def loginWithSecureStorage(request, user, password): """Django handler to log user in with a secure storage key.""" # Mark user as logged in via django auth login(request, user) # Compute user's secure storage key salt = m.UserInfo.objects.get(user=user).secure_storage_salt request.session['secureStorageKey'] = secureStorage.getEncryptionKey(password, salt)
def loginWithSecureStorage(request, user, password):
"""Django handler to log user in with a secure storage key."""
# Mark user as logged in via django auth
login(request, user)
# Compute user's secure storage key
salt = m.UserInfo.objects.get(user=user).secure_storage_salt
request.session['secureStorageKey'] = secureStorage.getEncryptionKey(
password, salt)
def userSettings(request):
def createUserInfoForm(user):
userInfo = m.UserInfo.objects.get(user=request.user)
return UserInfoForm(initial={
'company': userInfo.company,
'email': user.email,
'name': user.first_name,
'website': userInfo.website,
},
user=request.user)
if request.method == 'GET':
return render(
request, 'settings.tmpl',
dict(userinfo_form=createUserInfoForm(request.user),
password_form=PasswordForm()))
if request.method == 'POST':
action = request.REQUEST.get('action', None)
if action == 'change-pswd':
user = request.user
password_form = PasswordForm(request.REQUEST, user=user)
result = None
errorMsg = None
if password_form.is_valid():
new = password_form.cleaned_data['new']
user.set_password(new)
user.save()
salt = m.UserInfo.objects.get(user=user).secure_storage_salt
request.session[
'secureStorageKey'] = secureStorage.getEncryptionKey(
new, salt)
result = 'success'
else:
if password_form.errors.get('__all__', None):
errorMsg = password_form.errors['__all__'][0]
else:
errorMsg = "There was an error while updating the password."
result = 'error'
return render(
request, 'settings.tmpl',
dict(userinfo_form=createUserInfoForm(request.user),
password_form=password_form,
action=action,
result=result,
errorMsg=errorMsg))
if action == 'update-info':
user = request.user
userinfo_form = UserInfoForm(request.REQUEST, user=user)
result = None
errorMsg = None
if userinfo_form.is_valid():
user.email = userinfo_form.cleaned_data['email']
user.first_name = userinfo_form.cleaned_data['name']
try:
user.save()
except django.db.IntegrityError:
# TODO - error must be handled here.
logging.exception(
'error while changing the email of the user.')
else:
# update the company info.
userinfo = user.userinfo
userinfo.company = userinfo_form.cleaned_data['company']
userinfo.website = userinfo_form.cleaned_data['website']
userinfo.save()
result = 'success'
else:
if userinfo_form.errors.get('__all__', None):
errorMsg = userinfo_form.errors['__all__'][0]
else:
errorMsg = "There was an error while updating the personal information."
result = 'error'
return render(
request, 'settings.tmpl',
dict(userinfo_form=userinfo_form,
password_form=PasswordForm(),
action=action,
result=result,
errorMsg=errorMsg))
return render(request, 'settings.tmpl')
def userSettings(request):
def createUserInfoForm(user):
userInfo = m.UserInfo.objects.get(user=request.user)
return UserInfoForm(
initial={
'company': userInfo.company,
'email': user.email,
'name': user.first_name,
'website': userInfo.website,
},
user=request.user
)
if request.method == 'GET':
return render(request, 'settings.tmpl', dict(
userinfo_form=createUserInfoForm(request.user),
password_form=PasswordForm()
))
if request.method == 'POST':
action = request.REQUEST.get('action', None)
if action == 'change-pswd':
user = request.user
password_form = PasswordForm(request.REQUEST, user = user)
result = None
errorMsg = None
if password_form.is_valid():
new = password_form.cleaned_data['new']
user.set_password(new)
user.save()
salt = m.UserInfo.objects.get(user=user).secure_storage_salt
request.session['secureStorageKey'] = secureStorage.getEncryptionKey(new, salt)
result = 'success'
else:
if password_form.errors.get('__all__', None):
errorMsg = password_form.errors['__all__'][0]
else:
errorMsg = "There was an error while updating the password."
result = 'error'
return render(request, 'settings.tmpl', dict(
userinfo_form = createUserInfoForm(request.user),
password_form = password_form,
action = action,
result = result,
errorMsg = errorMsg
))
if action == 'update-info':
user = request.user
userinfo_form = UserInfoForm(request.REQUEST, user = user)
result = None
errorMsg = None
if userinfo_form.is_valid():
user.email = userinfo_form.cleaned_data['email']
user.first_name = userinfo_form.cleaned_data['name']
try:
user.save()
except django.db.IntegrityError:
# TODO - error must be handled here.
logging.exception('error while changing the email of the user.')
else:
# update the company info.
userinfo = user.userinfo
userinfo.company = userinfo_form.cleaned_data['company']
userinfo.website = userinfo_form.cleaned_data['website']
userinfo.save()
result = 'success'
else:
if userinfo_form.errors.get('__all__', None):
errorMsg = userinfo_form.errors['__all__'][0]
else:
errorMsg = "There was an error while updating the personal information."
result = 'error'
return render(request, 'settings.tmpl', dict(
userinfo_form = userinfo_form,
password_form = PasswordForm(),
action = action,
result = result,
errorMsg = errorMsg
))
return render(request, 'settings.tmpl')
