PasswordChangeForm and EmailChangeForm (and their views)

[acatton]

I just wrote my own PasswordChangeForm/PasswordChangeView in one of my project. (The form is two password fields, and ask for the current password). I also created EmailChangeForm/EmailChangeView (with newemail/password confirmation)

IMHO, it sounds like something that should go in authtools. What do you think?

FYI, It looks like this:

class UpdatePasswordForm(forms.Form):
    password1 = forms.CharField(label='New password',
                                widget=forms.PasswordInput)
    password2 = forms.CharField(
        label='Password confirmation',
        help_text='Same password as above.',
        widget=forms.PasswordInput,
    )
    current = forms.CharField(label='Current password',
                              widget=forms.PasswordInput)

    def __init__(self, *args, **kwargs):
        self.instance = kwargs.pop('instance', None)
        assert self.instance is not None
        super(UpdatePasswordForm, self).__init__(*args, **kwargs)

    def clean_current(self):
        password = self.cleaned_data['current']

        assert self.instance is not None
        if not self.instance.check_password(password):
            raise forms.ValidationError("The current password was invalid.")

        return password

    def clean(self):
        cleaned_data = super(UpdatePasswordForm, self).clean()
        if cleaned_data['password1'] != cleaned_data['password2']:
            raise forms.ValidationError("Passwords didn't match")
        return cleaned_data

    def save(self, commit=True):
        assert self.instance is not None
        self.instance.set_password(self.cleaned_data['password1'])
        if commit:
            self.instance.save()
        return self.instance

class UpdatePasswordView(EnsureAuthMixin, UpdateView):
    form_class = UpdatePasswordForm
    template_name = 'auth/update_password.html'

    def get_object(self):
        user = self.request.user
        assert not user.is_anonymous()
        return user

[gavinwahl]

https://github.com/fusionbox/django-authtools/blob/master/authtools/views.py#L151

[acatton]

I definitely missed that. What about EmailChangeForm/EmailChangeView?

[rockymeza]

I'd definitely be interested in seeing the change email stuff. What do you mean it checks the password?

[acatton]

class UpdateEmailForm(forms.Form):
    email = forms.EmailField(label='New email')
    password = forms.CharField(label='Confirm your password', widget=forms.PasswordInput)

    def __init__(self, *args, **kwargs):
        self.instance = kwargs.pop('instance', None)
        assert self.instance is not None
        super(UpdateEmailForm, self).__init__(*args, **kwargs)

    def clean_password(self):
        password = self.cleaned_data['password']
        assert self.instance is not None
        if not self.instance.check_password(password):
            raise forms.ValidationError("Invalid password")
        return password

    def clean_email(self):
        email = User.objects.normalize_email(self.cleaned_data['email'])
        if User.objects.filter(email=email).exists():
            raise forms.ValidationError("This email address is already taken")
        else:
            return email

    def save(self, commit=True):
        assert self.instance is not None

        self.instance.email = self.cleaned_data['email']
        if commit:
            self.instance.save()
        return self.instance

class UpdateEmailView(EnsureAuthMixin, UpdateView):
    form_class = UpdateEmailForm
    template_name = 'accounts/update_email.html'

    def get_object(self):
        user = self.request.user
        assert not user.is_anonymous()
        return user

[gavinwahl]

Is the UpdateEmail stuff applicable to any other application? I can see very different requirements here. Verifing the email address, editing the email address with the other profile fields ...