From 22473eb1e4e0e785b6943c99328761e276a2bcb6 Mon Sep 17 00:00:00 2001
From: vasileios <zigras00@gmail.com>
Date: Fri, 27 May 2022 17:28:55 +0200
Subject: [PATCH] [#640] Restrict access to password-change from backend

---
 src/open_inwoner/accounts/views/auth.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/open_inwoner/accounts/views/auth.py b/src/open_inwoner/accounts/views/auth.py
index 618daa4f1e..222620686d 100644
--- a/src/open_inwoner/accounts/views/auth.py
+++ b/src/open_inwoner/accounts/views/auth.py
@@ -1,3 +1,4 @@
+from django.contrib.auth.mixins import UserPassesTestMixin
 from django.contrib.auth.views import (
     PasswordChangeView,
     PasswordResetConfirmView,
@@ -7,10 +8,14 @@
 
 from open_inwoner.utils.views import LogMixin
 
+from ..choices import LoginTypeChoices
 from ..forms import CustomPasswordResetForm
 
 
-class LogPasswordChangeView(LogMixin, PasswordChangeView):
+class LogPasswordChangeView(UserPassesTestMixin, LogMixin, PasswordChangeView):
+    def test_func(self):
+        return self.request.user.login_type == LoginTypeChoices.default
+
     def form_valid(self, form):
         response = super().form_valid(form)