UPD: enable stronger password validation and eventually warning message on login

2020-12-22 18:42:06 +01:00
parent 47dd196c6a
commit c3f72a50ff
11 changed files with 132 additions and 63 deletions
--- a/dav_auth/views.py
+++ b/dav_auth/views.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 import logging
 from django.apps import apps
 from django.core.exceptions import ValidationError
@@ -7,6 +8,7 @@ from django.contrib.auth.password_validation import validate_password
 from django.http import HttpResponseRedirect
 from django.shortcuts import resolve_url
 from django.urls import reverse_lazy, reverse
+from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
 from django.views import generic

@@ -29,11 +31,19 @@ class LoginView(auth_views.LoginView):

    def form_valid(self, form):
        r = super(LoginView, self).form_valid(form)
+        messages.success(self.request, _(u'Benutzer angemeldet: %(username)s') % {'username': form.get_user()})
        try:
            validate_password(form.cleaned_data['password'])
        except ValidationError as e:
            logger.warning(u'Weak password (%d): %s', self.request.user.pk, e)
-        messages.success(self.request, _(u'Benutzer angemeldet: %(username)s') % {'username': form.get_user()})
+            message = u'<br />\n<p>\n'
+            message += u'Dein Passwort entspricht nicht mehr den aktuellen Passwortrichtlinien.<br />\n'
+            message += u'Bitte hilf uns die Daten deiner Teilnehmer zu schützen und ändere dein Passwort.<br />\n'
+            message += u'</p>\n'
+            message += u'<p>\n'
+            message += u'<a href="%(href)s">Passwort ändern</a>\n' % {'href': reverse('dav_auth:set_password')}
+            message += u'</p>\n<br />\n'
+            messages.warning(self.request, mark_safe(message))
        return r


@@ -76,7 +86,7 @@ class CreateAndSendPasswordView(generic.FormView):
        user_model = get_user_model()
        try:
            user = user_model.objects.get(username=username)
-            random_password = user_model.objects.make_random_password(length=12)
+            random_password = user_model.objects.make_random_password(length=32)
            user.set_password(random_password)
            user.save()
            email = emails.PasswordSetEmail(user, random_password)