From 2f3d75fc3e92ef4888162f884d531754275589ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89lie=20Bouttier?= <elie@bouttier.eu>
Date: Thu, 4 Sep 2014 21:51:22 -0700
Subject: [PATCH] users can update their password in their profile

---
 accounts/tests.py               | 27 ++++++++++++++++++++++++++-
 accounts/urls.py                |  2 +-
 accounts/views.py               | 31 +++++++++++++++++++++++++------
 templates/accounts/profile.html | 23 ++++++++++++++++++++---
 4 files changed, 72 insertions(+), 11 deletions(-)

diff --git a/accounts/tests.py b/accounts/tests.py
index 1b454a1..a752bee 100644
--- a/accounts/tests.py
+++ b/accounts/tests.py
@@ -19,13 +19,38 @@ class TestViews(TestCase):
         response = self.client.get(reverse('profile'))
         self.assertEqual(response.status_code, 200)
         response = self.client.post(reverse('profile'), {
+            'update-profile': '',
             'first_name': 'newfirstname',
             'notifications': User.NOTIFICATIONS_OTHERS,
         }, follow=True)
         self.assertRedirects(response, reverse('profile'))
-        self.assertContains(response, 'successfully')
+        self.assertContains(response, 'Profile updated successfully')
         user = User.objects.get(username='admin')
         self.assertEqual(user.first_name, 'newfirstname')
+        with self.settings(EXTERNAL_AUTH=True):
+            response = self.client.get(reverse('profile'))
+            self.assertEqual(response.status_code, 200)
+            self.assertNotContains(response, 'update-password')
+            response = self.client.post(reverse('profile'), {
+                'update-password': '',
+                'old_password': 'admin',
+                'new_password1': 'newpassword',
+                'new_password2': 'newpassword',
+            }, follow=True)
+            self.assertEqual(response.status_code, 200)
+            self.assertNotContains(response, 'successfully')
+            user = User.objects.get(username='admin')
+            self.assertFalse(user.check_password('newpassword'))
+        response = self.client.post(reverse('profile'), {
+            'update-password': '',
+            'old_password': 'admin',
+            'new_password1': 'newpassword',
+            'new_password2': 'newpassword',
+        }, follow=True)
+        self.assertRedirects(response, reverse('login')+'?next='+reverse('profile'))
+        self.assertContains(response, 'Password updated successfully')
+        user = User.objects.get(username='admin')
+        self.assertTrue(user.check_password('newpassword'))
 
     # Users
 
diff --git a/accounts/urls.py b/accounts/urls.py
index bf49057..ece8408 100644
--- a/accounts/urls.py
+++ b/accounts/urls.py
@@ -3,7 +3,7 @@ from django.conf.urls import url, include
 
 urlpatterns = [
     # Profile
-    url(r'^profile$', 'accounts.views.profile', name='profile'),
+    url(r'^profile/$', 'accounts.views.profile', name='profile'),
     # Users
     url(r'^admin/users/$', 'accounts.views.user_list', name='list-user'),
     url(r'^admin/users/add/$', 'accounts.views.user_edit', name='add-user'),
diff --git a/accounts/views.py b/accounts/views.py
index 813173a..09d9cdb 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -6,6 +6,7 @@ from django.contrib import messages
 from django.db.models import Q
 from django.core.exceptions import ObjectDoesNotExist
 from django.conf import settings
+from django.contrib.auth.forms import PasswordChangeForm
 
 from django.http import Http404, HttpResponse, JsonResponse
 
@@ -21,13 +22,31 @@ from accounts.forms import *
 
 @login_required
 def profile(request):
-    form = ProfileForm(request.POST or None, instance=request.user)
-    if request.method == 'POST' and form.is_valid():
-        form.save()
-        messages.success(request, 'Profile updated successfully.')
-        return redirect('profile')
+    profileform = None
+    passwordform = None
+
+    if request.method == 'POST':
+        if 'update-profile' in request.POST:
+            profileform = ProfileForm(request.POST, instance=request.user)
+            if profileform.is_valid():
+                profileform.save()
+                messages.success(request, 'Profile updated successfully.')
+                return redirect('profile')
+        elif 'update-password' in request.POST and not settings.EXTERNAL_AUTH:
+            passwordform = PasswordChangeForm(user=request.user, data=request.POST)
+            if passwordform.is_valid():
+                passwordform.save()
+                messages.success(request, 'Password updated successfully.')
+                return redirect('profile')
+
+    if not profileform:
+        profileform = ProfileForm(None, instance=request.user)
+    if not passwordform and not settings.EXTERNAL_AUTH:
+        passwordform = PasswordChangeForm(None)
+
     return render(request, 'accounts/profile.html', {
-        'form': form,
+        'profileform': profileform,
+        'passwordform': passwordform,
     })
 
 
diff --git a/templates/accounts/profile.html b/templates/accounts/profile.html
index c9ed82a..cabba41 100644
--- a/templates/accounts/profile.html
+++ b/templates/accounts/profile.html
@@ -13,19 +13,36 @@
 
 <div class="panel panel-default">
   <div class="panel-heading">
-    <h3>Your profile</h3>
+    <h3>Update profile</h3>
   </div>
   <div class="panel-body">
     <form method="post" class="col-md-4" role="form">
       {% csrf_token %}
-      {% bootstrap_form form %}
+      {% bootstrap_form profileform %}
       <div class="form-group">
-        <button type="submit" class="btn btn-primary">Update</button>
+        <button type="submit" name='update-profile' class="btn btn-primary">Update</button>
       </div>
     </form>
   </div>
 </div>
 
+{% if passwordform %}
+<div class="panel panel-default">
+  <div class="panel-heading">
+    <h3>Update password</h3>
+  </div>
+  <div class="panel-body">
+    <form method="post" class="col-md-4" role="form">
+      {% csrf_token %}
+      {% bootstrap_form passwordform %}
+      <div class="form-group">
+        <button type="submit" name='update-password' class="btn btn-primary">Update</button>
+      </div>
+    </form>
+  </div>
+</div>
+{% endif %}
+
 <div class="panel panel-default">
   <div class="panel-heading">
     <h3>Your groups</h3>