From 466fab8752fb36bc70ad080ae332a00c765bdd5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Norman=20J=C3=A4ckel?= Date: Thu, 18 Jun 2015 22:39:58 +0200 Subject: [PATCH] Added view to reset user's password. --- openslides/users/views.py | 15 ++++++++++++++- tests/integration/users/test_viewset.py | 15 +++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/openslides/users/views.py b/openslides/users/views.py index bbda24593..2675ed331 100644 --- a/openslides/users/views.py +++ b/openslides/users/views.py @@ -1,10 +1,11 @@ from django.contrib.auth import login as auth_login from django.contrib.auth import logout as auth_logout from django.contrib.auth.forms import AuthenticationForm +from django.utils.translation import ugettext as _ from django.utils.translation import ugettext_lazy from rest_framework import status -from openslides.utils.rest_api import ModelViewSet, Response +from openslides.utils.rest_api import ModelViewSet, Response, detail_route from openslides.utils.views import APIView, PDFView from .models import Group, User @@ -83,6 +84,18 @@ class UserViewSet(ModelViewSet): serializer_class = UserShortSerializer return serializer_class + @detail_route(methods=['post']) + def reset_password(self, request, pk=None): + """ + View to reset the password (using the default password). + """ + if not request.user.has_perm('users.can_manage'): + self.permission_denied(request) + user = self.get_object() + user.set_password(user.default_password) + user.save() + return Response({'detail': _('Password successfully reset.')}) + class GroupViewSet(ModelViewSet): """ diff --git a/tests/integration/users/test_viewset.py b/tests/integration/users/test_viewset.py index 9ab60dd90..265a8fa63 100644 --- a/tests/integration/users/test_viewset.py +++ b/tests/integration/users/test_viewset.py @@ -127,6 +127,21 @@ class UserDelete(TestCase): self.assertFalse(User.objects.filter(username='Test name bo3zieT3iefahng0ahqu').exists()) +class UserResetPassword(TestCase): + """ + Tests resetting users password via REST API by a manager. + """ + def test_reset(self): + admin_client = APIClient() + admin_client.login(username='admin', password='admin') + user = User.objects.create(username='Test name ooMoa4ou4mohn2eo1ree') + user.default_password = 'new_password_Yuuh8OoQueePahngohy3' + user.save() + response = admin_client.post(reverse('user-reset-password', args=[user.pk])) + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertTrue(User.objects.get(pk=user.pk).check_password('new_password_Yuuh8OoQueePahngohy3')) + + class GroupCreate(TestCase): """ Tests creation of groups via REST API.