Add check to force users to change password (#2284)

2021-11-11 11:10:33 +01:00
parent 245ad644ff
commit 169a6c51b4
11 changed files with 137 additions and 10 deletions
--- a/src/pretix/base/forms/user.py
+++ b/src/pretix/base/forms/user.py
@@ -55,6 +55,7 @@ class UserSettingsForm(forms.ModelForm):
        'pw_current_wrong': _("The current password you entered was not correct."),
        'pw_mismatch': _("Please enter the same password twice"),
        'rate_limit': _("For security reasons, please wait 5 minutes before you try again."),
+        'pw_equal': _("Please choose a password different to your current one.")
    }

    old_pw = forms.CharField(max_length=255,
@@ -158,6 +159,12 @@ class UserSettingsForm(forms.ModelForm):
                code='pw_current'
            )

+        if password1 and password1 == old_pw:
+            raise forms.ValidationError(
+                self.error_messages['pw_equal'],
+                code='pw_equal'
+            )
+
        if password1:
            self.instance.set_password(password1)

--- a/src/pretix/base/migrations/0202_user_needs_password_change.py
+++ b/src/pretix/base/migrations/0202_user_needs_password_change.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.9 on 2021-11-04 13:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('pretixbase', '0201_invoiceline_event_location'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='needs_password_change',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/src/pretix/base/models/auth.py
+++ b/src/pretix/base/models/auth.py
@@ -113,6 +113,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
    :type date_joined: datetime
    :param locale: The user's preferred locale code.
    :type locale: str
+    :param needs_password_change: Whether this user's password needs to be changed.
+    :type needs_password_change: bool
    :param timezone: The user's preferred timezone.
    :type timezone: str
    """
@@ -130,6 +132,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
                                   verbose_name=_('Is site admin'))
    date_joined = models.DateTimeField(auto_now_add=True,
                                       verbose_name=_('Date joined'))
+    needs_password_change = models.BooleanField(default=False,
+                                                verbose_name=_('Force user to select a new password'))
    locale = models.CharField(max_length=50,
                              choices=settings.LANGUAGES,
                              default=settings.LANGUAGE_CODE,