| 148 | |
| 149 | @method_decorator(sensitive_post_parameters()) |
| 150 | def user_change_password(self, request, id, form_url=""): |
| 151 | user = self.get_object(request, unquote(id)) |
| 152 | if not self.has_change_permission(request, user): |
| 153 | raise PermissionDenied |
| 154 | if user is None: |
| 155 | raise Http404( |
| 156 | _("%(name)s object with primary key %(key)r does not exist.") |
| 157 | % { |
| 158 | "name": self.opts.verbose_name, |
| 159 | "key": escape(id), |
| 160 | } |
| 161 | ) |
| 162 | if request.method == "POST": |
| 163 | form = self.change_password_form(user, request.POST) |
| 164 | if form.is_valid(): |
| 165 | # If disabling password-based authentication was requested |
| 166 | # (via the form field `usable_password`), the submit action |
| 167 | # must be "unset-password". This check is most relevant when |
| 168 | # the admin user has two submit buttons available (for example |
| 169 | # when Javascript is disabled). |
| 170 | valid_submission = ( |
| 171 | form.cleaned_data["set_usable_password"] |
| 172 | or "unset-password" in request.POST |
| 173 | ) |
| 174 | if not valid_submission: |
| 175 | msg = gettext("Conflicting form data submitted. Please try again.") |
| 176 | messages.error(request, msg) |
| 177 | return HttpResponseRedirect(request.get_full_path()) |
| 178 | |
| 179 | user = form.save() |
| 180 | change_message = self.construct_change_message(request, form, None) |
| 181 | self.log_change(request, user, change_message) |
| 182 | if user.has_usable_password(): |
| 183 | msg = gettext("Password changed successfully.") |
| 184 | else: |
| 185 | msg = gettext("Password-based authentication was disabled.") |
| 186 | messages.success(request, msg) |
| 187 | update_session_auth_hash(request, form.user) |
| 188 | return HttpResponseRedirect( |
| 189 | reverse( |
| 190 | "%s:%s_%s_change" |
| 191 | % ( |
| 192 | self.admin_site.name, |
| 193 | user._meta.app_label, |
| 194 | user._meta.model_name, |
| 195 | ), |
| 196 | args=(user.pk,), |
| 197 | ) |
| 198 | ) |
| 199 | else: |
| 200 | form = self.change_password_form(user) |
| 201 | |
| 202 | fieldsets = [(None, {"fields": list(form.base_fields)})] |
| 203 | admin_form = admin.helpers.AdminForm(form, fieldsets, {}) |
| 204 | |
| 205 | if user.has_usable_password(): |
| 206 | title = _("Change password: %s") |
| 207 | else: |