Reset password after first successful login

Question

I am building an web application using existing Auth features in Django where admin create user profile with username and password. Admin created user name and password will be given to user to login. So for security reasons I need to ask user to reset password (given by admin) after user's first successful login. To reset password, I will be displaying template where user should be entering only new password and new password again for confirmation. This new password will be updated in sqlite database.

So whenever admin changes the users password. I need to ask users to reset password after first successful login.

Here are the implementation I have done.

models.py: Here I set boolean flag profile.force_password_change to TRUE when new user created. But profile.force_password_change is not setting to TRUE whenever existing user password changed or new user created.

middleware.py : Whenever force_password_change set to TRUE, then I use middle-ware to redirect to change password view.

 I have written below code to set profile.force_password_change to TRUE whenever new user is created or user password is changed by admin. class UserProfile(models.Model): user = models.ForeignKey(User, unique=True) force_password_change = models.BooleanField(default=False) def create_user_profile_signal(sender, instance, created, **kwargs): if created: UserProfile.objects.create(user=instance) pass def password_change_signal(sender, instance, **kwargs): try: user = User.objects.get(username=instance.username) if not user.password == instance.password: profile = user.get_profile() profile.force_password_change = True profile.save() except User.DoesNotExist: pass signals.pre_save.connect(password_change_signal, sender=User, dispatch_uid='dau_gui_app.models') signals.post_save.connect(create_user_profile_signal, sender=User, dispatch_uid='dau_gui_app.models')

 class PasswordChangeMiddleware: def process_request(self, request): if request.user.is_authenticated() and re.match(r'^/status/?', request.path) and not re.match( r'^/change_password/?', request.path): profile = request.user.get_profile() if not profile.force_password_change: return HttpResponseRedirect(views.change_password_view) # return HttpResponseRedirect('/admin/password_change/')

Settings.py : 1. I enabled AUTH_PROFILE_MODULE = 'dau_gui_app.UserProfile' 2. MIDDLEWARE_CLASSES = ( 'django_session_timeout.middleware.PasswordChangeMiddleware', )

The problem I am facing here is I am unable to set the flag "profile.force_password_change = True" when new user logged in for the first time. Also "return HttpResponseRedirect(views.change_password_view)" is not redirecting when there is a change in password or after first succcessful login.

Please help me

Answer 1

why not set the default value of force_password_change to True and then change to False, after the password is changed?

 class UserProfile(models.Model): user = models.ForeignKey(User, unique=True) force_password_change = models.BooleanField(default=True) class PasswordChangeMiddleware: if request.user.is_authenticated() and re.match(r'^/status/?', request.path) and not re.match(r'^/change_password/?', request.path): profile = request.user.get_profile() if profile.force_password_change: profile.force_password_change = False profile.save() return HttpResponseRedirect(redirect_url) #pass redirect url instead of view function name

Note: Remember to migrate!

Also if you need any help, please do refer to some of my projects on GitHub. Ex. https://github.com/manojbalaji1/En-kart