Eatyourpeas/expand-user-logs-improve-password-reset

[eatyourpeas]

Overview

A bigger PR that expected as picked up some small useabilities/problems in existing user password reset work flow. Brief was to add fields to the User logs:

• Password reset link sent
• Password reset
• Set up 2FA
• Date user is created and who created them In the process it was found that the password_last_reset field in the Epilepsy12User model was actually being reset when the reset password token email was sent, not when the password was actually reset. Other fixes here therefore addressed this

Steps included:

Password reset link sent and Password reset

1. Override the django PasswordResetConfirmView, PasswordResetCompleteView to check email exists in database - show message user does not exist if fails
2. If user exists, store email in session and update VisitActivity to show password reset email sent
3. On password reset complete, update VisitActivity model using email from session to set password_last_reset field to now, and update VisitActivity

Set up 2FA

1. Use signal from 2FA dependency to update VisitActivity on first successful login with a token

Date user is created and who created them

1. Adding new fields to the VisitActivity model
2. adding updated_by, created_by, updated_at, created_at to Epilepsy12User model: Note this adds a migration which will require default values of timezone.now() for all users on first run
3. Creating a custom user middleware in a new middleware.py
4. @receiver pre_save and post_save in signals.py to store create and update dates to the Epilepsy12User model in VisitActivity

Then updates the log_table.html template to show new user fields

Related Issues

closes #892