def password_upsell(request):
# safety check - users who already have passwords can't use this flow
if request.user.has_usable_password() and request.method == 'GET':
msg = _('Password Already Set')
messages.info(request, msg)
return HttpResponseRedirect(reverse_lazy('dashboard'))
form = SetPWForm()
if request.method == 'POST':
form = SetPWForm(data=request.POST)
if form.is_valid():
pw = form.cleaned_data['password']
user = request.user
user.set_password(pw)
user.save()
msg = _('Password Set')
messages.success(request, msg)
# (Re)login the user, since setting password logs them out
user = authenticate(email=user.email, password=pw)
login(request, user)
return HttpResponseRedirect(reverse_lazy('dashboard'))
return {'form': form}
def password_upsell(request):
# safety check - users who already have passwords can't use this flow
if request.user.has_usable_password() and request.method == 'GET':
msg = _('Password Already Set')
messages.info(request, msg)
return HttpResponseRedirect(reverse_lazy('dashboard'))
form = SetPWForm()
if request.method == 'POST':
form = SetPWForm(data=request.POST)
if form.is_valid():
pw = form.cleaned_data['password']
user = request.user
user.set_password(pw)
user.save()
msg = _('Password Set')
messages.success(request, msg)
# (Re)login the user, since setting password logs them out
user = authenticate(email=user.email, password=pw)
login(request, user)
return HttpResponseRedirect(reverse_lazy('dashboard'))
return {
'form': form,
'is_input_page': True,
}
def reset_pw(request, verif_code):
'''
Page you arrive on after clicking a link to (re)set your password
'''
sent_email = get_object_or_404(SentEmail, verif_code=verif_code)
if now() - sent_email.sent_at > timedelta(hours=72):
msg = _('Sorry, that link has expired. Please try again.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('forgot_password'))
if sent_email.verified_at and (now() - sent_email.verified_at >
timedelta(minutes=60)):
msg = _('Sorry, that was already used. Please try again.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('forgot_password'))
else:
form = SetPWForm()
if request.method == 'POST':
form = SetPWForm(data=request.POST)
if form.is_valid():
sent_email.verify_user_email(request)
password = form.cleaned_data['password']
auth_user = sent_email.auth_user
auth_user.set_password(password)
auth_user.save()
msg = _('Your password has been set.')
messages.success(request, msg)
# login user
user_to_login = authenticate(email=auth_user.email,
password=password)
login(request, user_to_login)
# Log the login
LoggedLogin.record_login(request)
# All done
return HttpResponseRedirect(reverse_lazy('dashboard'))
return {
# 'user': sent_email.auth_user,
'form': form,
'verif_code': verif_code,
'is_input_page': True,
}
def reset_pw(request, verif_code):
'''
Page you arrive on after clicking a link to (re)set your password
'''
sent_email = get_object_or_404(SentEmail, verif_code=verif_code)
if now() - sent_email.sent_at > timedelta(hours=72):
msg = _('Sorry, that link has expired. Please try again.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('forgot_password'))
if sent_email.verified_at and (now() - sent_email.verified_at > timedelta(minutes=60)):
msg = _('Sorry, that was already used. Please try again.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('forgot_password'))
else:
form = SetPWForm()
if request.method == 'POST':
form = SetPWForm(data=request.POST)
if form.is_valid():
sent_email.verify_user_email(request)
password = form.cleaned_data['password']
auth_user = sent_email.auth_user
auth_user.set_password(password)
auth_user.save()
msg = _('Your password has been set.')
messages.success(request, msg)
# login user
user_to_login = authenticate(email=auth_user.email, password=password)
login(request, user_to_login)
# Log the login
LoggedLogin.record_login(request)
# All done
return HttpResponseRedirect(reverse_lazy('dashboard'))
return {
# 'user': sent_email.auth_user,
'form': form,
'verif_code': verif_code,
'is_input_page': True,
}
def set_new_password(request):
if request.user.is_authenticated():
msg = _(
'''You're already logged in. You must <a href="/logout/">logout</a> before you can reset your password.'''
)
messages.error(request, msg, extra_tags='safe')
return HttpResponseRedirect(reverse_lazy('home'))
# none of these things *should* ever happen, hence the cryptic error message (to figure out how that's possible)
email_auth_token_id = request.session.get('email_auth_token_id')
if not email_auth_token_id:
msg = _('Token cookie not found. Please generate a new link.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('request_new_password'))
ea_token = get_object_or_None(EmailAuthToken, id=email_auth_token_id)
if not ea_token:
msg = _('Token not found. Please generate a new link.')
messages.warning(request, msg)
return HttpResponseRedirect(reverse_lazy('request_new_password'))
if ea_token.key_deleted_at:
msg = _('Token deleted. Please generate a new link.')
messages.warning(request, msg)
return HttpResponseRedirect(
reverse_lazy('request_new_password') + '?e=' +
ea_token.auth_user.email)
if not ea_token.key_used_at:
msg = _('Site error. Please generate a new link.')
messages.warning(request, msg)
return HttpResponseRedirect(
reverse_lazy('request_new_password') + '?e=' +
ea_token.auth_user.email)
if now() - ea_token.key_used_at > timedelta(minutes=15):
msg = _('Time limit expired. Please generate a new link.')
messages.warning(request, msg)
return HttpResponseRedirect(
reverse_lazy('request_new_password') + '?e=' +
ea_token.auth_user.email)
else:
# We're good to go!
form = SetPWForm()
if request.method == 'POST':
form = SetPWForm(data=request.POST)
if form.is_valid():
new_pw = form.cleaned_data['newpassword']
user = ea_token.auth_user
user.set_password(new_pw)
user.save()
# login user
user_to_login = authenticate(username=user.username,
password=new_pw)
login(request, user_to_login)
LoggedLogin.record_login(request)
# delete the token from the session
del request.session['email_auth_token_id']
merchant = user.get_merchant()
if merchant:
api_cred = merchant.get_api_credential()
if api_cred:
try:
if api_cred.get_balance() > SATOSHIS_PER_BTC:
merchant.disable_all_credentials()
# TODO: poor UX, but let's wait until we actually have people doing this
msg = _(
'Your API credentials were unlinked from your CoinSafe account for safety, please link your wallet again in order to sell bitcoin to customers.'
)
messages.success(request, msg)
except Exception as e:
# TODO: log these somewhere when people start using this feature
print 'Error was: %s' % e
# Mark this + all other tokens for that user as expired
ea_token.expire_outstanding_tokens()
msg = _('Password succesfully updated.')
messages.success(request, msg)
return HttpResponseRedirect(reverse_lazy('customer_dashboard'))
return {'form': form}
