Merge pull request #29 from UKB-IT-Sec/28-change-own-password

Password change
UKB-IT-Sec · Oct 21, 2024 · 1648516 · 1648516
2 parents 7a72c6f + 2631350
commit 1648516
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 3 deletions.
diff --git a/src/nac/urls.py b/src/nac/urls.py
@@ -8,7 +8,9 @@
     DeviceCreateView,
     DeviceRoleProdAutocomplete,
     DeviceRoleInstAutocomplete,
-    AuthorizationGroupAutocomplete
+    AuthorizationGroupAutocomplete,
+    AccountSettings,
+    change_password,
 )
 
 urlpatterns = [
@@ -20,5 +22,7 @@
     path("devices/new/", DeviceCreateView.as_view(), name="device_new"),
     path("DeviceRoleProd-autocomplete/", DeviceRoleProdAutocomplete.as_view(), name="DeviceRoleProd-autocomplete"),
     path("DeviceRoleInst-autocomplete/", DeviceRoleInstAutocomplete.as_view(), name="DeviceRoleInst-autocomplete"),
-    path("authorization-group-autocomplete/", AuthorizationGroupAutocomplete.as_view(), name="authorization-group-autocomplete")
+    path("authorization-group-autocomplete/", AuthorizationGroupAutocomplete.as_view(), name="authorization-group-autocomplete"),
+    path("account-settings/", AccountSettings.as_view(), name="account-settings"),
+    path("change_password/", change_password, name='change_password'),
 ]
diff --git a/src/nac/views.py b/src/nac/views.py
@@ -5,6 +5,10 @@
 from dal import autocomplete
 from .models import Device, DeviceRoleProd, AuthorizationGroup, DeviceRoleInst
 from .forms import DeviceForm
+from django.contrib import messages
+from django.contrib.auth import update_session_auth_hash
+from django.contrib.auth.forms import PasswordChangeForm
+from django.shortcuts import render, redirect
 
 
 class HomePageView(TemplateView):
@@ -104,3 +108,24 @@ def get_queryset(self):
             qs = qs.filter(name__istartswith=self.q)
 
         return qs
+
+
+class AccountSettings(TemplateView):
+    template_name = "account_settings.html"
+
+
+def change_password(request):
+    if request.method == 'POST':
+        form = PasswordChangeForm(request.user, request.POST)
+        if form.is_valid():
+            user = form.save()
+            update_session_auth_hash(request, user)  # Important!
+            messages.success(request, 'Your password was successfully updated!')
+            return redirect('change_password')
+        else:
+            messages.error(request, 'Please correct the error below.')
+    else:
+        form = PasswordChangeForm(request.user)
+    return render(request, 'change_password.html', {
+        'form': form
+    })
diff --git a/src/templates/account_settings.html b/src/templates/account_settings.html
@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+{% block content %}
+<div class="container">
+    <h1>Account Settings</h1>
+    <a href="{% url 'change_password' %}">Change password</a>
+</div>
+{% endblock content %}
diff --git a/src/templates/base.html b/src/templates/base.html
@@ -65,7 +65,15 @@
 								</svg>
 								Add Device
 							</a>
-						</li>						
+						</li>
+						<li class="nav-item">
+							<a class="nav-link active" aria-current="page" href="{% url 'account-settings' %}">
+								<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-person-gear" viewBox="0 0 16 16">
+								  <path d="M11 5a3 3 0 1 1-6 0 3 3 0 0 1 6 0M8 7a2 2 0 1 0 0-4 2 2 0 0 0 0 4m.256 7a4.5 4.5 0 0 1-.229-1.004H3c.001-.246.154-.986.832-1.664C4.484 10.68 5.711 10 8 10q.39 0 .74.025c.226-.341.496-.65.804-.918Q8.844 9.002 8 9c-5 0-6 3-6 4s1 1 1 1zm3.63-4.54c.18-.613 1.048-.613 1.229 0l.043.148a.64.64 0 0 0 .921.382l.136-.074c.561-.306 1.175.308.87.869l-.075.136a.64.64 0 0 0 .382.92l.149.045c.612.18.612 1.048 0 1.229l-.15.043a.64.64 0 0 0-.38.921l.074.136c.305.561-.309 1.175-.87.87l-.136-.075a.64.64 0 0 0-.92.382l-.045.149c-.18.612-1.048.612-1.229 0l-.043-.15a.64.64 0 0 0-.921-.38l-.136.074c-.561.305-1.175-.309-.87-.87l.075-.136a.64.64 0 0 0-.382-.92l-.148-.045c-.613-.18-.613-1.048 0-1.229l.148-.043a.64.64 0 0 0 .382-.921l-.074-.136c-.306-.561.308-1.175.869-.87l.136.075a.64.64 0 0 0 .92-.382zM14 12.5a1.5 1.5 0 1 0-3 0 1.5 1.5 0 0 0 3 0"/>
+								</svg>
+								Account Settings
+							</a>
+						</li>
 						<li class="nav-item">
 						    <form method="post" action="{% url 'logout' %}" class="inline">
 								{% csrf_token %}

diff --git a/src/templates/change_password.html b/src/templates/change_password.html
@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+{% block content %}
+  {% load static %}
+  {% load crispy_forms_tags %}
+      <div class="container">
+        <form method="post">
+        {% csrf_token %}
+        {{ form | crispy }}
+        <button type="submit">Save changes</button>
+        </form>
+      </div>
+{% endblock content %}