===============================================================================
from django.db.models import signals
from django.dispatch import dispatcher
def update(sender, instance, signal, *args, **kwargs):
user_obj = instance
...
user_obj.message_set.create(message="Updated!")
dispatcher.connect(update, signal=signals.post_save, sender=User)
===============================================================================
But my function 'update' is not only called if the user password changed.
The problem is, in the User model exists e.g. 'last_login'. So the save method
called every time, the user logged in :(
One idea is this:
===============================================================================
old_passwords = {}
def save_old_pass(sender, instance, signal, *args, **kwargs):
user_obj = instance
old_pass = user_obj.password
old_passwords[user_obj] = old_pass
def update(sender, instance, signal, *args, **kwargs):
user_obj = instance
new_password = user_obj.password
if user_obj in old_passwords and old_passwords[user_obj] == new_password:
# Nothing to change
return
...
user_obj.message_set.create(message="Updated!")
from django.db.models import signals
from django.dispatch import dispatcher
dispatcher.connect(save_old_pass, signal=signals.post_init, sender=User)
dispatcher.connect(update, signal=signals.post_save, sender=User)
===============================================================================
This works, but save_old_pass() would be often called, if the user is logged in.
So it's not a really good idea.
Any better ideas?
--
Mfg.
Jens Diemer
----
A django powered CMS: http://www.pylucid.org
It's also not a good idea to end up caching all your users' passwords
in the old_passwords dictionary like that.
>
> Any better ideas?
Create a custom view to allow your users to change just their
password. In that view, you will be able to tell in a straightforward
fashion if the user has changed her password and take action
accordingly.
>
> Any better ideas?
You could also use the pre_save signal in your first solution (instead
of post_save). That will give you the new password before it's saved
to the DB. So, you can pull up that user's DB User object and compare
the two passwords. Of course, and send a message to the user. Of
course, your message may be misleading if the subsequent save of the
current instance actually fails for any reason.
Yes. That would work fine.
Now, i realized that i need the raw_password for my things. With signals i can
only get the hashed password, not the raw plaintext password.
On the other side, wit signals i can catch every changes from every views. So i
must build my own views and the user can used the default django views to change
his password.
Is there is an other way to trigger a django user password change and get the
raw password???
I found a simple way to trigger a user password change. I hacked directly into
the django.contrib.auth.models.User.set_password() method.
It looks like this:
===============================================================================
from django.contrib.auth.models import User
# Save the original method
old_set_password = User.set_password
def set_password(user, raw_password):
if user.id == None:
# It's a new user. We must save the django user account first.
user.save()
#
# Do something with the user obejct and the given raw_password ;)
#
# Use the original method to set the django User password:
old_set_password(user, raw_password)
# Replace the method
User.set_password = set_password
===============================================================================
So every normal password change (e.g. from the django admin panel) are caught
and i can access to the raw plaintext password.
I added a snippets here: http://www.djangosnippets.org/snippets/397/