def change_email(request):
if "sent" in request.session:
ctx = {"email": request.session.pop("sent")}
return render(request, "accounts/change_email_instructions.html", ctx)
if request.method == "POST":
form = forms.ChangeEmailForm(request.POST)
if form.is_valid():
# The user has entered a valid-looking new email address.
# Send a special login link to the new address. When the user
# clicks the special login link, hc.accounts.views.change_email_verify
# unpacks the payload, and passes it to hc.accounts.views.check_token,
# which finally updates user's email address.
email = form.cleaned_data["email"]
request.profile.send_change_email_link(email)
request.session["sent"] = email
response = redirect(reverse("hc-change-email"))
# check_token looks for this cookie to decide if
# it needs to do the extra POST step.
response.set_cookie("auto-login", "1", max_age=900, httponly=True)
return response
else:
form = forms.ChangeEmailForm()
return render(request, "accounts/change_email.html", {"form": form})
def change_email(request):
if request.method == "POST":
form = forms.ChangeEmailForm(request.POST)
if form.is_valid():
request.user.email = form.cleaned_data["email"]
request.user.set_unusable_password()
request.user.save()
request.profile.token = ""
request.profile.save()
return redirect("hc-change-email-done")
else:
form = forms.ChangeEmailForm()
return render(request, "accounts/change_email.html", {"form": form})