##// END OF EJS Templates
users: use two distinct actions for user password reset....
marcink -
r3378:f96b7591 default
parent child Browse files
Show More
@@ -280,8 +280,12 b' def admin_routes(config):'
280 pattern='/users/{user_id:\d+}/delete',
280 pattern='/users/{user_id:\d+}/delete',
281 user_route=True)
281 user_route=True)
282 config.add_route(
282 config.add_route(
283 name='user_force_password_reset',
283 name='user_enable_force_password_reset',
284 pattern='/users/{user_id:\d+}/password_reset',
284 pattern='/users/{user_id:\d+}/password_reset_enable',
285 user_route=True)
286 config.add_route(
287 name='user_disable_force_password_reset',
288 pattern='/users/{user_id:\d+}/password_reset_disable',
285 user_route=True)
289 user_route=True)
286 config.add_route(
290 config.add_route(
287 name='user_create_personal_repo_group',
291 name='user_create_personal_repo_group',
@@ -59,8 +59,6 b' def route_path(name, params=None, **kwar'
59 ADMIN_PREFIX + '/users/{user_id}/update',
59 ADMIN_PREFIX + '/users/{user_id}/update',
60 'user_delete':
60 'user_delete':
61 ADMIN_PREFIX + '/users/{user_id}/delete',
61 ADMIN_PREFIX + '/users/{user_id}/delete',
62 'user_force_password_reset':
63 ADMIN_PREFIX + '/users/{user_id}/password_reset',
64 'user_create_personal_repo_group':
62 'user_create_personal_repo_group':
65 ADMIN_PREFIX + '/users/{user_id}/create_repo_group',
63 ADMIN_PREFIX + '/users/{user_id}/create_repo_group',
66
64
@@ -599,12 +599,9 b' class UsersView(UserAppView):'
599 @HasPermissionAllDecorator('hg.admin')
599 @HasPermissionAllDecorator('hg.admin')
600 @CSRFRequired()
600 @CSRFRequired()
601 @view_config(
601 @view_config(
602 route_name='user_force_password_reset', request_method='POST',
602 route_name='user_enable_force_password_reset', request_method='POST',
603 renderer='rhodecode:templates/admin/users/user_edit.mako')
603 renderer='rhodecode:templates/admin/users/user_edit.mako')
604 def user_force_password_reset(self):
604 def user_enable_force_password_reset(self):
605 """
606 toggle reset password flag for this user
607 """
608 _ = self.request.translate
605 _ = self.request.translate
609 c = self.load_default_context()
606 c = self.load_default_context()
610
607
@@ -612,19 +609,41 b' class UsersView(UserAppView):'
612 c.user = self.db_user
609 c.user = self.db_user
613
610
614 try:
611 try:
615 old_value = c.user.user_data.get('force_password_change')
612 c.user.update_userdata(force_password_change=True)
616 c.user.update_userdata(force_password_change=not old_value)
613
614 msg = _('Force password change enabled for user')
615 audit_logger.store_web('user.edit.password_reset.enabled',
616 user=c.rhodecode_user)
617
618 Session().commit()
619 h.flash(msg, category='success')
620 except Exception:
621 log.exception("Exception during password reset for user")
622 h.flash(_('An error occurred during password reset for user'),
623 category='error')
624
625 raise HTTPFound(h.route_path('user_edit_advanced', user_id=user_id))
617
626
618 if old_value:
627 @LoginRequired()
619 msg = _('Force password change disabled for user')
628 @HasPermissionAllDecorator('hg.admin')
620 audit_logger.store_web(
629 @CSRFRequired()
621 'user.edit.password_reset.disabled',
630 @view_config(
622 user=c.rhodecode_user)
631 route_name='user_disable_force_password_reset', request_method='POST',
623 else:
632 renderer='rhodecode:templates/admin/users/user_edit.mako')
624 msg = _('Force password change enabled for user')
633 def user_disable_force_password_reset(self):
625 audit_logger.store_web(
634 _ = self.request.translate
626 'user.edit.password_reset.enabled',
635 c = self.load_default_context()
627 user=c.rhodecode_user)
636
637 user_id = self.db_user_id
638 c.user = self.db_user
639
640 try:
641 c.user.update_userdata(force_password_change=False)
642
643 msg = _('Force password change disabled for user')
644 audit_logger.store_web(
645 'user.edit.password_reset.disabled',
646 user=c.rhodecode_user)
628
647
629 Session().commit()
648 Session().commit()
630 h.flash(msg, category='success')
649 h.flash(msg, category='success')
@@ -102,7 +102,8 b' function registerRCRoutes() {'
102 pyroutes.register('user_edit_global_perms_update', '/_admin/users/%(user_id)s/edit/global_permissions/update', ['user_id']);
102 pyroutes.register('user_edit_global_perms_update', '/_admin/users/%(user_id)s/edit/global_permissions/update', ['user_id']);
103 pyroutes.register('user_update', '/_admin/users/%(user_id)s/update', ['user_id']);
103 pyroutes.register('user_update', '/_admin/users/%(user_id)s/update', ['user_id']);
104 pyroutes.register('user_delete', '/_admin/users/%(user_id)s/delete', ['user_id']);
104 pyroutes.register('user_delete', '/_admin/users/%(user_id)s/delete', ['user_id']);
105 pyroutes.register('user_force_password_reset', '/_admin/users/%(user_id)s/password_reset', ['user_id']);
105 pyroutes.register('user_enable_force_password_reset', '/_admin/users/%(user_id)s/password_reset_enable', ['user_id']);
106 pyroutes.register('user_disable_force_password_reset', '/_admin/users/%(user_id)s/password_reset_disable', ['user_id']);
106 pyroutes.register('user_create_personal_repo_group', '/_admin/users/%(user_id)s/create_repo_group', ['user_id']);
107 pyroutes.register('user_create_personal_repo_group', '/_admin/users/%(user_id)s/create_repo_group', ['user_id']);
107 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
108 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
108 pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']);
109 pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']);
@@ -143,7 +143,7 b''
143 <div class="select">
143 <div class="select">
144 ${c.form['repo_landing_commit_ref'].render(css_class='medium', oid='repo_landing_commit_ref')|n}
144 ${c.form['repo_landing_commit_ref'].render(css_class='medium', oid='repo_landing_commit_ref')|n}
145 ${c.form.render_error(request, c.form['repo_landing_commit_ref'])|n}
145 ${c.form.render_error(request, c.form['repo_landing_commit_ref'])|n}
146 <p class="help-block">${_('Default commit for files page, downloads, full text search index and readme')}</p>
146 <p class="help-block">${_('The default commit for file pages, downloads, full text search index, and README generation.')}</p>
147 </div>
147 </div>
148 </div>
148 </div>
149
149
@@ -35,15 +35,23 b''
35 <h3 class="panel-title">${_('Force Password Reset')}</h3>
35 <h3 class="panel-title">${_('Force Password Reset')}</h3>
36 </div>
36 </div>
37 <div class="panel-body">
37 <div class="panel-body">
38 ${h.secure_form(h.route_path('user_force_password_reset', user_id=c.user.user_id), request=request)}
38 ${h.secure_form(h.route_path('user_disable_force_password_reset', user_id=c.user.user_id), request=request)}
39 <div class="field">
39 <div class="field">
40 <button class="btn btn-default" type="submit">
40 <button class="btn btn-default" type="submit">
41 <i class="icon-lock"></i>
41 <i class="icon-unlock"></i> ${_('Disable forced password reset')}
42 %if c.user.user_data.get('force_password_change'):
42 </button>
43 ${_('Disable forced password reset')}
43 </div>
44 %else:
44 <div class="field">
45 ${_('Enable forced password reset')}
45 <span class="help-block">
46 %endif
46 ${_("Clear the forced password change flag.")}
47 </span>
48 </div>
49 ${h.end_form()}
50
51 ${h.secure_form(h.route_path('user_enable_force_password_reset', user_id=c.user.user_id), request=request)}
52 <div class="field">
53 <button class="btn btn-default" type="submit" onclick="return confirm('${_('Confirm to enable forced password change')}');">
54 <i class="icon-lock"></i> ${_('Enable forced password reset')}
47 </button>
55 </button>
48 </div>
56 </div>
49 <div class="field">
57 <div class="field">
@@ -52,6 +60,7 b''
52 </span>
60 </span>
53 </div>
61 </div>
54 ${h.end_form()}
62 ${h.end_form()}
63
55 </div>
64 </div>
56 </div>
65 </div>
57
66
General Comments 0
You need to be logged in to leave comments. Login now