feat: implement password setup link for tenant registration

When admin approves tenant registration: - Owner account created in tenant schema (in addition to admin@localhost) - Owner assigned 'owner' role with full permissions - Password setup email sent with secure 7-day token link - Owner sets password via link and auto-logs into their shop Key changes: - Added password_setup_token fields to TenantRegistration model - Created tenants/services.py with formatted email service - Modified _approve_registration to create owner account - Added password_setup_confirm view with token validation - Created password setup template and URL route - Added admin action to resend password setup emails Security: - Token expires after 7 days - Password not transmitted in email (secure setup link) - Owner account inactive until password set - Admin@localhost preserved for system administrator access 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-01 22:08:18 +03:00
parent 0ce854644e
commit fb4bcf37ec
7 changed files with 348 additions and 2 deletions
--- a/myproject/accounts/templates/accounts/password_setup_confirm.html
+++ b/myproject/accounts/templates/accounts/password_setup_confirm.html
@@ -0,0 +1,56 @@
+{% extends 'base.html' %}
+
+{% block title %}Установка пароля{% endblock %}
+
+{% block content %}
+<div class="container">
+    <div class="form-container">
+        <h2 class="text-center mb-4">Установка пароля</h2>
+
+        <!-- Приветственное сообщение -->
+        <div class="alert alert-info">
+            <strong>Добро пожаловать!</strong> Ваш магазин <strong>{{ tenant.name }}</strong> активирован.
+            <br>Установите пароль для входа в систему.
+        </div>
+
+        <div class="tab-content">
+            <div class="tab-pane fade show active" id="setup-password">
+                <form method="post">
+                    {% csrf_token %}
+                    {% include 'accounts/password_input.html' with field_name='password1' field_label='Пароль' required=True %}
+                    {% include 'accounts/password_input.html' with field_name='password2' field_label='Подтверждение пароля' required=True %}
+                    <button type="submit" class="btn btn-primary w-100">Установить пароль и войти</button>
+                </form>
+
+                <!-- Информация -->
+                <div class="text-center mt-3">
+                    <small class="text-muted">
+                        После установки пароля вы автоматически войдете в свой магазин.
+                    </small>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script>
+// Добавляем обработчик для показа/скрытия пароля
+document.querySelectorAll('.show-password-btn').forEach(button => {
+    button.addEventListener('click', function() {
+        const targetId = this.getAttribute('data-target');
+        const targetInput = document.getElementById(targetId);
+        const icon = this.querySelector('i');
+
+        if (targetInput.type === 'password') {
+            targetInput.type = 'text';
+            icon.classList.remove('bi-eye');
+            icon.classList.add('bi-eye-slash');
+        } else {
+            targetInput.type = 'password';
+            icon.classList.remove('bi-eye-slash');
+            icon.classList.add('bi-eye');
+        }
+    });
+});
+</script>
+{% endblock %}
--- a/myproject/accounts/urls.py
+++ b/myproject/accounts/urls.py
@@ -12,4 +12,5 @@ urlpatterns = [
    path('confirm/<uuid:token>/', views.confirm_email, name='confirm_email'),
    path('password-reset/', views.password_reset_request, name='password_reset'),
    path('password-reset/<uuid:token>/', views.password_reset_confirm, name='password_reset_confirm'),
+    path('setup-password/<uuid:token>/', views.password_setup_confirm, name='password_setup'),
 ]
--- a/myproject/accounts/views.py
+++ b/myproject/accounts/views.py
@@ -198,4 +198,91 @@ def password_reset_confirm(request, token):
            messages.error(request, 'Пароли не совпадают.')
    
    # Отображаем форму смены пароля
-    return render(request, 'accounts/password_reset_confirm.html', {'user': user})
+    return render(request, 'accounts/password_reset_confirm.html', {'user': user})
+
+
+def password_setup_confirm(request, token):
+    """
+    Позволить владельцу тенанта установить начальный пароль после одобрения регистрации.
+    Похоже на сброс пароля, но для новых аккаунтов.
+    """
+    from tenants.models import TenantRegistration
+    from datetime import timedelta
+    from django.utils import timezone
+
+    # Найти регистрацию по токену
+    try:
+        registration = TenantRegistration.objects.get(
+            password_setup_token=token,
+            status=TenantRegistration.STATUS_APPROVED
+        )
+    except TenantRegistration.DoesNotExist:
+        messages.error(request, 'Ссылка для настройки пароля недействительна.')
+        return redirect('index')
+
+    # Проверить истечение токена (7 дней)
+    if registration.password_setup_token_created_at:
+        expires_at = registration.password_setup_token_created_at + timedelta(days=7)
+        if timezone.now() > expires_at:
+            messages.error(
+                request,
+                'Ссылка для настройки пароля истекла. Пожалуйста, свяжитесь с поддержкой.'
+            )
+            return redirect('index')
+
+    # Получить тенант и пользователя-владельца
+    from django.db import connection
+    tenant = registration.tenant
+    if not tenant:
+        messages.error(request, 'Тенант не найден.')
+        return redirect('index')
+
+    # Переключиться на схему тенанта чтобы найти владельца
+    connection.set_tenant(tenant)
+    try:
+        User = get_user_model()
+        owner = User.objects.get(email=registration.owner_email)
+    except User.DoesNotExist:
+        connection.set_schema_to_public()
+        messages.error(request, 'Пользователь не найден.')
+        return redirect('index')
+
+    # Обработать POST - установить пароль
+    if request.method == 'POST':
+        password1 = request.POST.get('password1')
+        password2 = request.POST.get('password2')
+
+        if password1 and password2 and password1 == password2:
+            # Установить пароль и активировать аккаунт
+            owner.set_password(password1)
+            owner.is_active = True
+            owner.save()
+
+            # Очистить токен
+            connection.set_schema_to_public()
+            registration.password_setup_token = None
+            registration.password_setup_token_created_at = None
+            registration.save()
+
+            # Автоматический вход
+            connection.set_tenant(tenant)
+            login(request, owner, backend='django.contrib.auth.backends.ModelBackend')
+
+            messages.success(
+                request,
+                f'Пароль успешно установлен! Добро пожаловать в {tenant.name}!'
+            )
+
+            # Перенаправить на домен тенанта
+            tenant_url = f'http://{tenant.schema_name}.localhost:8000/'
+            return redirect(tenant_url)
+        else:
+            messages.error(request, 'Пароли не совпадают.')
+
+    connection.set_schema_to_public()
+
+    # Отрисовать форму установки пароля
+    return render(request, 'accounts/password_setup_confirm.html', {
+        'registration': registration,
+        'tenant': tenant
+    })