, loader
-from django.core import validators
-from django import oldforms
+from django import newforms as forms
 from django.utils.translation import ugettext as _
+import re
 
-class UserCreationForm(oldforms.Manipulator):
+class UserCreationForm(forms.Form):
     "A form that creates a user, with no privileges, from the given username and password."
-    def __init__(self):
-        self.fields = (
-            oldforms.TextField(field_name='username', length=30, max_length=30, is_required=True,
-                validator_list=[validators.isAlphaNumeric, self.isValidUsername]),
-            oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True),
-            oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True,
-                validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]),
-        )
+    username=forms.CharField(label=_("username"), max_length=30, required=True)
+    password1 = forms.CharField(label=_("password"), max_length=30, required=True, widget=forms.PasswordInput)
+    password2 = forms.CharField(label=_("password (again)"), max_length=30, required=True, widget=forms.PasswordInput)
 
-    def isValidUsername(self, field_data, all_data):
+    #Following regex and error is borrowed from django.core.validators for backwards compatability for now (including i18n), but in anticipation of them being passed as parameters (or overridden).
+    username_re = re.compile(r'^\w+$')
+    username_re_validation_text = "This value must contain only letters, numbers and underscores."
+
+    def clean_password2(self):
+        if self._errors: return
+        if not self.cleaned_data['password1'] == self.cleaned_data['password2']:    
+            raise forms.ValidationError, _("The two 'password' fields didn't match.")
+        return self.cleaned_data['password2']
+
+    def clean_username(self):
+        if not self.username_re.search(self.cleaned_data['username']):
+            raise forms.ValidationError, _(self.username_re_validation_text)
         try:
-            User.objects.get(username=field_data)
+            user = User.objects.get(username__exact=self.cleaned_data['username'])
         except User.DoesNotExist:
-            return
-        raise validators.ValidationError, _('A user with that username already exists.')
-
-    def save(self, new_data):
+                return self.cleaned_data['username']
+        raise forms.ValidationError, _('A user with that username already exists.')
+        
+    def save(self):
         "Creates the user."
-        return User.objects.create_user(new_data['username'], '', new_data['password1'])
+        return User.objects.create_user(self.cleaned_data['username'], '', self.cleaned_data['password1'])
 
-class AuthenticationForm(oldforms.Manipulator):
+class AuthenticationForm(forms.Form):
     """
     Base class for authenticating users. Extend this to get a form that accepts
     username/password logins.
     """
-    def __init__(self, request=None):
+    username = forms.CharField(label=_("username"), max_length=30, required=True)
+    password = forms.CharField(label=_("password"), max_length=30, required=True, widget=forms.PasswordInput)
+    
+    def __init__(self, request_post=None, request=None):
         """
         If request is passed in, the manipulator will validate that cookies are
         enabled. Note that the request (a HttpRequest object) must have set a
@@ -41 +51 @@
         running this validator.
         """
         self.request = request
-        self.fields = [
-            oldforms.TextField(field_name="username", length=15, max_length=30, is_required=True,
-                validator_list=[self.isValidUser, self.hasCookiesEnabled]),
-            oldforms.PasswordField(field_name="password", length=15, max_length=30, is_required=True),
-        ]
         self.user_cache = None
+        super(AuthenticationForm, self).__init__(request_post)
 
-    def hasCookiesEnabled(self, field_data, all_data):
+    def clean(self):
+        """
+        Test that cookies are enabled and that self.username is a valid user with the right password.
+        """
+        if self._errors: return
         if self.request and not self.request.session.test_cookie_worked():
             raise validators.ValidationError, _("Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in.")
-
-    def isValidUser(self, field_data, all_data):
-        username = field_data
-        password = all_data.get('password', None)
+        username = self.cleaned_data['username']
+        password = self.cleaned_data['password']
         self.user_cache = authenticate(username=username, password=password)
         if self.user_cache is None:
-            raise validators.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
+            raise forms.ValidationError, _("Please enter a correct username and password. Note that both fields are case-sensitive.")
         elif not self.user_cache.is_active:
-            raise validators.ValidationError, _("This account is inactive.")
+            raise forms.ValidationError, _("This account is inactive.")
+        return self.cleaned_data
 
     def get_user_id(self):
         if self.user_cache:
@@ -69 +78 @@
     def get_user(self):
         return self.user_cache
 
-class PasswordResetForm(oldforms.Manipulator):
+class PasswordResetForm(forms.Form):
     "A form that lets a user request a password reset"
-    def __init__(self):
-        self.fields = (
-            oldforms.EmailField(field_name="email", length=40, is_required=True,
-                validator_list=[self.isValidUserEmail]),
-        )
-
-    def isValidUserEmail(self, new_data, all_data):
+    email = forms.EmailField(label=_("email"), max_length=40, required=True)
+    
+    def clean_email(self):
         "Validates that a user exists with the given e-mail address"
-        self.users_cache = list(User.objects.filter(email__iexact=new_data))
+        self.users_cache = list(User.objects.filter(email__iexact=self.cleaned_data['email']))
         if len(self.users_cache) == 0:
-            raise validators.ValidationError, _("That e-mail address doesn't have an associated user account. Are you sure you've registered?")
+            raise forms.ValidationError, _("That e-mail address doesn't have an associated user account. Are you sure you've registered?")
+        return self.cleaned_data['email']
 
     def save(self, domain_override=None, email_template_name='registration/password_reset_email.html'):
         "Calculates a new password randomly and sends it to the user"
@@ -106 +112 @@
                 }
             send_mail(_('Password reset on %s') % site_name, t.render(Context(c)), None, [user.email])
 
-class PasswordChangeForm(oldforms.Manipulator):
-    "A form that lets a user change his password."
-    def __init__(self, user):
+class PasswordChangeForm(forms.Form):
+    "A form that lets a user change his or her password."
+    old_password = forms.CharField(label=_("old password"), max_length=30, required=True, widget=forms.PasswordInput)
+    new_password1 = forms.CharField(label=_("new password"), max_length=30, required=True, widget=forms.PasswordInput)
+    new_password2 = forms.CharField(label=_("new password again"), max_length=30, required=True, widget=forms.PasswordInput)
+
+    def __init__(self, request_post=None, user=None):
         self.user = user
-        self.fields = (
-            oldforms.PasswordField(field_name="old_password", length=30, max_length=30, is_required=True,
-                validator_list=[self.isValidOldPassword]),
-            oldforms.PasswordField(field_name="new_password1", length=30, max_length=30, is_required=True,
-                validator_list=[validators.AlwaysMatchesOtherField('new_password2', _("The two 'new password' fields didn't match."))]),
-            oldforms.PasswordField(field_name="new_password2", length=30, max_length=30, is_required=True),
-        )
+        super(PasswordChangeForm,self).__init__(request_post)
+        
+    def clean_new_password2(self):
+        if self._errors: return
+        if not self.cleaned_data['new_password1'] == self.cleaned_data['new_password2']:    
+            raise forms.ValidationError, _("The two 'new password' fields didn't match.")
+        return self.cleaned_data['new_password2']
 
-    def isValidOldPassword(self, new_data, all_data):
+    def clean_old_password(self):
         "Validates that the old_password field is correct."
-        if not self.user.check_password(new_data):
-            raise validators.ValidationError, _("Your old password was entered incorrectly. Please enter it again.")
+        if not self.user.check_password(self.cleaned_data['old_password']):
+            raise forms.ValidationError, _("Your old password was entered incorrectly. Please enter it again.")
+        return self.cleaned_data['old_password']
 
-    def save(self, new_data):
+    def save(self):
         "Saves the new password."
-        self.user.set_password(new_data['new_password1'])
+        self.user.set_password(self.cleaned_data['new_password1'])
         self.user.save()
 
-class AdminPasswordChangeForm(oldforms.Manipulator):
-    "A form used to change the password of a user in the admin interface."
-    def __init__(self, user):
+class AdminPasswordChangeForm(forms.Form):
+    "A form used to change the password of a user in the admin interface - it is not necessary to know the old password."
+    new_password1 = forms.CharField(label=_("new password"), max_length=30, required=True, widget=forms.PasswordInput)
+    new_password2 = forms.CharField(label=_("new password again"), max_length=30, required=True, widget=forms.PasswordInput)
+
+    def __init__(self, request_post=None, user=None):
         self.user = user
-        self.fields = (
-            oldforms.PasswordField(field_name='password1', length=30, max_length=60, is_required=True),
-            oldforms.PasswordField(field_name='password2', length=30, max_length=60, is_required=True,
-                validator_list=[validators.AlwaysMatchesOtherField('password1', _("The two password fields didn't match."))]),
-        )
+        super(AdminPasswordChangeForm,self).__init__(request_post)
 
-    def save(self, new_data):
+    def clean_new_password2(self):
+        if self._errors: return
+        if not self.cleaned_data['new_password1'] == self.cleaned_data['new_password2']:    
+            raise forms.ValidationError, _("The two 'new password' fields didn't match.")
+        return self.cleaned_data['new_password2']
+
+    def save(self):
         "Saves the new password."
-        self.user.set_password(new_data['password1'])
+        self.user.set_password(self.cleaned_data['new_password1'])
         self.user.save()

AUTHORS

@@ -329 +329 @@
     tstromberg@google.com
     Makoto Tsuyuki <mtsuyuki@gmail.com>
     tt@gurgle.no
+    Greg Turner <http://gregturner.org>
     Amit Upadhyay
     Geert Vanderkelen
     I.S. van Oostveen <v.oostveen@idca.nl>