Ejemplo n.º 1
0
    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        try:
            serializer.is_valid(raise_exception=True)
            return self._action(serializer)

        except ValidationError:
            error = serializer.errors

        except exceptions.AccountInactiveError as e:
            user = serializer.user
            user.is_active = False
            user.save()
            error = e.msg

        except exceptions.EmailNotVerifiedError as e:
            user = serializer.user
            error = e.msg
            send_email_confirmation(self.request._request, user)

        except exceptions.PhoneNotVerifiedError as e:
            user = serializer.user
            error = e.msg
            device = user.verificationdevice_set.get(label='phone_verify')
            device.generate_challenge()

        return Response(data={'detail': error},
                        status=status.HTTP_401_UNAUTHORIZED)
Ejemplo n.º 2
0
def pre_social_login_(sender, request, sociallogin, **kwargs):
    '''
    Resolve issue of existing email address. When signing up a social account with the existing
    email address it will logged the existing user. And for security hole issue the account
    will not successfully logged if their given email address are not verified.
    To verify ownership of email this function will automatically send a verification link
    to the given email and only legit user can access the said account.
    :param sender:
    :param request:
    :param sociallogin:
    :param kwargs:
    :return:
    '''

    email = sociallogin.account.extra_data['email']
    _user = get_user_model()
    users = _user.objects.filter(email=email)
    _s_emails = s_emails.objects.filter(email=email)
    e_existing = _s_emails.exists()
    u_existing = users.exists()

    if u_existing :
        if e_existing:
            if _s_emails[0].verified:
                perform_login(request, users[0], app_settings.EMAIL_VERIFICATION)
                raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))

        send_email_confirmation(request, users[0])
        raise ImmediateHttpResponse(render(request, 'account/verification_sent.html', {}))
 def validate(self, attrs):
     username = attrs.get('username')
     password = attrs.get('password')
     user = None
     if 'allauth' in settings.INSTALLED_APPS:
         user = self._validate_username_email(username, password)
     else:
         # Authentication without using allauth
         if username:
             user = self._validate_username_email(username, password)
     # Did we get back an active user?
     if user:
         if not user.is_active:
             msg = _('User account is disabled.')
             raise exceptions.ValidationError(msg)
     else:
         msg = _('Unable to log in with provided credentials.')
         raise exceptions.ValidationError(msg)
     # If required, is the email verified?
     if 'rest_auth.registration' in settings.INSTALLED_APPS:
         from allauth.account import app_settings
         if app_settings.EMAIL_VERIFICATION == app_settings.EmailVerificationMethod.MANDATORY:
             email_address = user.emailaddress_set.get(email=user.email)
             if not email_address.verified:
                 send_email_confirmation(self.context.get("request"), user)
                 raise ValidationError(
                     _('E-mail is not verified. Verification Mail has been resent to your E-mail!'
                       ))
     attrs['user'] = user
     return attrs
Ejemplo n.º 4
0
    def perform_update(self, serializer):
        instance = self.get_object()
        current_email, current_phone = instance.email, instance.phone
        new_email = serializer.validated_data.get('email', instance.email)
        new_phone = serializer.validated_data.get('phone', instance.phone)
        user = serializer.save()

        if current_email != new_email:
            instance.emailaddress_set.all().delete()

            if new_email:
                send_email_confirmation(self.request._request, user)
                if current_email:
                    user.email = current_email
                    utils.send_email_update_notification(current_email)

        if current_phone != new_phone:
            instance.verificationdevice_set.all().delete()

            if new_phone:
                device = VerificationDevice.objects.create(
                    user=instance, unverified_phone=new_phone)
                device.generate_challenge()
                if current_phone:
                    user.phone = current_phone
                    utils.send_sms(current_phone, messages.phone_change)

        user.save()
Ejemplo n.º 5
0
    def test_signup_with_released_email(self):
        user = UserFactory.create(username='******',
                                  email='*****@*****.**',
                                  email_verified=True)

        EmailAddress.objects.create(user=user, email=user.email,
                                    verified=True)
        data = {
            'username': '******',
            'email': '*****@*****.**',
        }

        request = HttpRequest()
        setattr(request, 'session', 'session')
        self.messages = FallbackStorage(request)
        setattr(request, '_messages', self.messages)
        request.META['SERVER_NAME'] = 'testserver'
        request.META['SERVER_PORT'] = '80'

        form = forms.ProfileForm(data, request=request, instance=user)
        form.save()

        user = UserFactory.create(username='******',
                                  email='*****@*****.**')
        try:
            send_email_confirmation(request, user)
        except IntegrityError:
            assert False
        else:
            assert True
Ejemplo n.º 6
0
    def test_signup_with_released_email(self):
        user = UserFactory.create(username='******',
                                  email='*****@*****.**',
                                  email_verified=True)

        EmailAddress.objects.create(user=user, email=user.email, verified=True)
        data = {
            'username': '******',
            'email': '*****@*****.**',
        }

        request = HttpRequest()
        setattr(request, 'session', 'session')
        self.messages = FallbackStorage(request)
        setattr(request, '_messages', self.messages)
        request.META['SERVER_NAME'] = 'testserver'
        request.META['SERVER_PORT'] = '80'

        form = forms.ProfileForm(data, request=request, instance=user)
        form.save()

        user = UserFactory.create(username='******', email='*****@*****.**')
        try:
            send_email_confirmation(request, user)
        except IntegrityError:
            assert False
        else:
            assert True
Ejemplo n.º 7
0
def profile(request):
    if request.method == 'POST':
        form = CustomUserChangeForm(request.POST, instance=request.user)
        if form.is_valid():
            user = form.save(commit=False)
            user_before_update = CustomUser.objects.get(pk=user.pk)
            need_to_confirm_email = (
                user_before_update.email != user.email
                and require_email_confirmation()
                and not user_has_confirmed_email_address(user, user.email))
            if need_to_confirm_email:
                # don't change it but instead send a confirmation email
                # email will be changed by signal when confirmed
                new_email = user.email
                send_email_confirmation(request,
                                        user,
                                        signup=False,
                                        email=new_email)
                user.email = user_before_update.email
                # recreate the form to avoid populating the previous email in the returned page
                form = CustomUserChangeForm(instance=user)
            user.save()
    else:
        form = CustomUserChangeForm(instance=request.user)
    return render(request, 'account/profile.html', {
        'form': form,
        'active_tab': 'profile'
    })
Ejemplo n.º 8
0
    def form_valid(self, form):
        """Create and log in the user signing up

        Took this from allauth because extensibility is for chumps.
        """
        self.object = form.save(request=self.request)
        signals.user_signed_up.send(sender=self.object.__class__,
                                    request=self.request,
                                    user=self.object)

        # not is_active: social users are redirected to a template
        # local users are stopped due to form validation checking is_active
        assert self.object.is_active
        if (settings.ACCOUNT_EMAIL_VERIFICATION
            and not EmailAddress.objects.filter(user=self.object,
                                                verified=True).exists()):
            send_email_confirmation(self.object, self.request)

        # HACK: This may not be nice. The proper Django way is to use an
        # authentication backend, but I fail to see any added benefit
        # whereas I do see the downsides (having to bother the integrator
        # to set up authentication backends in settings.py
        if not hasattr(self.object, 'backend'):
            self.object.backend = "django.contrib.auth.backends.ModelBackend"
        signals.user_logged_in.send(sender=self.object.__class__,
                                    request=self.request,
                                    user=self.object)
        login(self.request, self.object)
        msg = _('Successfully signed in as {0}.'.format(user_display(self.object)))
        messages.success(self.request, msg)

        return HttpResponseRedirect(self.get_success_url())
Ejemplo n.º 9
0
 def save(self):
     request = self.context.get('request')
     User = get_user_model()
     email = self.reset_form.cleaned_data["email"]
     user = User.objects.get(email__iexact=email)
     send_email_confirmation(request, user, True)
     return email
Ejemplo n.º 10
0
def _process_signup(request, sociallogin):
    # If email is specified, check for duplicate and if so, no auto signup.
    auto_signup = app_settings.AUTO_SIGNUP
    email = sociallogin.account.user.email
    if auto_signup:
        # Let's check if auto_signup is really possible...
        if email:
            if account_settings.UNIQUE_EMAIL:
                try:
                    user = User.objects.get(email__iexact=email)
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap. To solve this,
                    # we reset the password of the email account and connect
                    # the user.
                    user.set_password(md5.new('%s:%s ' % (email, time.time())).hexdigest())
                    user.save()
                    context = create_password_reset_context(user)
                    get_account_adapter().send_mail('account/email/link_facebook',
                                                    email, context)
                    sociallogin.account.user = user
                    sociallogin.save()
                    return perform_login(request, user, 
                                         redirect_url=sociallogin.get_redirect_url(request))
                except User.DoesNotExist:
                    # No user exists with this email. Let's auto sign up the user.
                    auto_signup = True
        elif account_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            auto_signup = False
    if not auto_signup:
        request.session['socialaccount_sociallogin'] = sociallogin
        url = reverse('socialaccount_signup')
        ret = HttpResponseRedirect(url)
    else:
        # FIXME: This part contains a lot of duplication of logic
        # ("closed" rendering, create user, send email, in active
        # etc..)
        try:
            if not get_account_adapter().is_open_for_signup(request):
                return render(request,
                              "account/signup_closed.html")
        except ImmediateHttpResponse, e:
            return e.response
        u = sociallogin.account.user
        u.username = generate_unique_username(u.username
                                              or email 
                                              or 'user')
        u.last_name = (u.last_name or '') \
            [0:User._meta.get_field('last_name').max_length]
        u.first_name = (u.first_name or '') \
            [0:User._meta.get_field('first_name').max_length]
        u.email = email or ''
        u.set_unusable_password()
        sociallogin.save()
        send_email_confirmation(request, u)
        ret = complete_social_signup(request, sociallogin)
Ejemplo n.º 11
0
    def dispatch(self, request, *args, **kwargs):
        if not EmailAddress.objects.filter(user=request.user,
                                           verified=True).exists():
            send_email_confirmation(request, request.user)
            return render(request, 'account/verified_email_required.html')

        return super().dispatch(request, *args, **kwargs)
Ejemplo n.º 12
0
def resend_user_activation(
        request, template_file="administration/resend_activation/index.html"):
    context = RequestContext(request)

    if request.method == "POST":
        form = EmailForm(request.POST)
        if form.is_valid():
            try:
                user = User.objects.get(
                    email__iexact=form.cleaned_data.get('email'))
                if not user.is_active:
                    try:
                        profile = user.profile
                    except Profile.DoesNotExist:
                        profile = Profile(user=user)
                        profile.save()
                    except Profile.MultipleObjectsReturned:
                        profiles = Profile.objects.filter(user=user)
                        profile = profiles[0]
                    if not profile.skeleton_user:
                        send_email_confirmation(request, user)
                        context[
                            'message'] = "Activation email has been resent to %s" % user.email
                    else:
                        context[
                            'message'] = "This user hasn't signed up for ratetracker"
                else:
                    context[
                        'message'] = "This user has already activated, they should probably use the password reset bit on the login page!"
            except User.DoesNotExist:
                context['message'] = "User doesn't exist!"
    else:
        context['form'] = EmailForm()
    return render_to_response(template_file, context_instance=context)
Ejemplo n.º 13
0
def q_send_email_confirmation(request):
    valid_request, msg = validate_request(request)
    if not valid_request:
        return HttpResponseForbidden(msg)

    username = request.POST.get("username")
    try:
        user = User.objects.get(username=username)
    except User.DoesNotExist:
        msg = "Unable to locate user '{0}'.".format(username)
        messages.add_message(request, messages.ERROR, msg)
        return HttpResponseBadRequest(msg)

    current_user = request.user
    if not current_user.is_superuser and current_user.username != username:
        msg = "You do not have authority to validate this user's email."
        messages.add_message(request, messages.ERROR, msg)
        return HttpResponseBadRequest(msg)

    try:
        send_email_confirmation(request, user)
    except Exception as e:
        msg = "Error sending confirmation email."
        messages.add_message(request, messages.ERROR, msg)
        return HttpResponseBadRequest(msg)

    return JsonResponse({})
Ejemplo n.º 14
0
 def get_email_address(self, request, user):
     try:
         return EmailAddress.objects.get(email=user.email)
     except ObjectDoesNotExist:
         setup_user_email(request, user, [])
         send_email_confirmation(request, user)
         return EmailAddress.objects.get(email=user.email)
Ejemplo n.º 15
0
    def post(self, request):
        user = get_object_or_404(User, email=request.data['email'])
        emailAddress = EmailAddress.objects.filter(user=user,
                                                   verified=True).exists()

        if emailAddress:
            return Response({'message': 'Это Email уже проверен'},
                            status=status.HTTP_400_BAD_REQUEST)
        else:
            try:
                send_email_confirmation(request, user=user)
                return Response(
                    {
                        'message':
                        'Отправлено подтверждение по электронной почте'
                    },
                    status=status.HTTP_201_CREATED)
            except APIException:
                return Response(
                    {
                        'message':
                        'Этот адрес электронной почты не существует, \
                            пожалуйста, создайте новую учетную запись'
                    },
                    status=status.HTTP_403_FORBIDDEN)
Ejemplo n.º 16
0
    def perform_create(self, serializer):
        user = serializer.save()
        signals.user_registered.send(sender=self.__class__,
                                     user=user,
                                     request=self.request)

        send_email_confirmation(self.request._request, user)
Ejemplo n.º 17
0
def resend_email_confirmation(request):
    """
    Resends the confirmation email on user request.
    """
    user = request.user
    send_email_confirmation(request._request, user)
    return Response(status=status.HTTP_200_OK)
Ejemplo n.º 18
0
def assign_user_to_group(modeladmin, queryset, group_name, request):
    """
    Approves users
    :param queryset: List of the users to be approved
    :param group: Group to be assigned
    :param request:
    :return:
    """
    group = Group.objects.get(name=group_name)
    if group:
        for user_profile in queryset:
            user_profile.status = UserProfile.APPROVED_STATE
            user_profile.save()
            # sending the confirmation email
            send_email_confirmation(request, user_profile.user, signup=True)
            # setting the group
            group.user_set.add(user_profile.user)
            modeladmin.message_user(
                request,
                'El usuario %s fue agregado al grupo %s con éxito.' % (user_profile.user.first_name,group.name)
            )
    else:
        self.message_user(
            request,'El grupo %s no existe.' % group_name, 
            level=messages.ERROR
        )
Ejemplo n.º 19
0
def send_email_verification(request, user, email_verification):

    has_verified_email = EmailAddress.objects.filter(user=user,
                                                     verified=True).exists()

    if not has_verified_email:
        send_email_confirmation(request, user, signup=True)
Ejemplo n.º 20
0
def resend_user_activation(request, template_file="administration/resend_activation/index.html"):
    context = RequestContext(request)

    if request.method == "POST":
        form = EmailForm(request.POST)
        if form.is_valid():
            try:
                user = User.objects.get(email__iexact=form.cleaned_data.get('email'))
                if not user.is_active:
                    try:
                        profile = user.profile
                    except Profile.DoesNotExist:
                        profile = Profile(user=user)
                        profile.save()
                    except Profile.MultipleObjectsReturned:
                        profiles = Profile.objects.filter(user=user)
                        profile = profiles[0]
                    if not profile.skeleton_user:
                        send_email_confirmation(request, user)
                        context['message'] = "Activation email has been resent to %s" % user.email
                    else:
                        context['message'] = "This user hasn't signed up for ratetracker"
                else:
                    context[
                        'message'] = "This user has already activated, they should probably use the password reset bit on the login page!"
            except User.DoesNotExist:
                context['message'] = "User doesn't exist!"
    else:
        context['form'] = EmailForm()
    return render_to_response(template_file, context_instance=context)
Ejemplo n.º 21
0
    def create(self, validated_data):
        with transaction.atomic():
            first_name = validated_data.get("first_name", "")
            last_name = validated_data.get("last_name", "")
            account_type = validated_data.get("account_type", "")
            user = FcUser.objects.create(username=validated_data.get("email"),
                                         email=validated_data.get("email"),
                                         phone_number=validated_data.get(
                                             "phone_number", ""),
                                         first_name=first_name,
                                         last_name=last_name,
                                         account_type=account_type)
            user.set_password(validated_data.get("password"))
            user.raw_password = validated_data.get("password")
            user.save()

            if account_type == 'customer':
                customer_info = FcCustomer.objects.create(user=user)
                customer_info.save()
            else:
                provider_info = FcProvider.objects.create(user=user)
                provider_info.save()

            request = self.context.get("request")
            print('before sending mail')
            send_email_confirmation(request, user, True)
            print('after sending mail')

            return user
Ejemplo n.º 22
0
def home(request):
    try:
        qs = Event.objects.untranslated().use_fallbacks()
        try:
            today = datetime.now()
            event = qs.filter(start__gte=now).first()
        except:
            event = qs.order_by('start').last()
    except:
        event = None

    if request.method == 'POST':
        form = EmailOnlyForm(request.POST)
        if form.is_valid():
            user = form.save(request)
            send_email_confirmation(request, user)
            return redirect('thanks')

    form = EmailOnlyForm()

    if event:
        dt_now = timezone.now()
        if dt_now > event.start and dt_now < event.end:
            return redirect('map', event_codename=event.codename)

    return render(request, 'home.html', {
        'event': event,
        'form': form,
        'current_page': 'home',
    })
Ejemplo n.º 23
0
    def form_valid(self, form):
        phone = form.data.get('phone')
        email = form.data.get('email')

        if phone:

            try:
                with transaction.atomic():
                    phone_device = VerificationDevice.objects.get(
                        unverified_phone=phone, verified=False)
                    phone_device.generate_challenge()
                    self.request.session[
                        'phone_verify_id'] = phone_device.user_id

            except TwilioRestException as e:
                if e.status >= 500:
                    msg = TWILIO_ERRORS.get('default')
                else:
                    msg = TWILIO_ERRORS.get(e.code)

                if msg:
                    form.add_error('phone', msg)
                    return self.form_invalid(form)
                else:
                    raise
            except VerificationDevice.DoesNotExist:
                pass

            message = _(
                "Your phone number has been submitted."
                " If it matches your account on Cadasta Platform, you will"
                " receive a verification token to confirm your phone.")
            messages.add_message(self.request, messages.SUCCESS, message)

        if email:
            email = email.casefold()
            try:
                email_device = EmailAddress.objects.get(email=email,
                                                        verified=False)
                user = email_device.user
                if not user.email_verified:
                    user.email = email
                send_email_confirmation(self.request, user)
                self.request.session['phone_verify_id'] = email_device.user.id
            except EmailAddress.DoesNotExist:
                pass

            # This is a gross hack, removing all messages previously added to
            # the message queue so we don't reveal whether the email address
            # existed in the system or not. (See issue #1869)
            get_messages(self.request)._queued_messages = []

            message = _(
                "Your email address has been submitted."
                " If it matches your account on Cadasta Platform, you will"
                " receive a verification link to confirm your email.")
            messages.add_message(self.request, messages.SUCCESS, message)

        return super().form_valid(form)
Ejemplo n.º 24
0
    def form_valid(self, form):
        user = form.user
        if not user.email_verified and timezone.now() > user.verify_email_by:
            user.is_active = False
            user.save()
            send_email_confirmation(self.request, user)

        return super().form_valid(form)
Ejemplo n.º 25
0
 def save(self, request):
     new_user = self.create_user()
     self.sociallogin.account.user = new_user
     self.sociallogin.save(request)
     super(SignupForm, self).save(new_user) 
     # Confirmation last (save may alter first_name etc -- used in mail)
     send_email_confirmation(request, new_user)
     return new_user
Ejemplo n.º 26
0
    def create(self, request):
        if request.user.email_verified:
            raise ValidationError(
                {"email": ["Email Already Verified"]})

        send_email_confirmation(request, request.user)
        # , status=status.HTTP_201_CREATED)
        return Response({'detail': 'Email Confirmation Sent Succesfully'})
Ejemplo n.º 27
0
    def post(self, request):
        if request.user.email_verified:
            return Response({'message': 'Email already verified'},
                            status=status.HTTP_201_CREATED)

        send_email_confirmation(request, request.user)
        return Response({'message': 'Email confirmation sent'},
                        status=status.HTTP_201_CREATED)
Ejemplo n.º 28
0
    def form_valid(self, form):
        user = form.user
        if not user.email_verified and timezone.now() > user.verify_email_by:
            user.is_active = False
            user.save()
            send_email_confirmation(self.request, user)

        return super().form_valid(form)
Ejemplo n.º 29
0
 def save(self, request=None):
     new_user = self.create_user()
     self.sociallogin.account.user = new_user
     self.sociallogin.save()
     super(SignupForm, self).save(new_user) 
     # Confirmation last (save may alter first_name etc -- used in mail)
     send_email_confirmation(request, new_user)
     return new_user
Ejemplo n.º 30
0
 def post(self, request, format=None):
     serializer = self.serializer_class(data=request.data)
     if serializer.is_valid():
         new_user = serializer.save()
         send_email_confirmation(request._request, new_user)
         return Response(serializer.data,
                 status=status.HTTP_201_CREATED)
     return Response(serializer.errors,
                 status=status.HTTP_400_BAD_REQUEST)
 def handle(self, *args, **options):
     users = User.objects.filter(
         emailaddress__verified=False,
         emailaddress__email__contains=options['email_contains'])
     request = RequestFactory().get('/')
     request.environ['SERVER_NAME'] = settings.ALLOWED_HOSTS[0]
     for user in users:
         print "Resending to", user
         send_email_confirmation(request, user)
Ejemplo n.º 32
0
def post_resident_save(sender, instance, created,**kwargs):
	if created:
		'''
		in special cases the instance will be passed with a request attribute Eg;instance.resident by the
		serializer. Should be accounte for in the tests
		'''
		assign_role(instance.user, 'resident')#assigns role as resident
		if hasattr(instance, 'request'):
			send_email_confirmation(instance.request, instance.user, signup=True)
Ejemplo n.º 33
0
    def post(self, request):
        obj = EmailAddress.objects.get(email=request.user.email)
        if obj.verified:
            return Response({'message': 'Email already verified'},
                            status=status.HTTP_201_CREATED)

        send_email_confirmation(request, request.user)
        return Response({'message': 'Email confirmation sent'},
                        status=status.HTTP_201_CREATED)
Ejemplo n.º 34
0
    def perform_create(self, serializer):
        user = serializer.save()
        signals.user_registered.send(sender=self.__class__, user=user,
                                     request=self.request)

        try:
            send_email_confirmation(self.request._request, user)
        except MessageFailure:
            pass
Ejemplo n.º 35
0
def _process_signup(request, sociallogin):
    # If email is specified, check for duplicate and if so, no auto signup.
    auto_signup = app_settings.AUTO_SIGNUP
    email = user_email(sociallogin.account.user)
    if auto_signup:
        # Let's check if auto_signup is really possible...
        if email:
            if account_settings.UNIQUE_EMAIL:
                if email_address_exists(email):
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap.  We cannot check
                    # on 'email_address.verified' either, because
                    # 'email_address' is not guaranteed to be verified.
                    auto_signup = False
                    # FIXME: We redirect to signup form -- user will
                    # see email address conflict only after posting
                    # whereas we detected it here already.
        elif app_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            auto_signup = False
    if not auto_signup:
        request.session['socialaccount_sociallogin'] = sociallogin
        url = reverse('socialaccount_signup')
        ret = HttpResponseRedirect(url)
    else:
        # FIXME: This part contains a lot of duplication of logic
        # ("closed" rendering, create user, send email, in active
        # etc..)
        try:
            if not get_account_adapter().is_open_for_signup(request):
                return render(request,
                              "account/signup_closed.html")
        except ImmediateHttpResponse as e:
            return e.response
        u = sociallogin.account.user
        if account_settings.USER_MODEL_USERNAME_FIELD:
            user_username(u,
                          generate_unique_username(user_username(u)
                                                   or email 
                                                   or 'user'))
        for field in ['last_name',
                      'first_name']:
            if hasattr(u, field):
                truncated_value = (user_field(u, field) or '') \
                    [0:User._meta.get_field(field).max_length]
                user_field(u, field, truncated_value)
        user_email(u, email or '')
        u.set_unusable_password()
        sociallogin.save(request)
        send_email_confirmation(request, u)
        ret = complete_social_signup(request, sociallogin)
    return ret
Ejemplo n.º 36
0
    def validate(self, attrs):
        username = attrs.get('username')
        email = attrs.get('email')
        password = attrs.get('password')

        user = None

        if 'allauth' in settings.INSTALLED_APPS:
            from allauth.account import app_settings

            # Authentication through email
            if app_settings.AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.EMAIL:
                user = self._validate_email(email, password)

            # Authentication through username
            if app_settings.AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.USERNAME:
                user = self._validate_username(username, password)

            # Authentication through either username or email
            else:
                user = self._validate_username_email(username, email, password)

        else:
            # Authentication without using allauth
            if email:
                try:
                    username = UserModel.objects.get(
                        email__iexact=email).get_username()
                except UserModel.DoesNotExist:
                    pass

            if username:
                user = self._validate_username_email(username, '', password)

        # Did we get back an active user?
        if user:
            if not user.is_active:
                msg = _('User account is disabled.')
                raise exceptions.ValidationError(msg)
        else:
            msg = _('Unable to log in with provided credentials.')
            raise exceptions.ValidationError(msg)

        # If required, is the email verified?
        if 'rest_auth.registration' in settings.INSTALLED_APPS:
            from allauth.account import app_settings
            if app_settings.EMAIL_VERIFICATION == app_settings.EmailVerificationMethod.MANDATORY:
                email_address = user.emailaddress_set.get(email=user.email)
                if not email_address.verified:
                    # added resending confirmation email
                    send_email_confirmation(self.context['request'], user)
                    raise serializers.ValidationError(
                        _('E-mail is not verified.'))

        attrs['user'] = user
        return attrs
Ejemplo n.º 37
0
def _process_signup(request, sociallogin):
    log.debug('socialaccount.helpers._process_signup')
    # If email is specified, check for duplicate and if so, no auto signup.
    log.debug("_process_signup")
    auto_signup = app_settings.AUTO_SIGNUP
    email = sociallogin.account.user.email
    if auto_signup:
        # Let's check if auto_signup is really possible...
        log.debug("auto_signup")
        if email:
            if account_settings.UNIQUE_EMAIL:
                if email_address_exists(email):
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap.  We cannot check
                    # on 'email_address.verified' either, because
                    # 'email_address' is not guaranteed to be verified.
                    auto_signup = False
                    # FIXME: We redirect to signup form -- user will
                    # see email address conflict only after posting
                    # whereas we detected it here already.
        elif account_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            log.debug("no email available")
            auto_signup = False
    if not auto_signup:
        log.debug("not auto signup")
        request.session['socialaccount_sociallogin'] = sociallogin
        url = reverse('socialaccount_signup')
        ret = HttpResponseRedirect(url)
    else:
        # FIXME: There is some duplication of logic inhere
        # (create user, send email, in active etc..)
        log.debug("Auto sign up again")
        u = sociallogin.account.user
        u.username = generate_unique_username(u.username
                                              or email 
                                              or 'user')
        u.last_name = (u.last_name or '') \
            [0:User._meta.get_field('last_name').max_length]
        u.first_name = (u.first_name or '') \
            [0:User._meta.get_field('first_name').max_length]
        u.email = email or ''
        u.set_unusable_password()
        log.debug(u)
        sociallogin.save()
        log.debug("Sending email to the following:")
        log.debug(email)
        send_email_confirmation(request, u)
        log.debug("Email confirmation sent")
        ret = complete_social_signup(request, sociallogin)
        log.debug(ret)
    return ret
Ejemplo n.º 38
0
    def save(self, *args, **kwargs):
        user = super().save(commit=False, *args, **kwargs)
        if self._send_confirmation:
            send_email_confirmation(self.request, user)
            self._send_confirmation = False
            user.email_verified = False
            user.verify_email_by = now_plus_48_hours()

        user.save()
        return user
Ejemplo n.º 39
0
 def dispatch(self, request, *args, **kwargs):
     """ Confirm valid user,and then confirm a verified email. """
     if not request.user.is_authenticated:
         return self.handle_no_permission()
     elif not EmailAddress.objects.filter(user=request.user,
                                          verified=True).exists():
         send_email_confirmation(request, request.user)
         # Should maybe be some kind of reverse blah blah blah
         return render(request, 'account/verified_email_required.html')
     return super().dispatch(request, *args, **kwargs)
Ejemplo n.º 40
0
 def _wrapped_view(request, *args, **kwargs):
     context ={
         'domains': domains
     }
     if not EmailAddress.objects.filter(Q(user=request.user), reduce(lambda x, y: (x | y), [Q(email__icontains=domain) for domain in domains])).exists():
         return render(request, 'account/email_required_domain.html', context)
     elif not EmailAddress.objects.filter(Q(user=request.user, verified=True), reduce(lambda x, y: (x | y), [Q(email__icontains=('@' + domain)) for domain in domains])).exists():
         send_email_confirmation(request, request.user)
         return render(request, 'account/verified_email_required_domain.html', context)
     return view_func(request, *args, **kwargs)
Ejemplo n.º 41
0
    def save(self, *args, **kwargs):
        user = super().save(commit=False, *args, **kwargs)
        if self._send_confirmation:
            send_email_confirmation(self.request, user)
            self._send_confirmation = False
            user.email_verified = False
            user.verify_email_by = now_plus_48_hours()

        user.save()
        return user
Ejemplo n.º 42
0
 def post(self, request, *args, **kwargs):
     serializer = self.serializer_class(data=request.data)
     serializer.is_valid(raise_exception=True)
     user = serializer.validated_data['user']
     if not user.is_active:
         send_email_confirmation(request, user)
         return Response({'detail': 'User is inactive!'}, status=403)
     token, created = Token.objects.get_or_create(user=user)
     user_data = UserSerializer(user, many=False).data
     user_data['token'] = token.key
     return Response(user_data)
Ejemplo n.º 43
0
    def post(self, *args, **kwargs):
        # if the email address is already verified, do nothing
        user = self.request.user
        has_verified_email = EmailAddress.objects.filter(user=user, verified=True).exists()
        if has_verified_email:
            return Response(None, HTTP_204_NO_CONTENT)

        # otherwise, send the confirmation email
        print("sending email confirmation...")
        allauth_utils.send_email_confirmation(self.request, user)
        return Response({'message': 'Account email verification sent'}, HTTP_200_OK)
Ejemplo n.º 44
0
 def save(self, request):
     new_user = self.create_user()
     self.sociallogin.account.user = new_user
     self.sociallogin.save(request)
     super(SignupForm, self).save(new_user)
     # Make sure the user has a primary email address
     if EmailAddress.objects.filter(user=new_user).count() == 0:
         setup_user_email(request, new_user)
     # Confirmation last (save may alter first_name etc -- used in mail)
     send_email_confirmation(request, new_user)
     return new_user
Ejemplo n.º 45
0
    def save(self, *args, **kwargs):
        user = super().save(commit=False, *args, **kwargs)

        if self._send_confirmation:
            send_email_confirmation(self.request, user)
            self._send_confirmation = False
            user.email_verified = False
            user.verify_email_by = (datetime.now(tz=timezone.utc) +
                                    timedelta(hours=48))

        user.save()
        return user
Ejemplo n.º 46
0
def _process_signup(request, data, account):
    # If email is specified, check for duplicate and if so, no auto signup.
    auto_signup = app_settings.AUTO_SIGNUP
    email = data.get('email')
    if auto_signup:
        # Let's check if auto_signup is really possible...
        if email:
            if account_settings.UNIQUE_EMAIL:
                if email_address_exists(email):
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap.  We cannot check
                    # on 'email_address.verified' either, because
                    # 'email_address' is not guaranteed to be verified.
                    auto_signup = False
                    # FIXME: We redirect to signup form -- user will
                    # see email address conflict only after posting
                    # whereas we detected it here already.
        elif account_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            auto_signup = False
    if not auto_signup:
        request.session['socialaccount_signup'] = dict(data=data,
                                                       account=account)
        url = reverse('socialaccount_signup')
        next = request.REQUEST.get('next')
        if next:
            url = url + '?' + urlencode(dict(next=next))
        ret = HttpResponseRedirect(url)
    else:
        # FIXME: There is some duplication of logic inhere 
        # (create user, send email, in active etc..)
        username = generate_unique_username \
            (data.get('username', email or 'user'))
        u = User(username=username,
                 email=email or '',
                 last_name = data.get('last_name', '')[0:User._meta.get_field('last_name').max_length],
                 first_name = data.get('first_name', '')[0:User._meta.get_field('first_name').max_length])
        u.set_unusable_password()
        u.is_active = not account_settings.EMAIL_VERIFICATION
        u.save()
        accountbase = SocialAccount()
        accountbase.user = u
        accountbase.save()
        account.base = accountbase
        account.sync(data)
        send_email_confirmation(u, request=request)
        ret = complete_social_signup(request, u, account)
    return ret
Ejemplo n.º 47
0
    def perform_update(self, serializer):
        user = self.get_object()
        new_email = serializer.validated_data.get('email', user.email)

        if user.email != new_email:
            updated = serializer.save(
                email_verified=False,
                verify_email_by=now_plus_48_hours()
            )
            try:
                send_email_confirmation(self.request._request, updated)
            except MessageFailure:
                pass
        else:
            serializer.save()
Ejemplo n.º 48
0
def _process_signup(request, data, account):
    # If email is specified, check for duplicate and if so, no auto signup.
    auto_signup = app_settings.AUTO_SIGNUP
    email = data.get("email")
    if auto_signup:
        # Let's check if auto_signup is really possible...
        if email:
            if account_settings.UNIQUE_EMAIL:
                email_address = get_email_address(email)
                if email_address:
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap.  We cannot check
                    # on 'email_address.verified' either, because
                    # 'email_address' is not guaranteed to be verified.
                    auto_signup = False
                    # FIXME: We redirect to signup form -- user will
                    # see email address conflict only after posting
                    # whereas we detected it here already.
        elif account_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            auto_signup = False
    if not auto_signup:
        request.session["socialaccount_signup"] = dict(data=data, account=account)
        ret = HttpResponseRedirect(reverse("socialaccount_signup"))
    else:
        # FIXME: There is some duplication of logic inhere
        # (create user, send email, in active etc..)
        username = generate_unique_username(data.get("username", email or "user"))
        u = User(
            username=username,
            email=email or "",
            last_name=data.get("last_name", ""),
            first_name=data.get("first_name", ""),
        )
        u.set_unusable_password()
        u.is_active = not account_settings.EMAIL_VERIFICATION
        u.save()
        account.user = u
        account.save()
        send_email_confirmation(u, request=request)
        ret = complete_signup(request, u, get_login_redirect_url(request))
    return ret
Ejemplo n.º 49
0
 def create(self, request, *args, **kwargs):
     params = request.data
     email = params.get('email')
     password = params.get('password')
     full_name = params.get('full_name')
     try:
         user = User.objects.create_user(email, password, full_name=full_name, active=True, channel='Android')
         social_data = request.data.get('social')
         if social_data:
             try:
                 SocialLoginToken.create(user, social_data)
             except ValueError as e:
                 raise APIException(str(e))
         setup_user_email(request, user, [])
         send_email_confirmation(request, user, signup=True)
     except IntegrityError:
         return Response({'detail': 'The e-mail address already exists.'}, status=400)
     except Exception as e:
         return Response({'detail': str(e)}, status=400)
     return Response(self.serializer_class(user).data, status=status.HTTP_200_OK)
Ejemplo n.º 50
0
def perform_login(request, user, email_verification, return_data={}, signal_kwargs={},
                  signup=False):
    """
    Keyword arguments:

    signup -- Indicates whether or not sending the
    email is essential (during signup), or if it can be skipped (e.g. in
    case email verification is optional and we are only logging in).
    """
    from allauth.account.models import EmailAddress
    has_verified_email = EmailAddress.objects.filter(user=user,
                                                     verified=True).exists()
    if email_verification == EmailVerificationMethod.NONE:
        pass
    elif email_verification == EmailVerificationMethod.OPTIONAL:
        # In case of OPTIONAL verification: send on signup.
        if not has_verified_email and signup:
            send_email_confirmation(request, user, signup=signup)
    elif email_verification == EmailVerificationMethod.MANDATORY:
        if not has_verified_email:
            send_email_confirmation(request, user, signup=signup)
            return Response({'message': 'Account email verification sent'}, HTTP_401_UNAUTHORIZED)
    # Local users are stopped due to form validation checking
    # is_active, yet, adapter methods could toy with is_active in a
    # `user_signed_up` signal. Furthermore, social users should be
    # stopped anyway.
    if not user.is_active:
        return Response({'message': 'User account is inactive'}, HTTP_403_FORBIDDEN)

    get_adapter().login(request, user)
    signals.user_logged_in.send(sender=user.__class__,
                                request=request,
                                user=user,
                                **signal_kwargs)
    get_adapter().add_message(request,
                              messages.SUCCESS,
                              'account/messages/logged_in.txt',
                              {'user': user})

    return_data.update({'message': 'User logged in.'})
    return Response(return_data, HTTP_200_OK)
Ejemplo n.º 51
0
def register(request):
    """
    Create a single user
    """
    data = request.data
    serializer = UserRegisterSerializer(data=data)
    if serializer.is_valid():
        timezone = Timezone.objects.get(
            name=serializer.validated_data['timezone_name']
        )
        user = LocalUser.objects.create_user(
            username=serializer.validated_data['email'],
            email=serializer.validated_data['email'],
            password=serializer.validated_data['password'],
            timezone=timezone
        )
        send_email_confirmation(request._request, user, signup=True)
        return Response(
            UserSerializer(instance=user).data,
            status=status.HTTP_201_CREATED
        )
    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Ejemplo n.º 52
0
    def post(self, request):
        serializer = self.get_serializer(data=request.data)
        try:
            serializer.is_valid(raise_exception=True)
            return self._action(serializer)
        except ValidationError:
            return Response(
                data=serializer.errors,
                status=status.HTTP_400_BAD_REQUEST,
            )
        except EmailNotVerifiedError:
            user = serializer.user
            user.is_active = False
            user.save()

            try:
                send_email_confirmation(self.request._request, user)
            except MessageFailure:
                pass

            return Response(
                data={'detail': _("The email has not been verified.")},
                status=status.HTTP_400_BAD_REQUEST,
            )
Ejemplo n.º 53
0
    def complete_login(self, request, app, token, email_addresses=[]):

        client = TwitterAPI(request, app.client_id, app.secret,
                            self.request_token_url)
        extra_data = client.get_user_info()
        uid = extra_data['id']

        user = User.objects.filter(username=extra_data.get('screen_name'))

        if user:
            return user
        else:

            user = get_adapter() \
                .populate_new_user(username=extra_data.get('screen_name'),
                                   name=extra_data.get('name'))
            user.save()
            account = SocialAccount(user=user,
                                    uid=uid,
                                    provider=TwitterProvider.id,
                                    extra_data=extra_data)
            account.save()
            application = SocialApp.objects.get(secret=app.secret)
            sample_token = SocialToken.objects.filter(app=application, account=account)
            if sample_token:
                token = sample_token[0]
            else:
                token = SocialToken(app=application,
                                    account=account,
                                    token=request.session["oauth_api.twitter.com_access_token"]["oauth_token"],
                                    token_secret=request.session["oauth_api.twitter.com_access_token"][
                                        "oauth_token_secret"])
                token.save()

            mail = send_email_confirmation(request=request, user=user, signup=True)
            return SocialLogin(account=account, token=token, email_addresses=email_addresses)
Ejemplo n.º 54
0
 def save(self, request=None):
     new_user = self.create_user()
     send_email_confirmation(new_user, request=request)
     return new_user
Ejemplo n.º 55
0
def login(request, user):
    mail = send_email_confirmation(request=request, user=user, signup=False)
Ejemplo n.º 56
0
 def save(self, request=None):
     new_user = self.create_user()
     send_email_confirmation(new_user, request=request)
     super(SignupForm, self).save(new_user)
     return new_user
Ejemplo n.º 57
0
 def save(self, request=None):
     new_user = self.create_user()
     super(SignupForm, self).save(new_user) # Before confirmation (may alter first_name etc used in mail)
     send_email_confirmation(new_user, request=request)
     return new_user
Ejemplo n.º 58
0
def senMailOnSingUp(sender, request, user, **kwargs):

	send_email_confirmation(request, user, signup=True)