set password view redirecting to change password view

pennersr / django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

https://allauth.org

MIT License

9.37k stars 3.01k forks source link

set password view redirecting to change password view #2195

Closed realsama closed 8 months ago

realsama commented 5 years ago

I set the redirect url of AccountAdapter to this

def get_login_redirect_url(self, request):
        user_ = get_object_or_None(User, email=request.user )

        if user_.has_usable_password():
            pass
        else:
            url = '/accounts/password/set/'
        return resolve_url(url)

But upon setting the password, it redirects the user to the password change view.

iarp commented 5 years ago

The password set view is hard coded to redirect if the user has a usable password as the user is meant to be confirming the current password before they can change it: https://github.com/pennersr/django-allauth/blob/master/allauth/account/views.py#L598

realsama commented 5 years ago

Sorry but i don't get you, why would the user need to change or reset his password when he just set it some few seconds ago.

iarp commented 5 years ago

Oh yea, sorry I misread. It is currently hard coded to basically send them there.

realsama commented 5 years ago

Alright. But is this behavior intentional or or some kind of bug, and how can it be fixed

seancallaway commented 4 years ago

@shepherd1530 To solve this problem, I inherited from PasswordChangeView, like this:

from allauth.account.views import PasswordChangeView as allauth_PasswordChangeView
from django.urls import reverse_lazy

class PasswordChangeView(allauth_PasswordChangeView):
    success_url = reverse_lazy('home')

Then, in my urls.py, I added the following line:

    path('accounts/password/change/', PasswordChangeView.as_view(), name="account_change_password"),

Hope this helps!

arsenico13 commented 4 years ago

Yeah, a did the same thing as @seancallaway and came here to see if someone else found it strange... I was wondering if this behavior is intentional... well, I guess I'll stick with this "patch" for now :)

MaxwellCanton commented 4 years ago

im having the same issue, im trying to override 'account_change_password' but when the user write a wrong password it redirects to 'account_set_password', how can i solve this? and show the message "Please type your current password." in the form overrided (in the same template)

s-paquette commented 3 years ago

Same problem here--after setting a password they didn't have previously (eg. social account being disconnected), the dispatch sees a usable password and immediately sends them to change it. This doesn't make a lot of sense; if they've just set one, why would they immediately change it?

derek-adair commented 1 year ago

For everyone in this thread I am doing some issue triage for @pennersr.

Ok! The view here is indeed hardcoded to redirect if the user has a password that is usable. I agree that this is an odd UX.

This line is the issue. Ideally this view should take / read the next parameter. The next best thing would be to probably redirect to LOGIN_REDIRECT_URL.

pennersr commented 8 months ago

See here for rationale: https://github.com/pennersr/django-allauth/pull/3428#issuecomment-1857935893

See https://github.com/pennersr/django-allauth/commit/088a4f1a7b9c50331b8ef4d1a03d85294eec0426 -- that introduces a get_password_change_redirect_url() adapter method. Opting for this so that projects are free to do whatever they see fit.