1 files changed, 55 insertions, 9 deletions
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 0a52240631..e503f87caa 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -1,13 +1,15 @@
+from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AuthenticationForm
-from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm, AdminPasswordChangeForm
+from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm, AdminPasswordChangeForm
+from django.contrib.auth.tokens import default_token_generator
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import render_to_response, get_object_or_404
 from django.contrib.sites.models import Site, RequestSite
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, Http404
 from django.template import RequestContext
-from django.utils.http import urlquote
+from django.utils.http import urlquote, base36_to_int
 from django.utils.html import escape
 from django.utils.translation import ugettext as _
 from django.contrib.auth.models import User
@@ -65,19 +67,29 @@ def redirect_to_login(next, login_url=None, redirect_field_name=REDIRECT_FIELD_N
         login_url = settings.LOGIN_URL
     return HttpResponseRedirect('%s?%s=%s' % (login_url, urlquote(redirect_field_name), urlquote(next)))
 
+# 4 views for password reset:
+# - password_reset sends the mail
+# - password_reset_done shows a success message for the above
+# - password_reset_confirm checks the link the user clicked and 
+#   prompts for a new password
+# - password_reset_complete shows a success message for the above
+
 def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',
         email_template_name='registration/password_reset_email.html',
-        password_reset_form=PasswordResetForm):
+        password_reset_form=PasswordResetForm, token_generator=default_token_generator):
     if request.method == "POST":
         form = password_reset_form(request.POST)
         if form.is_valid():
+            opts = {}
+            opts['use_https'] = request.is_secure()
+            opts['token_generator'] = token_generator
             if is_admin_site:
-                form.save(domain_override=request.META['HTTP_HOST'])
+                opts['domain_override'] = request.META['HTTP_HOST']
             else:
-                if Site._meta.installed:
-                    form.save(email_template_name=email_template_name)
-                else:
-                    form.save(domain_override=RequestSite(request).domain, email_template_name=email_template_name)
+                opts['email_template_name'] = email_template_name
+                if not Site._meta.installed:
+                    opts['domain_override'] = RequestSite(request).domain
+            form.save(**opts)
             return HttpResponseRedirect('%sdone/' % request.path)
     else:
         form = password_reset_form()
@@ -88,6 +100,40 @@ def password_reset(request, is_admin_site=False, template_name='registration/pas
 def password_reset_done(request, template_name='registration/password_reset_done.html'):
     return render_to_response(template_name, context_instance=RequestContext(request))
 
+def password_reset_confirm(request, uidb36=None, token=None, template_name='registration/password_reset_confirm.html',
+                           token_generator=default_token_generator, set_password_form=SetPasswordForm):
+    """
+    View that checks the hash in a password reset link and presents a
+    form for entering a new password.
+    """
+    assert uidb36 is not None and token is not None # checked by URLconf
+    try:
+        uid_int = base36_to_int(uidb36)
+    except ValueError:
+        raise Http404
+
+    user = get_object_or_404(User, id=uid_int)
+    context_instance = RequestContext(request)
+
+    if token_generator.check_token(user, token):
+        context_instance['validlink'] = True
+        if request.method == 'POST':
+            form = set_password_form(user, request.POST)
+            if form.is_valid():
+                form.save()
+                return HttpResponseRedirect("../done/")
+        else:
+            form = set_password_form(None)
+    else:
+        context_instance['validlink'] = False
+        form = None
+    context_instance['form'] = form    
+    return render_to_response(template_name, context_instance=context_instance)
+
+def password_reset_complete(request, template_name='registration/password_reset_complete.html'):
+    return render_to_response(template_name, context_instance=RequestContext(request,
+                                                                             {'login_url': settings.LOGIN_URL}))
+
 def password_change(request, template_name='registration/password_change_form.html'):
     if request.method == "POST":
         form = PasswordChangeForm(request.user, request.POST)