# HG changeset patch # User Marcin Kuzminski # Date 2019-01-14 17:46:18 # Node ID f96b759198214cd3b056a926ed4af844369c68b5 # Parent e2435f8788cf79db9f87e35ac07f9bd3dde93d54 users: use two distinct actions for user password reset. - this makes a better UX instead of TOGGLE. diff --git a/rhodecode/apps/admin/__init__.py b/rhodecode/apps/admin/__init__.py --- a/rhodecode/apps/admin/__init__.py +++ b/rhodecode/apps/admin/__init__.py @@ -280,8 +280,12 @@ def admin_routes(config): pattern='/users/{user_id:\d+}/delete', user_route=True) config.add_route( - name='user_force_password_reset', - pattern='/users/{user_id:\d+}/password_reset', + name='user_enable_force_password_reset', + pattern='/users/{user_id:\d+}/password_reset_enable', + user_route=True) + config.add_route( + name='user_disable_force_password_reset', + pattern='/users/{user_id:\d+}/password_reset_disable', user_route=True) config.add_route( name='user_create_personal_repo_group', diff --git a/rhodecode/apps/admin/tests/test_admin_users.py b/rhodecode/apps/admin/tests/test_admin_users.py --- a/rhodecode/apps/admin/tests/test_admin_users.py +++ b/rhodecode/apps/admin/tests/test_admin_users.py @@ -59,8 +59,6 @@ def route_path(name, params=None, **kwar ADMIN_PREFIX + '/users/{user_id}/update', 'user_delete': ADMIN_PREFIX + '/users/{user_id}/delete', - 'user_force_password_reset': - ADMIN_PREFIX + '/users/{user_id}/password_reset', 'user_create_personal_repo_group': ADMIN_PREFIX + '/users/{user_id}/create_repo_group', diff --git a/rhodecode/apps/admin/views/users.py b/rhodecode/apps/admin/views/users.py --- a/rhodecode/apps/admin/views/users.py +++ b/rhodecode/apps/admin/views/users.py @@ -599,12 +599,9 @@ class UsersView(UserAppView): @HasPermissionAllDecorator('hg.admin') @CSRFRequired() @view_config( - route_name='user_force_password_reset', request_method='POST', + route_name='user_enable_force_password_reset', request_method='POST', renderer='rhodecode:templates/admin/users/user_edit.mako') - def user_force_password_reset(self): - """ - toggle reset password flag for this user - """ + def user_enable_force_password_reset(self): _ = self.request.translate c = self.load_default_context() @@ -612,19 +609,41 @@ class UsersView(UserAppView): c.user = self.db_user try: - old_value = c.user.user_data.get('force_password_change') - c.user.update_userdata(force_password_change=not old_value) + c.user.update_userdata(force_password_change=True) + + msg = _('Force password change enabled for user') + audit_logger.store_web('user.edit.password_reset.enabled', + user=c.rhodecode_user) + + Session().commit() + h.flash(msg, category='success') + except Exception: + log.exception("Exception during password reset for user") + h.flash(_('An error occurred during password reset for user'), + category='error') + + raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id)) - if old_value: - msg = _('Force password change disabled for user') - audit_logger.store_web( - 'user.edit.password_reset.disabled', - user=c.rhodecode_user) - else: - msg = _('Force password change enabled for user') - audit_logger.store_web( - 'user.edit.password_reset.enabled', - user=c.rhodecode_user) + @LoginRequired() + @HasPermissionAllDecorator('hg.admin') + @CSRFRequired() + @view_config( + route_name='user_disable_force_password_reset', request_method='POST', + renderer='rhodecode:templates/admin/users/user_edit.mako') + def user_disable_force_password_reset(self): + _ = self.request.translate + c = self.load_default_context() + + user_id = self.db_user_id + c.user = self.db_user + + try: + c.user.update_userdata(force_password_change=False) + + msg = _('Force password change disabled for user') + audit_logger.store_web( + 'user.edit.password_reset.disabled', + user=c.rhodecode_user) Session().commit() h.flash(msg, category='success') diff --git a/rhodecode/public/js/rhodecode/routes.js b/rhodecode/public/js/rhodecode/routes.js --- a/rhodecode/public/js/rhodecode/routes.js +++ b/rhodecode/public/js/rhodecode/routes.js @@ -102,7 +102,8 @@ function registerRCRoutes() { pyroutes.register('user_edit_global_perms_update', '/_admin/users/%(user_id)s/edit/global_permissions/update', ['user_id']); pyroutes.register('user_update', '/_admin/users/%(user_id)s/update', ['user_id']); pyroutes.register('user_delete', '/_admin/users/%(user_id)s/delete', ['user_id']); - pyroutes.register('user_force_password_reset', '/_admin/users/%(user_id)s/password_reset', ['user_id']); + pyroutes.register('user_enable_force_password_reset', '/_admin/users/%(user_id)s/password_reset_enable', ['user_id']); + pyroutes.register('user_disable_force_password_reset', '/_admin/users/%(user_id)s/password_reset_disable', ['user_id']); pyroutes.register('user_create_personal_repo_group', '/_admin/users/%(user_id)s/create_repo_group', ['user_id']); pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']); pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']); diff --git a/rhodecode/templates/admin/repos/repo_edit_settings.mako b/rhodecode/templates/admin/repos/repo_edit_settings.mako --- a/rhodecode/templates/admin/repos/repo_edit_settings.mako +++ b/rhodecode/templates/admin/repos/repo_edit_settings.mako @@ -143,7 +143,7 @@
${c.form['repo_landing_commit_ref'].render(css_class='medium', oid='repo_landing_commit_ref')|n} ${c.form.render_error(request, c.form['repo_landing_commit_ref'])|n} -

${_('Default commit for files page, downloads, full text search index and readme')}

+

${_('The default commit for file pages, downloads, full text search index, and README generation.')}

diff --git a/rhodecode/templates/admin/users/user_edit_advanced.mako b/rhodecode/templates/admin/users/user_edit_advanced.mako --- a/rhodecode/templates/admin/users/user_edit_advanced.mako +++ b/rhodecode/templates/admin/users/user_edit_advanced.mako @@ -35,15 +35,23 @@

${_('Force Password Reset')}

- ${h.secure_form(h.route_path('user_force_password_reset', user_id=c.user.user_id), request=request)} + ${h.secure_form(h.route_path('user_disable_force_password_reset', user_id=c.user.user_id), request=request)}
+
+
+ + ${_("Clear the forced password change flag.")} + +
+ ${h.end_form()} + + ${h.secure_form(h.route_path('user_enable_force_password_reset', user_id=c.user.user_id), request=request)} +
+
@@ -52,6 +60,7 @@
${h.end_form()} +