From 81d77f223a756d885be5c9b5871f452b29be6c1f Mon Sep 17 00:00:00 2001 From: Alexis Koralewski Date: Fri, 13 Aug 2021 15:18:35 +0200 Subject: [PATCH] Adding 'forgotten password' feature --- src/core/pyros_django/user_manager/templates/user_manager/forgotten_password.html | 24 ++++++++++++++++++++++++ src/core/pyros_django/user_manager/templates/user_manager/home_login.html | 1 + src/core/pyros_django/user_manager/urls.py | 1 + src/core/pyros_django/user_manager/views.py | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------- 4 files changed, 101 insertions(+), 34 deletions(-) create mode 100644 src/core/pyros_django/user_manager/templates/user_manager/forgotten_password.html diff --git a/src/core/pyros_django/user_manager/templates/user_manager/forgotten_password.html b/src/core/pyros_django/user_manager/templates/user_manager/forgotten_password.html new file mode 100644 index 0000000..f3a64a2 --- /dev/null +++ b/src/core/pyros_django/user_manager/templates/user_manager/forgotten_password.html @@ -0,0 +1,24 @@ +{% extends "user_manager/base_home.html" %} +{% block content %} + +
+ Forgot your password? Please enter the email address you used to register + with us and we will send you a temparorary password to log in.
+ We recommend you to change it as soon as possible on your profile page.
+ +
+
+ +
+ {% csrf_token %} + {{form}} +
+

+{% if message %} + {{ message }} +{% endif %} +
+ Return to sign in page +
+ +{% endblock%} \ No newline at end of file diff --git a/src/core/pyros_django/user_manager/templates/user_manager/home_login.html b/src/core/pyros_django/user_manager/templates/user_manager/home_login.html index 17fbb8d..1d8ca57 100644 --- a/src/core/pyros_django/user_manager/templates/user_manager/home_login.html +++ b/src/core/pyros_django/user_manager/templates/user_manager/home_login.html @@ -29,6 +29,7 @@
+ Forgot your password ? Subscription form
diff --git a/src/core/pyros_django/user_manager/urls.py b/src/core/pyros_django/user_manager/urls.py index 8612719..7a0a800 100644 --- a/src/core/pyros_django/user_manager/urls.py +++ b/src/core/pyros_django/user_manager/urls.py @@ -7,6 +7,7 @@ from .forms import UserPasswordResetForm urlpatterns = [ path('users', views.users, name="users"), url(r'^create$', views.create_user, name="create_user"), + url(r'^forgotten_password$', views.forgotten_password, name="forgotten_password"), url(r'^creation_validate$', views.user_signup_validation, name="user_signup_validation"), url(r'^login$', views.login_validation, name="login_validation"), url(r'^profile$', views.profile, name="profile"), diff --git a/src/core/pyros_django/user_manager/views.py b/src/core/pyros_django/user_manager/views.py index aa4f2e3..4229220 100644 --- a/src/core/pyros_django/user_manager/views.py +++ b/src/core/pyros_django/user_manager/views.py @@ -4,12 +4,13 @@ from django.contrib.auth.decorators import login_required from dashboard.decorator import level_required from django.shortcuts import get_object_or_404 from dashboard.forms import UserForm -from .forms import PyrosUserCreationForm +from .forms import PyrosUserCreationForm,UserPasswordResetForm from django.core.mail import send_mail from common.models import ScientificProgram, PyrosUser,UserLevel, SP_Period, SP_Period_User from django.urls import reverse from django.http import HttpResponseRedirect,HttpResponse - +from obsconfig.configpyros import ConfigPyros +from django.conf import settings as pyros_settings LOGGED_PAGE = "../../dashboard/templates/dashboard/index.html" @@ -35,6 +36,25 @@ def create_user(request): form = PyrosUserCreationForm() return (render(request, "user_manager/home_user_creation.html", locals())) +def forgotten_password(request): + form = UserPasswordResetForm() + message="" + if request.POST: + password = PyrosUser.objects.make_random_password() + user = PyrosUser.objects.get(email=request.POST["email"]) + if user != None: + user.set_password(password) + user.save() + send_mail( + '[PyROS CC] Registration', + f"Hello,\nYou recently took steps to reset the password for your PyROS account. A temporary password has been assigned, please log in with the following password: '{password}'. \n\nCordially,\n\nPyROS Control Center'", + '', + [request.POST['email']], + fail_silently=False, + ) + message="The email has been send !" + return render(request, 'user_manager/forgotten_password.html',{"form":form,"message":message}) + def user_signup_validation(request): ''' View called to validate the user creation (form submitted) @@ -50,6 +70,7 @@ def user_signup_validation(request): message = "Account creation successful ! Login to continue" success = True if request.user.is_authenticated: + if request.POST.get("next"): return redirect(request.POST.get('next')) else: @@ -70,6 +91,10 @@ def login_validation(request): View called when the user log in (form submitted) ''' if request.user.is_authenticated: + config = ConfigPyros(pyros_settings.PATH_TO_OBSCONF_FILE) + observatory_name = config.get_obs_name() + first_unit_name = config.get_units_name()[0] + request.session["obsname"] = observatory_name+" "+first_unit_name if request.POST.get("next"): return redirect(request.POST.get('next')) # initiate variable session for telling which role the user is using if this user has multiple roles @@ -80,6 +105,10 @@ def login_validation(request): if request.POST: email = request.POST.get('email') password = request.POST.get('password') + try: + is_user_active = PyrosUser.objects.get(username=email).is_active + except: + is_user_active = None user = authenticate(username=email, password=password) if user is not None: success = False @@ -95,9 +124,13 @@ def login_validation(request): return redirect(request.POST.get('next')) return(render(request, LOGGED_PAGE, {'USER_LEVEL': request.user.get_priority(), 'base_template' : "base.html", 'weather_img': "normal", 'success' : success})) else: - message = "Your account is not active, please contact the site administrator." + message = "Your account is not active, please contact the Unit-PI." else: - message = "Your email and/or password were incorrect." + if is_user_active != None and not is_user_active: + message = "Your account is not active, please contact the Unit-PI." + elif is_user_active or is_user_active == None: + message = "Your email and/or password were incorrect." + else: message = "An unexpected error has occurred" error = True @@ -126,6 +159,10 @@ def user_logout(request): ''' logout(request) + config = ConfigPyros(pyros_settings.PATH_TO_OBSCONF_FILE) + observatory_name = config.get_obs_name() + first_unit_name = config.get_units_name()[0] + request.session["obsname"] = observatory_name+" "+first_unit_name return(render(request, LOGGED_PAGE, {'USER_LEVEL' : "Visitor", 'base_template' : 'base_unlogged.html', 'weather_img': "red"})) def user_signin(request): @@ -133,12 +170,14 @@ def user_signin(request): @login_required -@level_required("Admin") +@level_required("Admin","Unit-PI") def delete_user(request,pk): user_to_be_deleted = get_object_or_404(PyrosUser,pk=pk) - if request.method == "POST": + if request.user != user_to_be_deleted and request.method == "POST": user_to_be_deleted.delete() return HttpResponseRedirect(reverse('users')) + else: + return HttpResponseRedirect(reverse("user_detail",kwargs={"pk":pk})) @login_required @@ -147,54 +186,56 @@ def users(request): current_user = request.user pyros_users_with_roles = [] pyros_users_without_roles = None + common_scientific_programs = None if request.session.get("role"): role = request.session.get("role") else: role = current_user.get_priority() - if role in "Admin,Unit-PI,Unit board": pyros_users_with_roles = PyrosUser.objects.exclude(user_level__name="Visitor").order_by("-id") pyros_users_without_roles = PyrosUser.objects.filter(user_level__name="Visitor").order_by("-id") else: sp_of_current_user = SP_Period_User.objects.filter(user=current_user) - pyros_user_with_roles = [] + common_scientific_programs = sp_of_current_user for sp in sp_of_current_user: for user in SP_Period_User.objects.filter(SP_Period=sp.SP_Period).exclude(user=current_user).values_list("user",flat=True): pyros_users_with_roles.append(PyrosUser.objects.get(id=user)) nb_of_scientific_program = ScientificProgram.objects.count() # need the negative to calculate in the template for adjusting correctly the information display negative_nb_scientific_program = -nb_of_scientific_program - return render(request, 'user_manager/users_management.html', {'pyros_users_with_roles': pyros_users_with_roles,"pyros_users_without_roles":pyros_users_without_roles,"nb_of_scientific_program": nb_of_scientific_program,"negative_nb_scientific_program":negative_nb_scientific_program}) # return the initial view (the users management's one) + return render(request, 'user_manager/users_management.html', {'pyros_users_with_roles': pyros_users_with_roles,"pyros_users_without_roles":pyros_users_without_roles,"nb_of_scientific_program": nb_of_scientific_program,"negative_nb_scientific_program":negative_nb_scientific_program,"common_scientific_programs":common_scientific_programs}) @login_required @level_required("Admin","Unit-PI","Unit board") def change_activate(request, pk, current_user_id): - try : - user = get_object_or_404(PyrosUser, pk=pk) - user.is_active = not user.is_active - text_mail = "" - text_object = "" - if (user.first_time == False and user.is_active == True): - user.first_time = True - text_mail = "Hi,\n\nCongratulations, your registration has been approved by the PI. Welcome to the PyROS Control Center.\nIn order to submit observation sequences, you need to be associated to a scientific program.\n\nCordially,\n\nPyROS Control Center" - text_object = "[PyROS CC] Welcome" - user.validator = get_object_or_404(PyrosUser,pk=current_user_id) - send_mail(text_object, text_mail, '', [user.email], fail_silently=False,) - - # We're not sending an email if the account has been desactivated or re-activated - # elif (user.is_active == True): - # text_mail = "Hi,\n\nYour account on the PyROS Control Center have been re-activated.\n\nCordially,\n\nPyROS Control Center" - # text_object = "[PyROS CC] Re-activation" - # else : - # text_mail = "Hi,\n\nYour account on the PyROS Control Center have benn desactivated. Please contact the PI for futher information.\n\nCordially,\n\nPyROS Control Center" - # text_object = "[PyROS CC] Desactivation" - - user.save() - - return redirect('user_detail', pk=pk) - except PyrosUser.DoesNotExist: - return redirect('user_detail', pk=pk) + if PyrosUser.objects.get(id=current_user_id).get_roles_str() in ["Admin","Unit-PI","Unit board"]: + try : + user = get_object_or_404(PyrosUser, pk=pk) + user.is_active = not user.is_active + text_mail = "" + text_object = "" + if (user.first_time == False and user.is_active == True): + user.first_time = True + text_mail = "Hi,\n\nCongratulations, your registration has been approved by the PI. Welcome to the PyROS Control Center.\nIn order to submit observation sequences, you need to be associated to a scientific program.\n\nCordially,\n\nPyROS Control Center" + text_object = "[PyROS CC] Welcome" + user.validator = get_object_or_404(PyrosUser,pk=current_user_id) + send_mail(text_object, text_mail, '', [user.email], fail_silently=False,) + # We're not sending an email if the account has been desactivated or re-activated + # elif (user.is_active == True): + # text_mail = "Hi,\n\nYour account on the PyROS Control Center have been re-activated.\n\nCordially,\n\nPyROS Control Center" + # text_object = "[PyROS CC] Re-activation" + # else : + # text_mail = "Hi,\n\nYour account on the PyROS Control Center have benn desactivated. Please contact the PI for futher information.\n\nCordially,\n\nPyROS Control Center" + # text_object = "[PyROS CC] Desactivation" + + user.save() + + return redirect('user_detail', pk=pk) + except PyrosUser.DoesNotExist: + return redirect('user_detail', pk=pk) + else: + return redirect("user_detail",pk=pk) @login_required @level_required("Admin","Observer","Management","Operator","Unit-PI","TAC","Unit board") def user_detail_view(request,pk): -- libgit2 0.21.2