From e1f1f617b6037b97ae235abe869f4c3dea2c4802 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@haufe-lexware.com>
Date: Mon, 11 Mar 2019 11:25:59 +0100
Subject: [PATCH] fix UserChangePasswordView not requiring Login

---
 passbook/core/views/user.py  | 9 ++++++---
 passbook/core/views/utils.py | 4 ++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/passbook/core/views/user.py b/passbook/core/views/user.py
index 894934a6a..0760c2b41 100644
--- a/passbook/core/views/user.py
+++ b/passbook/core/views/user.py
@@ -1,6 +1,7 @@
 """passbook core user views"""
 from django.contrib import messages
 from django.contrib.auth import logout, update_session_auth_hash
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.messages.views import SuccessMessageMixin
 from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
@@ -13,7 +14,7 @@ from passbook.core.forms.users import PasswordChangeForm, UserDetailForm
 from passbook.lib.config import CONFIG
 
 
-class UserSettingsView(SuccessMessageMixin, UpdateView):
+class UserSettingsView(SuccessMessageMixin, LoginRequiredMixin, UpdateView):
     """Update User settings"""
 
     template_name = 'user/settings.html'
@@ -25,7 +26,8 @@ class UserSettingsView(SuccessMessageMixin, UpdateView):
     def get_object(self):
         return self.request.user
 
-class UserDeleteView(DeleteView):
+
+class UserDeleteView(LoginRequiredMixin, DeleteView):
     """Delete user account"""
 
     template_name = 'generic/delete.html'
@@ -38,7 +40,8 @@ class UserDeleteView(DeleteView):
         logout(self.request)
         return reverse('passbook_core:auth-login')
 
-class UserChangePasswordView(FormView):
+
+class UserChangePasswordView(LoginRequiredMixin, FormView):
     """View for users to update their password"""
 
     form_class = PasswordChangeForm
diff --git a/passbook/core/views/utils.py b/passbook/core/views/utils.py
index a0f1d38d5..f1dc747a7 100644
--- a/passbook/core/views/utils.py
+++ b/passbook/core/views/utils.py
@@ -1,5 +1,5 @@
 """passbook core utils view"""
-
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.utils.translation import ugettext as _
 from django.views.generic import TemplateView
 
@@ -21,7 +21,7 @@ class LoadingView(TemplateView):
         kwargs['target_url'] = self.get_url()
         return super().get_context_data(**kwargs)
 
-class PermissionDeniedView(TemplateView):
+class PermissionDeniedView(LoginRequiredMixin, TemplateView):
     """Generic Permission denied view"""
 
     template_name = 'login/denied.html'