v^?@sddlZddlmZddlmZmZmZddlmZm Z ddl m Z ddl m Z ddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZmZeZddZGdddej Z!Gdddej"Z#Gdddej$Z%Gdddej&Z'Gdddej&Z(Gdddej)Z*Gdddej)Z+Gdddej)Z,Gd d!d!e,Z-Gd"d#d#ej)Z.dS)$N)forms) authenticateget_user_modelpassword_validation)UNUSABLE_PASSWORD_PREFIXidentify_hasher)User)default_token_generator)get_current_site)EmailMultiAlternatives)loader) force_bytes)urlsafe_base64_encode)capfirst)gettext gettext_lazycCs.tjd|jtjd|jkS)z Perform case-insensitive comparison of two identifiers, using the recommended algorithm from Unicode Technical Report 36, section 2.11.2(B)(2). NFKC) unicodedata normalizecasefold)s1s2r;/tmp/pip-build-8lau8j11/django/django/contrib/auth/forms.py_unicode_ci_comparesrcs.eZdZdZdZfddZS)ReadOnlyPasswordHashWidgetz)auth/widgets/read_only_password_hash.htmlTc stj|||}g}| s4|jtrP|jdtdinyt|}Wn+tk r|jdtdiYnFXxB|j|j D]+\}}|jdt|d|iqW||d<|S)NlabelzNo password set.z5Invalid password format or unknown hashing algorithm.valuesummary) super get_context startswithrappendrr ValueErrorZ safe_summaryitems) selfnamerattrscontextrZhasherkeyZvalue_) __class__rrr $s "# z&ReadOnlyPasswordHashWidget.get_context)__name__ __module__ __qualname__Z template_nameZ read_onlyr rr)r*rr s rcs@eZdZeZfddZddZddZS)ReadOnlyPasswordHashFieldcs'|jddtj||dS)NrequiredF) setdefaultr__init__)r%argskwargs)r*rrr18sz"ReadOnlyPasswordHashField.__init__cCs|S)Nr)r%datainitialrrr bound_data<sz$ReadOnlyPasswordHashField.bound_datacCsdS)NFr)r%r5r4rrr has_changedAsz%ReadOnlyPasswordHashField.has_changed)r+r,r-rwidgetr1r6r7rr)r*rr.5s  r.cs4eZdZfddZfddZS) UsernameFieldcstjdtj|S)Nr)rrr to_python)r%r)r*rrr:FszUsernameField.to_pythoncs"tj|ddddiS)NZautocapitalizenone autocompleteusername)r widget_attrs)r%r8)r*rrr>IszUsernameField.widget_attrs)r+r,r-r:r>rr)r*rr9Es r9c seZdZdZdediZejdeddddejd d d id e j Z ejded dejd d d iddd edZ GdddZ fddZddZfddZdfddZS)UserCreationFormzc A form that creates a user, with no privileges, from the given username and password. password_mismatchu'The two password fields didn’t match.rPasswordstripFr8r'r<z new-password help_textzPassword confirmationz4Enter the same password as before, for verification.c@s(eZdZeZdZdeiZdS)zUserCreationForm.Metar=N)zusername)r+r,r-rmodelfieldsr9 field_classesrrrrMetafs rGcsOtj|||jjj|jkrKd|j|jjjjjdthis form.c@s(eZdZeZdZdeiZdS)zUserChangeForm.Meta__all__r=N)r+r,r-rrDrEr9rFrrrrrGs rGcsqtj|||jjd}|r@|jjd|_|jjd}|rm|jjd|_dS)NrVz ../password/user_permissions content_type)rr1rErOrCformatZquerysetZselect_related)r%r2r3rVrc)r*rrr1szUserChangeForm.__init__cCs|jjdS)NrV)r5rO)r%rrrclean_passwordszUserChangeForm.clean_password) r+r,r-r.r]rVrGr1rfrr)r*rras    rac seZdZdZedejdddiZejde ddd dej dd d iZ d e d de diZ dfddZ ddZddZddZddZS)AuthenticationFormzs Base class for authenticating users. Extend this to get a form that accepts username/password logins. r8r'rHTrrArBFr<zcurrent-password invalid_loginz^Please enter a correct %(username)s and password. Note that both fields may be case-sensitive.inactivezThis account is inactive.Ncs||_d|_tj||tjjtj|_|jj pLd}||j d_ ||j dj j d<|j dj dkrt|jj|j d_ dS)z The 'request' parameter is set for custom auth use by subclasses. The form data comes in via the standard 'data' kwarg. Nr= maxlength)request user_cacherr1 UserModelrI get_fieldrJusername_field max_lengthrEr8r'rr verbose_name)r%rlr2r3Zusername_max_length)r*rrr1s  zAuthenticationForm.__init__cCs|jjd}|jjd}|dk r|rt|jd|d||_|jdkrr|jn|j|j|jS)Nr=rV)rNrOrrlrmget_invalid_login_errorconfirm_login_allowed)r%r=rVrrrcleanszAuthenticationForm.cleancCs)|js%tj|jddddS)a Controls whether the given User may log in. This is a policy setting, independent of end-user authentication. This default behavior is to allow login by active users, and reject login by inactive users. If the given user cannot log in, this method should raise a ``forms.ValidationError``. If the given user may log in, this method should return None. rirMN) is_activerrPrQ)r%r[rrrrts  z(AuthenticationForm.confirm_login_allowedcCs|jS)N)rm)r%rrrget_userszAuthenticationForm.get_usercCs,tj|jddddd|jjiS)NrhrMparamsr=)rrPrQrprr)r%rrrrss z*AuthenticationForm.get_invalid_login_error)r+r,r-r\r9rZ TextInputr=r^r]r_rVrQr1rurtrwrsrr)r*rrgs !    rgc @seZdZejdeddddejdddiZd d d Zd d Z d ddde d d d d dd Z d S)PasswordResetFormrZEmailrqrjr8r'r<emailNc Cstj||}dj|j}tj||}t||||g} |dk rtj||} | j| d| jdS)zO Send a django.core.mail.EmailMultiAlternatives to `to_email`. Nz text/html)r Zrender_to_stringjoin splitlinesr Zattach_alternativesend) r%subject_template_nameemail_template_namer( from_emailZto_emailhtml_email_template_namesubjectbodyZ email_messageZ html_emailrrr send_mails zPasswordResetForm.send_mailcsHtjtjjdddi}fdd|DS)aGiven an email, return matching user(s) who should receive a reset. This allows subclasses to more easily customize the default policies that prevent inactive users and users with unusable passwords from resetting their password. z %s__iexactrvTc3s9|]/}|jrtt|r|VqdS)N)Zhas_usable_passwordrgetattr).0u)rzemail_field_namerr s z.PasswordResetForm.get_users..)rnget_email_field_nameZ_default_managerfilter)r%rzZ active_usersr)rzrr get_userss    zPasswordResetForm.get_usersz'registration/password_reset_subject.txtz®istration/password_reset_email.htmlFc Cs|jd} tj} x|j| D]} |sVt|} | j}| j}n |}}t| | }d|d|d|dtt | j d| d|j | d|rdnd i| pi}|j |||||d |q)Wd S) zf Generate a one-use only link for resetting password and send it to the user. rzdomain site_nameuidr[tokenprotocolhttpshttprN) rNrnrrr r&rrrr pkZ make_tokenr)r%Zdomain_overriderrZ use_httpsZtoken_generatorrrlrZextra_email_contextrzrr[Z current_siterrZ user_emailr(rrrrY$s(       zPasswordResetForm.save) r+r,r-rZ EmailFieldr]Z EmailInputrzrrr rYrrrrrys     ryc seZdZdZdediZejdeddejddd id d d e j Z ejded d d dejddd iZ fddZ ddZdddZS)SetPasswordFormza A form that lets a user change set their password without entering the old password r@u'The two password fields didn’t match.rz New passwordr8r'r<z new-passwordrBFrCzNew password confirmationcs ||_tj||dS)N)r[rr1)r%r[r2r3)r*rrr1\s zSetPasswordForm.__init__cCso|jjd}|jjd}|rX|rX||krXtj|jdddtj||j|S)N new_password1 new_password2r@rM)rNrOrrPrQrrTr[)r%rKrLrrrclean_new_password2`s    z#SetPasswordForm.clean_new_password2TcCs7|jd}|jj||r0|jj|jS)Nr)rNr[rZrY)r%rXrVrrrrYls   zSetPasswordForm.save)r+r,r-r\r]rQrr^r_rr`rrr1rrYrr)r*rrHs      rc @seZdZdZejdediZejdeddddej d d d d d iZ dddgZ ddZ dS)PasswordChangeFormz[ A form that lets a user change their password by entering their old password. password_incorrectzAYour old password was entered incorrectly. Please enter it again.rz Old passwordrBFr8r'r<zcurrent-passwordrHT old_passwordrrcCs?|jd}|jj|s;tj|jddd|S)zB Validate that the old_password field is correct. rrrM)rNr[Zcheck_passwordrrPrQ)r%rrrrclean_old_passwords    z%PasswordChangeForm.clean_old_passwordN) r+r,r-r\rrQr]rr^r_rZ field_orderrrrrrrts   !rc seZdZdZdediZdZejdeddej dd d d d id dde j Z ejdeddej dd d id ddedZ fddZddZd ddZefddZS)AdminPasswordChangeFormzN A form used to change the password of a user in the admin interface. r@u'The two password fields didn’t match.r/rrAr8r'r<z new-passwordrHTrBFrCzPassword (again)z4Enter the same password as before, for verification.cs ||_tj||dS)N)r[rr1)r%r[r2r3)r*rrr1s z AdminPasswordChangeForm.__init__cCso|jjd}|jjd}|rX|rX||krXtj|jdddtj||j|S)NrKrLr@rM)rNrOrrPrQrrTr[)r%rKrLrrrrRs    z'AdminPasswordChangeForm.clean_password2cCs7|jd}|jj||r0|jj|jS)zSave the new password.rK)rNr[rZrY)r%rXrVrrrrYs   zAdminPasswordChangeForm.savecs7tj}x!|jD]}||krgSqWdgS)NrV)r changed_datarE)r%r4r&)r*rrrs   z$AdminPasswordChangeForm.changed_data)r+r,r-r\r]rQZrequired_css_classrr^r_rr`rKrLr1rRrYpropertyrrr)r*rrs"      r)/rZdjangorZdjango.contrib.authrrrZdjango.contrib.auth.hashersrrZdjango.contrib.auth.modelsrZdjango.contrib.auth.tokensr Zdjango.contrib.sites.shortcutsr Zdjango.core.mailr Zdjango.templater Zdjango.utils.encodingr Zdjango.utils.httprZdjango.utils.textrZdjango.utils.translationrrr]rnrZWidgetrZFieldr.r^r9Z ModelFormr?raZFormrgryrrrrrrrs0    <NN,