From 78cce196271b0fc82299e0d753249ac4e2e64436 Mon Sep 17 00:00:00 2001 From: Bobby Date: Fri, 29 Jul 2022 23:49:10 +0530 Subject: password change on account page --- blog/templates/account.html | 15 +++++++++------ blog/views.py | 20 ++++++++++++-------- users/urls.py | 1 + users/views.py | 27 ++++++++++++++++++++++++++- 4 files changed, 48 insertions(+), 15 deletions(-) diff --git a/blog/templates/account.html b/blog/templates/account.html index 521b1565..3c63eaa4 100644 --- a/blog/templates/account.html +++ b/blog/templates/account.html @@ -22,13 +22,16 @@ Avatar {{ user.username }}'s avatar -
+ + {% csrf_token %}
Change Password - - - - + + + + + +
@@ -40,7 +43,7 @@
-
+ {% csrf_token %}
Account Details diff --git a/blog/views.py b/blog/views.py index 1e01248e..28e8c893 100644 --- a/blog/views.py +++ b/blog/views.py @@ -1,4 +1,4 @@ -from django.shortcuts import render +from django.shortcuts import render, redirect from users.models import UserProfile import hashlib @@ -9,10 +9,14 @@ def home(request): def account(request): user = request.user - try: - user_profile = UserProfile.objects.get(user=user) - avatar = hashlib.md5(str(user_profile.gravatar_email).lower().encode('utf-8')).hexdigest() if user_profile.gravatar_email else hashlib.md5(str(user.email).lower().encode()).hexdigest() - except UserProfile.DoesNotExist: - user_profile = None - avatar = hashlib.md5(str(user.email).lower().encode()).hexdigest() - return render(request, 'account.html', {'title': 'Account', 'user_profile': user_profile, 'avatar': avatar}) + if user.is_authenticated: + try: + user_profile = UserProfile.objects.get(user=user) + avatar = hashlib.md5(str(user_profile.gravatar_email).lower().encode('utf-8')).hexdigest() if user_profile.gravatar_email else hashlib.md5(str(user.email).lower().encode()).hexdigest() + except UserProfile.DoesNotExist: + user_profile = None + avatar = hashlib.md5(str(user.email).lower().encode()).hexdigest() + return render(request, 'account.html', {'title': 'Account', 'user_profile': user_profile, 'avatar': avatar}) + else: + # Redirect to login page + return redirect('/') diff --git a/users/urls.py b/users/urls.py index f649d11a..24230426 100644 --- a/users/urls.py +++ b/users/urls.py @@ -8,6 +8,7 @@ urlpatterns = [ path('login', views.login_user, name='login'), path('logout', views.logout_user, name='logout'), path('update', views.update_user, name='update'), + path('changepassword', views.change_password, name='changepassword'), ] # Configure Admin Site diff --git a/users/views.py b/users/views.py index 56ea9dab..175d68e6 100644 --- a/users/views.py +++ b/users/views.py @@ -1,6 +1,6 @@ from django.http import HttpResponseRedirect from django.shortcuts import render, redirect -from django.contrib.auth import authenticate, login, logout +from django.contrib.auth import authenticate, login, logout, update_session_auth_hash from django.contrib import messages from .models import UserProfile from django.contrib.auth.models import User @@ -65,3 +65,28 @@ def update_user(request): messages.error(request, 'Unable to update profile! Please try again later.') return redirect('/') + +def change_password(request): + username = request.user + old_password = request.POST['oldPassword'] + new_password = request.POST['newPassword'] + confirm_password = request.POST['confirmPassword'] + if username is not None: + user = User.objects.get(username=username) + if user.check_password(old_password): + if new_password == confirm_password: + user.set_password(new_password) + user.save() + update_session_auth_hash(request, user) + messages.success(request, 'Password was successfully changed!') + return redirect('/account') + else: + messages.error(request, 'The new password and confirmation password do not match!') + return redirect('/account') + else: + messages.error(request, 'Old password is incorrect!') + return redirect('/account') + else: + messages.error(request, 'Unable to change password! Please try again later.') + return redirect('/') + -- cgit v1.2.3