#125 make password auth unusable, override add user admin form

USEPA · Mar 7, 2023 · 9bc7720 · 9bc7720
1 parent 56a45ce
commit 9bc7720
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 1 deletion.
diff --git a/accounts/admin.py b/accounts/admin.py
@@ -1,6 +1,7 @@
 from django.conf import settings
 from django.contrib import admin
 from django.contrib.contenttypes.admin import GenericTabularInline
+from django.contrib.auth.forms import UserCreationForm
 from django.forms import ModelForm
 from django.contrib.auth.admin import UserAdmin, GroupAdmin
 from django.shortcuts import get_object_or_404, redirect
@@ -19,7 +20,6 @@
 # make admin panel show full name and portal of currently logged in user
 User.get_short_name = lambda user_instance: f"{user_instance.first_name} {user_instance.last_name} ({user_instance.agol_info.portal if hasattr(user_instance, 'agol_info') else None})"
 
-
 @admin.register(AGOL)
 class AGOLAdmin(admin.ModelAdmin):
     fields = ['portal_name', 'portal_url', 'user']
@@ -112,6 +112,51 @@ def has_delete_permission(self, request, obj=None):
         return False
 
 
+class UserCreateForm(UserCreationForm):
+
+    def __init__(self, *args, **kwargs):
+        super(UserCreationForm, self).__init__(*args, **kwargs)
+        self.fields['password1'].required = False
+        self.fields['password2'].required = False
+
+    # def clean_password2(self):
+    #     return None
+    def save(self, commit=True):
+        user = super().save(commit=False)
+        user.set_unusable_password()
+        if commit:
+            user.save()
+        return user
+
+    class Meta:
+        model = User
+        fields = ['username']
+
+
+class UserAdmin(AGOLUserAdmin):
+    add_form = UserCreateForm
+    add_fieldsets = (
+        (None, {
+            'classes': ('wide',),
+            'fields': ('username',),
+        }),
+    )
+    fieldsets = (
+        (None, {'fields': ('username',)}),
+        ('Personal info', {'fields': ('first_name', 'last_name', 'email')}),
+        ('Permissions', {
+            'fields': ('is_active', 'is_staff', 'is_superuser', 'groups', 'user_permissions'),
+        }),
+        ('Important dates', {'fields': ('last_login', 'date_joined')}),
+    )
+
+
+# only do this if explicit in settings
+if getattr(settings, 'DISABLE_PASSWORD_AUTH', False):
+    admin.site.unregister(User)
+    admin.site.register(User, UserAdmin)
+
+
 class PendingNotificationInline(GenericTabularInline):
     model = Notification
     fields = ['to_emails', 'subject', 'sent']

diff --git a/templates/admin/auth/user/add_form.html b/templates/admin/auth/user/add_form.html
@@ -0,0 +1,10 @@
+{% extends "admin/change_form.html" %}
+{% load i18n %}
+
+{% block form_top %}
+  {% if not is_popup %}
+    <p>{% trans "First, enter a username. Then, you'll be able to edit more user options." %}</p>
+  {% else %}
+    <p>{% trans "Enter a username." %}</p>
+  {% endif %}
+{% endblock %}