Merge branch '703-password-change-view-throws-500-if-unauthenticated' into 'master'

Resolve "Password change view throws 500 if unauthenticated"

Closes #703

See merge request !1051

CHANGELOG.rst

@@ -25,6 +25,7 @@ Changed
 Fixed
 ~~~~~~~
 
+* Password change view did not redirect to login when accessed unauthenticated.
 * Sorting icons were inlined into stylesheet
 
 `2.9`_ - 2022-05-25

aleksis/core/tests/regression/test_regression.py

@@ -146,3 +146,14 @@ def test_no_access_oauth2_client_credentials_without_allowed_scopes(client):
     )
     r = client.get(url, HTTP_AUTHORIZATION=auth_header)
     assert r.status_code == 200
+
+
+def test_change_password_not_logged_in(client):
+    """Tests that CustomPasswordChangeView redirects to login when accessed unauthenticated.
+
+    https://edugit.org/AlekSIS/official/AlekSIS-Core/-/issues/703
+    """
+    response = client.get(reverse("account_change_password"), follow=True)
+
+    assert response.status_code == 200
+    assert "Please login to see this page." in response.content.decode("utf-8")

aleksis/core/views.py

@@ -4,6 +4,7 @@ from urllib.parse import urlencode, urlparse, urlunparse
 
 from django.apps import apps
 from django.conf import settings
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import Group as DjangoGroup
 from django.contrib.auth.models import Permission, User
 from django.contrib.contenttypes.models import ContentType
@@ -1359,7 +1360,7 @@ class CeleryProgressView(View):
         return get_progress(request, task_id, *args, **kwargs)
 
 
-class CustomPasswordChangeView(PermissionRequiredMixin, PasswordChangeView):
+class CustomPasswordChangeView(LoginRequiredMixin, PermissionRequiredMixin, PasswordChangeView):
     """Custom password change view to allow to disable changing of password."""
 
     permission_required = "core.can_change_password"