Merge pull request #237 from RSE-Sheffield/feat/211-change-password

Add change password feature

Author: twinkarma

home/templates/home/password_change_form.html

@@ -0,0 +1,62 @@
+{% extends "base_manager.html" %}
+
+{% block content %}
+<div class="container mx-auto px-4 py-8 mt-4">
+    <div>
+        <h1>Change password</h1>
+        <p class="subtitle">Use the form below to update your password.</p>
+    </div>
+    <div class="card custom-card shadow-sm my-4">
+        <div class="card-body">
+
+            <form method="post">{% csrf_token %}
+                <div>
+                    {% if form.errors %}
+                        <p class="alert alert-warning" role="alert">
+                            Please correct any errors below.
+                        </p>
+                    {% endif %}
+
+                    <p>
+                        Please enter your old password for security reasons. Then enter your new password twice
+                        so we can verify you typed it in correctly.
+                    </p>
+
+                    <fieldset>
+                        <!-- Old password -->
+                        <div>
+                            {{ form.old_password.errors }}
+                            {{ form.old_password.label_tag }}
+                            {{ form.old_password }}
+                        </div>
+
+                        <div>
+                            {{ form.new_password1.errors }}
+                            <div>{{ form.new_password1.label_tag }} {{ form.new_password1 }}</div>
+                            {% if form.new_password1.help_text %}
+                                <div class="form-text"{% if form.new_password1.id_for_label %}
+                                     id="{{ form.new_password1.id_for_label }}_helptext"{% endif %}>{{ form.new_password1.help_text|safe }}</div>
+                            {% endif %}
+                        </div>
+
+                        <div>
+                            {{ form.new_password2.errors }}
+                            <div>{{ form.new_password2.label_tag }} {{ form.new_password2 }}</div>
+                            {% if form.new_password2.help_text %}
+                                <div class="form-text "{% if form.new_password2.id_for_label %}
+                                     id="{{ form.new_password2.id_for_label }}_helptext"{% endif %}>{{ form.new_password2.help_text|safe }}</div>
+                            {% endif %}
+                        </div>
+
+                    </fieldset>
+
+                    <div>
+                        <input type="submit" value="Change my password" class="btn btn-primary">
+                    </div>
+
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+{% endblock %}

home/templates/home/profile.html

@@ -30,17 +30,22 @@ <h1>Profile</h1>
                         <input type="email" autocomplete="email" name="email" id="id_email" class="form-control" 
                             placeholder="Enter your email address" value="{{ user.email }}" required>
                     </div>
-
-                    <div class="text-center">
-                        <button type="submit" class="btn btn-primary" style="background-color: #6933AD; border: none;">
-                            <i class="bx bxs-user-check"></i> Update Profile
-                        </button>
-                        <!-- <a href="{% url 'home' %}" class="btn btn-primary" style="background-color: #6933AD; border: none; margin-left: 10px;">
-                            Cancel
-                        </a> -->
-                    </div>
+                    <button type="submit" class="btn btn-primary">
+                        <i class="bx bxs-user-check"></i> Update Profile
+                    </button>
                 </form>
             </div>
         </div>
+        <div class="card custom-card shadow-sm my-4">
+            <div class="card-body">
+                <h2>Security</h2>
+                <p>
+                    <a href="{% url 'password_change' %}" class="btn btn-primary">
+                        <i class="bx bxs-key"></i>
+                        Change password
+                    </a>
+                </p>
+            </div>
+        </div>
     </div>
 {% endblock %}

home/urls.py

@@ -1,7 +1,10 @@
 __author__ = "Farhad Allian"
 
+
+import django.urls
 from django.urls import path, re_path
 
+
 from . import views
 
 urlpatterns = [
@@ -14,6 +17,16 @@
         name="signup",
     ),
     path("profile/", views.ProfileView.as_view(), name="profile"),
+    # Change password using built-in authentication view
+    # https://docs.djangoproject.com/en/5.2/topics/auth/default/#built-in-auth-views
+    # https://docs.djangoproject.com/en/5.2/topics/auth/default/#django.contrib.auth.views.PasswordChangeView
+    path("profile/change-password/",
+         views.PasswordChangeView.as_view(
+             template_name="home/password_change_form.html",
+             success_url=django.urls.reverse_lazy("profile"),
+         ),
+         name="password_change"),
+    # Password reset by email (for lost passwords)
     path(
         "password_reset/",
         views.CustomPasswordResetView.as_view(),

home/views.py

@@ -1,5 +1,6 @@
-from typing import Optional
 
+from typing import Optional
+import django.contrib.auth.views
 import invitations.models
 import invitations.views
 from django.contrib import messages
@@ -399,6 +400,12 @@ def get_success_url(self):
         return reverse_lazy("myorganisation")
 
 
+
+class PasswordChangeView(django.contrib.auth.views.PasswordChangeView):
+    def form_valid(self, form):
+        messages.success(self.request, "Your password has been changed.")
+        return super().form_valid(form=form)
+
 class OrganisationMembershipListView(LoginRequiredMixin, OrganisationRequiredMixin, ListView):
     model = OrganisationMembership
     context_object_name = "memberships"
@@ -476,3 +483,4 @@ def form_valid(self, form):
 
 class HelpView(LoginRequiredMixin, TemplateView):
     template_name = "help.html"
+