users can update their password in their profile

2014-09-04 21:51:22 -07:00 · 2014-09-04 21:51:22 -07:00 · 2f3d75fc3e
commit 2f3d75fc3e
parent f420dd98ac
4 changed files with 72 additions and 11 deletions
--- a/accounts/tests.py
+++ b/accounts/tests.py
@ -19,13 +19,38 @@ class TestViews(TestCase):
        response = self.client.get(reverse('profile'))
        self.assertEqual(response.status_code, 200)
        response = self.client.post(reverse('profile'), {
+            'update-profile': '',
            'first_name': 'newfirstname',
            'notifications': User.NOTIFICATIONS_OTHERS,
        }, follow=True)
        self.assertRedirects(response, reverse('profile'))
-        self.assertContains(response, 'successfully')
+        self.assertContains(response, 'Profile updated successfully')
        user = User.objects.get(username='admin')
        self.assertEqual(user.first_name, 'newfirstname')
+        with self.settings(EXTERNAL_AUTH=True):
+            response = self.client.get(reverse('profile'))
+            self.assertEqual(response.status_code, 200)
+            self.assertNotContains(response, 'update-password')
+            response = self.client.post(reverse('profile'), {
+                'update-password': '',
+                'old_password': 'admin',
+                'new_password1': 'newpassword',
+                'new_password2': 'newpassword',
+            }, follow=True)
+            self.assertEqual(response.status_code, 200)
+            self.assertNotContains(response, 'successfully')
+            user = User.objects.get(username='admin')
+            self.assertFalse(user.check_password('newpassword'))
+        response = self.client.post(reverse('profile'), {
+            'update-password': '',
+            'old_password': 'admin',
+            'new_password1': 'newpassword',
+            'new_password2': 'newpassword',
+        }, follow=True)
+        self.assertRedirects(response, reverse('login')+'?next='+reverse('profile'))
+        self.assertContains(response, 'Password updated successfully')
+        user = User.objects.get(username='admin')
+        self.assertTrue(user.check_password('newpassword'))

    # Users

--- a/accounts/urls.py
+++ b/accounts/urls.py
@ -3,7 +3,7 @@ from django.conf.urls import url, include

 urlpatterns = [
    # Profile
-    url(r'^profile$', 'accounts.views.profile', name='profile'),
+    url(r'^profile/$', 'accounts.views.profile', name='profile'),
    # Users
    url(r'^admin/users/$', 'accounts.views.user_list', name='list-user'),
    url(r'^admin/users/add/$', 'accounts.views.user_edit', name='add-user'),
--- a/accounts/views.py
+++ b/accounts/views.py
@ -6,6 +6,7 @@ from django.contrib import messages
 from django.db.models import Q
 from django.core.exceptions import ObjectDoesNotExist
 from django.conf import settings
+from django.contrib.auth.forms import PasswordChangeForm

 from django.http import Http404, HttpResponse, JsonResponse

@ -21,13 +22,31 @@ from accounts.forms import *

@login_required
 def profile(request):
-    form = ProfileForm(request.POST or None, instance=request.user)
-    if request.method == 'POST' and form.is_valid():
-        form.save()
+    profileform = None
+    passwordform = None
+
+    if request.method == 'POST':
+        if 'update-profile' in request.POST:
+            profileform = ProfileForm(request.POST, instance=request.user)
+            if profileform.is_valid():
+                profileform.save()
                messages.success(request, 'Profile updated successfully.')
                return redirect('profile')
+        elif 'update-password' in request.POST and not settings.EXTERNAL_AUTH:
+            passwordform = PasswordChangeForm(user=request.user, data=request.POST)
+            if passwordform.is_valid():
+                passwordform.save()
+                messages.success(request, 'Password updated successfully.')
+                return redirect('profile')
+
+    if not profileform:
+        profileform = ProfileForm(None, instance=request.user)
+    if not passwordform and not settings.EXTERNAL_AUTH:
+        passwordform = PasswordChangeForm(None)
+
    return render(request, 'accounts/profile.html', {
-        'form': form,
+        'profileform': profileform,
+        'passwordform': passwordform,
    })


--- a/templates/accounts/profile.html
+++ b/templates/accounts/profile.html
@ -13,19 +13,36 @@

 <div class="panel panel-default">
  <div class="panel-heading">
-    <h3>Your profile</h3>
+    <h3>Update profile</h3>
  </div>
  <div class="panel-body">
    <form method="post" class="col-md-4" role="form">
      {% csrf_token %}
-      {% bootstrap_form form %}
+      {% bootstrap_form profileform %}
      <div class="form-group">
-        <button type="submit" class="btn btn-primary">Update</button>
+        <button type="submit" name='update-profile' class="btn btn-primary">Update</button>
      </div>
    </form>
  </div>
 </div>

+{% if passwordform %}
+<div class="panel panel-default">
+  <div class="panel-heading">
+    <h3>Update password</h3>
+  </div>
+  <div class="panel-body">
+    <form method="post" class="col-md-4" role="form">
+      {% csrf_token %}
+      {% bootstrap_form passwordform %}
+      <div class="form-group">
+        <button type="submit" name='update-password' class="btn btn-primary">Update</button>
+      </div>
+    </form>
+  </div>
+</div>
+{% endif %}
+
 <div class="panel panel-default">
  <div class="panel-heading">
    <h3>Your groups</h3>