def post(self, request, *args, **kwargs):
template = loader.get_template('session_manager/default.html')
context = {}
form = LoginEmailForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_username(request.POST['email'])
UserToken.clean(
token_type='reset',
user=user
)
reset_token = UserToken(
token_type='reset',
user=user
)
reset_token._generate_token()
reset_token.save()
mailer = SessionManagerEmailer()
mailer.send_password_reset_link(reset_token)
messages.success(
request,
'A password reset link was sent to {}. You have 48 hours to use it.'.format(reset_token.user.email)
)
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
else:
messages.error(request, 'Could not validate request.')
return HttpResponse(template.render(context, request))
def post(self, request, *args, **kwargs):
context = {}
form = RegistrationLinkForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_username(request.POST['email'])
UserToken.clean(
token_type='registration',
user=user
)
registration_token = UserToken(
token_type='registration',
user=user
)
registration_token._generate_token()
registration_token.save()
mailer = SessionManagerEmailer()
mailer.send_app_registration_link(user, registration_token)
messages.success(
request,
'A registration link was sent to {}. Use the provided link to complete registration.'.format(registration_token.user.email)
)
template = loader.get_template('session_manager/default.html')
if settings.PREVIEW_EMAILS_IN_APP:
context.update({'show_email': mailer})
return HttpResponse(template.render(context, request))
else:
messages.error(request, 'Could not validate request.')
return redirect(reverse('session_manager_login'))
def clean(self):
super(CreateUserForm, self).clean()
data = self.cleaned_data
errors = []
clean_password = data['password']
pw_errors = _get_password_errors(clean_password)
if pw_errors:
errors.append('Invalid password: <ul>{}</ul>'.format(
''.join(pw_errors)))
clean_username = self.cleaned_data['username']
un_errors = []
if len(clean_username) < 3:
un_errors.append('<li>Must be at least 3 characters.</li>')
un_invalid_char = False
for char in clean_username:
un_invalid_char = not char.isalpha() and not char.isnumeric(
) and char != '_'
if un_invalid_char:
un_errors.append(
'<li>Letters, numbers, and underscores only, please.</li>')
user_exists = SessionManager.get_user_by_username(
username=clean_username)
if user_exists:
un_errors.append(
'<li>A user with this username already exists.</li>')
if un_errors:
errors.append('Invalid username: <ul>{}</ul>'.format(
''.join(un_errors)))
if errors:
raise ValidationError(mark_safe('<br />'.join(errors)))
return data
def post(self, request, *args, **kwargs):
if 'search_term' in request.POST:
form = SearchUsersForm(request.POST)
stage = 1
elif 'confirmed_invitation' in request.POST:
stage = 2
else:
stage = 3
if stage == 1:
django_users = SessionManager.full_search(
request.POST['search_term'])
self.context.update({
'search_result_users': django_users,
'form': InviteUserForm()
})
self.template = loader.get_template(
'teambeat/user-search-confirm-results.html')
return HttpResponse(self.template.render(self.context, request))
elif stage == 2:
django_user = SessionManager.get_user_by_username(
request.POST['email'])
existing_org_user = OrganizationUser.objects.filter(
organization=self.organization, user=django_user).first()
if existing_org_user and existing_org_user.active == True:
messages.error(request,
'This user is already in your organization')
return HttpResponse(self.template.render(
self.context, request))
else:
org_invitation_exists = OrganizationInvitation.objects.filter(
organization=self.organization, user=django_user).first()
if org_invitation_exists:
messages.success(
request,
'{} already has an invitation to the organization.'.
format(org_invitation_exists.display_name))
else:
org_invitation = OrganizationInvitation(
organization=self.organization, user=django_user)
org_invitation.save()
self.organization.send_org_invitation_email(
_to=django_user, _from=self.user)
messages.success(
request, 'Invited {} to organization'.format(
org_invitation.display_name))
if request.session.get('current_team_id'):
return redirect(
reverse('team_admin_dashboard',
kwargs={
'team_uuid':
request.session.get('current_team_id')
}))
return redirect(reverse('organization_admin_dashboard'))
elif stage == 3:
django_user = SessionManager.create_user(
email=request.POST['email'])
org_invitation = OrganizationInvitation(
organization=self.organization, user=django_user)
org_invitation.save()
self.organization.send_app_invitation_email(_to=django_user,
_from=self.user)
messages.success(
request, 'Invited {} to TeamBeat for your organization'.format(
django_user.email))
if request.session.get('current_team_id'):
return redirect(
reverse('team_admin_dashboard',
kwargs={
'team_uuid':
request.session.get('current_team_id')
}))
return redirect(reverse('organization_admin_dashboard'))
self.context['form'] = form
return HttpResponse(self.template.render(self.context, request))
def post(self, request, *args, **kwargs):
# we should only get here if they submitted the form instead of a token in the URL
# standard Django form handling here
if 'password' in request.POST:
form = LoginUserPasswordForm(request.POST)
if form.is_valid():
user = SessionManager.get_user_by_id(request.POST['user_id'])
if SessionManager.check_password(user, request.POST['password']):
login(request, user)
request.session['user_is_authenticated'] = True
# messages.success(request, 'Log in successful.')
if request.session.get('login_redirect_from'):
return redirect(request.session['login_redirect_from'])
return redirect(reverse(settings.LOGIN_SUCCESS_REDIRECT))
else:
messages.error(request, 'Password incorrect.')
else:
messages.error(request, 'Something went wrong. Please correct errors below.')
elif 'send_token' in request.POST:
user = SessionManager.get_user_by_id(request.session['user_id'])
token = UserToken(
user=user,
token_type='login',
)
token.save()
token.send_login_email()
messages.success(
request,
'An email has been sent to {} containing a temporary log in token. It will expire in 24 hours.'.format(user.email)
)
form = LoginUserTokenForm(initial={'user_id': user.pk})
self.context.update({'form_step': 2})
elif 'login_token' in request.POST:
token, token_error_message = UserToken.get_token(
token=request.POST['login_token'],
username=SessionManager.get_user_by_id(request.session['user_id']).username,
token_type='login'
)
if token:
if token.is_valid:
# a valid token/user combination was given, so log in and delete the token
login(request, token.user)
request.session['user_is_authenticated'] = True
request.session['user_id'] = token.user.pk
# messages.success(request, 'Log in successful.')
token.delete()
return redirect(reverse('bogames_landingpage'))
else:
# provided token was found, but it is expired
# clean up the token
token.delete()
messages.error(request, 'Token is expired.')
else:
messages.error(request, 'Token not found. Perhaps you already used it?')
return redirect(reverse('session_manager_login'))
else:
form = LoginUserNameForm(request.POST)
self.context.update({'form_step': 1})
if form.is_valid():
if '@' in request.POST['username_or_email']:
user = SessionManager.get_user_by_email(username=request.POST['username_or_email'])
else:
user = SessionManager.get_user_by_username(username=request.POST['username_or_email'])
if not user:
messages.error(request, error_reason)
self.context.update({
'form': form,
})
messages.error(request, 'Something went wrong. Please correct errors below.')
else:
request.session['user_id'] = user.pk
form = LoginUserPasswordForm(initial={'user_id': user.pk})
self.context.update({'form_step': 2})
self.context.update({
'form': form,
})
return HttpResponse(self.template.render(self.context, request))
def clean(self):
""" Enforces username and password requirements
"""
super(CreateUserForm, self).clean()
data = self.cleaned_data
errors = []
has_alpha = False
has_number = False
has_special = False
clean_password = data['password']
password_errors = []
if len(clean_password) < 8:
password_errors.append('<li>Must be at least 8 characters.</li>')
for char in clean_password:
if char.isalpha():
has_alpha = True
if char.isnumeric():
has_number = True
if char in special_chars:
has_special = True
if not has_alpha:
password_errors.append(
'<li>Must contain at least one letter.</li>')
if not has_number:
password_errors.append(
'<li>Must contain at least one number.</li>')
if not has_special:
password_errors.append(
'<li>Must contain at least one special character ({}).</li>'.
format(', '.join(special_chars)))
if password_errors:
errors.append('Invalid password: <ul>{}</ul>'.format(
''.join(password_errors)))
clean_username = self.cleaned_data['username']
username_errors = []
if len(clean_username) < 3:
username_errors.append('<li>Must be at least 3 characters.</li>')
username_invalid_char = False
for char in clean_username:
username_invalid_char = not char.isalpha() and not char.isnumeric(
) and char != '_'
if username_invalid_char:
username_errors.append(
'<li>Letters, numbers, and underscores only, please.</li>')
user_exists = SessionManager.get_user_by_username(
username=clean_username)
if user_exists:
username_errors.append(
'<li>A user with this username already exists.</li>')
if username_errors:
errors.append('Invalid username: <ul>{}</ul>'.format(
''.join(username_errors)))
if errors:
raise ValidationError(mark_safe('<br />'.join(errors)))
return data