Commit c46ddbf1 authored by Luke Plant's avatar Luke Plant
Browse files

Fixed #8274 - allow custom forms for auth 'login' and 'password_change' views 

Thanks to julien for the suggestion and patch, and SmileyChris for work on the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11618 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 9f8287a3

django/contrib/auth/views.py

+9 −7
Original line number Diff line number Diff line
@@ -14,11 +14,13 @@ from django.utils.translation import ugettext as _ 
from django.contrib.auth.models import User

from django.views.decorators.cache import never_cache



def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):

def login(request, template_name='registration/login.html',

          redirect_field_name=REDIRECT_FIELD_NAME,

          authentication_form=AuthenticationForm):

    "Displays the login form and handles the login action."

    redirect_to = request.REQUEST.get(redirect_field_name, '')

    if request.method == "POST":

        form = AuthenticationForm(data=request.POST)

        form = authentication_form(data=request.POST)

        if form.is_valid():

            # Light security check -- make sure redirect_to isn't garbage.

            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
@@ -29,7 +31,7 @@ def login(request, template_name='registration/login.html', redirect_field_name= 
                request.session.delete_test_cookie()

            return HttpResponseRedirect(redirect_to)

    else:

        form = AuthenticationForm(request)

        form = authentication_form(request)

    request.session.set_test_cookie()

    if Site._meta.installed:

        current_site = Site.objects.get_current()
@@ -145,16 +147,16 @@ def password_reset_complete(request, template_name='registration/password_reset_ 
                                                                             {'login_url': settings.LOGIN_URL}))



def password_change(request, template_name='registration/password_change_form.html',

                    post_change_redirect=None):

                    post_change_redirect=None, password_change_form=PasswordChangeForm):

    if post_change_redirect is None:

        post_change_redirect = reverse('django.contrib.auth.views.password_change_done')

    if request.method == "POST":

        form = PasswordChangeForm(request.user, request.POST)

        form = password_change_form(user=request.user, data=request.POST)

        if form.is_valid():

            form.save()

            return HttpResponseRedirect(post_change_redirect)

    else:

        form = PasswordChangeForm(request.user)

        form = password_change_form(user=request.user)

    return render_to_response(template_name, {

        'form': form,

    }, context_instance=RequestContext(request))

docs/topics/auth.txt

+20 −4
Original line number Diff line number Diff line
@@ -262,8 +262,8 @@ Manager functions 
        Creates, saves and returns a :class:`~django.contrib.auth.models.User`.

        The :attr:`~django.contrib.auth.models.User.username`,

        :attr:`~django.contrib.auth.models.User.email` and

        :attr:`~django.contrib.auth.models.User.password` are set as given, and

        the :class:`~django.contrib.auth.models.User` gets ``is_active=True``.

        :attr:`~django.contrib.auth.models.User.password` are set as given, and the

        :class:`~django.contrib.auth.models.User` gets ``is_active=True``.



        If no password is provided,

        :meth:`~django.contrib.auth.models.User.set_unusable_password()` will
@@ -705,7 +705,7 @@ the following line to your URLconf:: 


    (r'^accounts/login/$', 'django.contrib.auth.views.login'),



.. function:: views.login(request, [template_name, redirect_field_name])

.. function:: views.login(request, [template_name, redirect_field_name, authentication_form])



    Here's what ``django.contrib.auth.views.login`` does:
@@ -785,6 +785,15 @@ the following line to your URLconf:: 


        {% endblock %}



    .. versionadded:: 1.2



    If you are using alternate authentication (see

    :ref:`authentication-backends`) you can pass a custom authentication form

    to the login view via the ``authentication_form`` parameter. This form must

    accept a ``request`` keyword argument in its ``__init__`` method, and

    provide a ``get_user`` argument which returns the authenticated user object

    (this method is only ever called after successful form validation).



    .. _forms documentation: ../forms/

    .. _site framework docs: ../sites/
@@ -824,7 +833,7 @@ includes a few other useful built-in views located in 
        * ``login_url``: The URL of the login page to redirect to. This will

          default to :setting:`settings.LOGIN_URL <LOGIN_URL>` if not supplied.



.. function:: views.password_change(request[, template_name, post_change_redirect])

.. function:: views.password_change(request[, template_name, post_change_redirect, password_change_form])



    Allows a user to change their password.
@@ -837,6 +846,13 @@ includes a few other useful built-in views located in 
        * ``post_change_redirect``: The URL to redirect to after a successful

          password change.



        * .. versionadded:: 1.2



          ``password_change_form``: A custom "change password" form which must

          accept a ``user`` keyword argument. The form is responsible for

          actually changing the user's password.





    **Template context:**



        * ``form``: The password change form.