def elastic(request): INDEX = site_settings.ES_INDEXES['default'] es = elasticutils.get_es() mappings = {'addons': (addons.search.setup_mapping, addons.cron.reindex_addons), 'collections': (addons.search.setup_mapping, bandwagon.cron.reindex_collections), 'compat': (addons.search.setup_mapping, None), 'users': (addons.search.setup_mapping, users.cron.reindex_users), } if request.method == 'POST': if request.POST.get('reset') in mappings: name = request.POST['reset'] es.delete_mapping(INDEX, name) if mappings[name][0]: mappings[name][0]() messages.info(request, 'Resetting %s.' % name) if request.POST.get('reindex') in mappings: name = request.POST['reindex'] mappings[name][1]() messages.info(request, 'Reindexing %s.' % name) return redirect('zadmin.elastic') indexes = set(site_settings.ES_INDEXES.values()) mappings = es.get_mapping(None, indexes) ctx = { 'nodes': es.cluster_nodes(), 'health': es.cluster_health(), 'state': es.cluster_state(), 'mappings': [(index, mappings.get(index, {})) for index in indexes], } return jingo.render(request, 'zadmin/elastic.html', ctx)
def elastic(request): INDEX = site_settings.ES_INDEX es = elasticutils.get_es() mappings = {'addons': (addons.search.setup_mapping, addons.cron.reindex_addons), 'collections': (None, bandwagon.cron.reindex_collections)} if request.method == 'POST': if request.POST.get('reset') in mappings: name = request.POST['reset'] es.delete_mapping(INDEX, name) if mappings[name][0]: mappings[name][0]() messages.info(request, 'Resetting %s.' % name) if request.POST.get('reindex') in mappings: name = request.POST['reindex'] mappings[name][1]() messages.info(request, 'Reindexing %s.' % name) return redirect('zadmin.elastic') ctx = { 'nodes': es.cluster_nodes(), 'health': es.cluster_health(), 'state': es.cluster_state(), 'mapping': es.get_mapping(None, INDEX)[INDEX], } return jingo.render(request, 'zadmin/elastic.html', ctx)
def register(request): if settings.APP_PREVIEW: messages.error(request, loc('Registrations must be through browserid.')) form = None elif (settings.REGISTER_USER_LIMIT and UserProfile.objects.count() > settings.REGISTER_USER_LIMIT and not can_override_reg_limit(request)): _m = loc('Sorry, no more registrations are allowed. ' '<a href="https://developer.mozilla.org/en-US/apps">' 'Learn more</a>') messages.error(request, _m, title_safe=True, message_safe=True) form = None elif request.user.is_authenticated(): messages.info(request, _('You are already logged in to an account.')) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u'Registered new account for user (%s)', u) log_cef('New Account', 5, request, username=u.username, signature='AUTHNOTICE', msg='User created a new account') u.email_confirmation_code() msg = _('Congratulations! Your user account was successfully ' 'created.') messages.success(request, msg) msg = _(u'An email has been sent to your address {0} to ' 'confirm your account. Before you can log in, you ' 'have to activate your account by clicking on the ' 'link provided in this email.').format(u.email) messages.info(request, _('Confirmation Email Sent'), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to tne end user so we just log it... log.error('Failed to register new user (%s): %s' % (u, e)) return http.HttpResponseRedirect(reverse('users.login')) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.'))
def elastic(request): INDEX = site_settings.ES_INDEXES['default'] es = elasticutils.get_es() mappings = {'addons': addons.cron.reindex_addons, 'apps': addons.cron.reindex_apps, 'collections': bandwagon.cron.reindex_collections, 'compat': compatibility_report, 'users': users.cron.reindex_users, } if request.method == 'POST': if request.POST.get('recreate'): es.delete_index_if_exists(INDEX) # We must set up the mappings before we create the index again. addons.search.setup_mapping() stats.search.setup_indexes() es.create_index_if_missing(INDEX) messages.info(request, 'Deleting %s index.' % INDEX) if request.POST.get('reindex') in mappings: name = request.POST['reindex'] # Reindex. if mappings.get(name): mappings[name]() messages.info(request, 'Reindexing %s.' % name) return redirect('zadmin.elastic') indexes = set(site_settings.ES_INDEXES.values()) mappings = es.get_mapping(None, indexes) ctx = { 'index': INDEX, 'nodes': es.cluster_nodes(), 'health': es.cluster_health(), 'state': es.cluster_state(), 'mappings': [(index, mappings.get(index, {})) for index in indexes], } return jingo.render(request, 'zadmin/elastic.html', ctx)
def edit(request): webapp = settings.APP_PREVIEW # Don't use request.amo_user since it has too much caching. amouser = UserProfile.objects.get(pk=request.user.id) if request.method == 'POST': # ModelForm alters the instance you pass in. We need to keep a copy # around in case we need to use it below (to email the user) original_email = amouser.email form = forms.UserEditForm(request.POST, request.FILES, request=request, instance=amouser, webapp=webapp) if form.is_valid(): messages.success(request, _('Profile Updated')) if amouser.email != original_email: # Temporarily block email changes. if settings.APP_PREVIEW: messages.error(request, 'Error', 'You cannot change your email on the ' 'developer preview site.') return jingo.render(request, 'users/edit.html', {'form': form, 'amouser': amouser}) l = {'user': amouser, 'mail1': original_email, 'mail2': amouser.email} log.info(u"User (%(user)s) has requested email change from" "(%(mail1)s) to (%(mail2)s)" % l) messages.info(request, _('Email Confirmation Sent'), _(u'An email has been sent to {0} to confirm your new ' 'email address. For the change to take effect, you ' 'need to click on the link provided in this email. ' 'Until then, you can keep logging in with your ' 'current email address.').format(amouser.email)) domain = settings.DOMAIN token, hash = EmailResetCode.create(amouser.id, amouser.email) url = "%s%s" % (settings.SITE_URL, reverse('users.emailchange', args=[amouser.id, token, hash])) t = loader.get_template('users/email/emailchange.ltxt') c = {'domain': domain, 'url': url} send_mail(_('Please confirm your email address ' 'change at %s' % domain), t.render(Context(c)), None, [amouser.email], use_blacklist=False, real_email=True) # Reset the original email back. We aren't changing their # address until they confirm the new one amouser.email = original_email form.save() return redirect('users.edit') else: messages.error(request, _('Errors Found'), _('There were errors in the changes ' 'you made. Please correct them and ' 'resubmit.')) else: form = forms.UserEditForm(instance=amouser, webapp=webapp) return jingo.render(request, 'users/edit.html', {'form': form, 'amouser': amouser, 'webapp': webapp})
def elastic(request): INDEX = site_settings.ES_INDEXES["default"] es = elasticutils.get_es() mappings = { "addons": (addons.search.setup_mapping, addons.cron.reindex_addons), "collections": (addons.search.setup_mapping, bandwagon.cron.reindex_collections), "compat": (addons.search.setup_mapping, None), "users": (addons.search.setup_mapping, users.cron.reindex_users), } if request.method == "POST": if request.POST.get("reset") in mappings: name = request.POST["reset"] es.delete_mapping(INDEX, name) if mappings[name][0]: mappings[name][0]() messages.info(request, "Resetting %s." % name) if request.POST.get("reindex") in mappings: name = request.POST["reindex"] mappings[name][1]() messages.info(request, "Reindexing %s." % name) return redirect("zadmin.elastic") indexes = set(site_settings.ES_INDEXES.values()) mappings = es.get_mapping(None, indexes) ctx = { "nodes": es.cluster_nodes(), "health": es.cluster_health(), "state": es.cluster_state(), "mappings": [(index, mappings.get(index, {})) for index in indexes], } return jingo.render(request, "zadmin/elastic.html", ctx)
def edit(request): webapp = settings.APP_PREVIEW # Don't use request.amo_user since it has too much caching. amouser = UserProfile.objects.get(pk=request.user.id) if request.method == "POST": # ModelForm alters the instance you pass in. We need to keep a copy # around in case we need to use it below (to email the user) original_email = amouser.email form = forms.UserEditForm(request.POST, request.FILES, request=request, instance=amouser, webapp=webapp) if form.is_valid(): messages.success(request, _("Profile Updated")) if amouser.email != original_email: # Temporarily block email changes. if settings.APP_PREVIEW: messages.error(request, "Error", "You cannot change your email on the " "developer preview site.") return jingo.render(request, "users/edit.html", {"form": form, "amouser": amouser}) l = {"user": amouser, "mail1": original_email, "mail2": amouser.email} log.info(u"User (%(user)s) has requested email change from" "(%(mail1)s) to (%(mail2)s)" % l) messages.info( request, _("Email Confirmation Sent"), _( u"An email has been sent to {0} to confirm your new " "email address. For the change to take effect, you " "need to click on the link provided in this email. " "Until then, you can keep logging in with your " "current email address." ).format(amouser.email), ) domain = settings.DOMAIN token, hash = EmailResetCode.create(amouser.id, amouser.email) url = "%s%s" % (settings.SITE_URL, reverse("users.emailchange", args=[amouser.id, token, hash])) t = loader.get_template("users/email/emailchange.ltxt") c = {"domain": domain, "url": url} send_mail( _("Please confirm your email address " "change at %s" % domain), t.render(Context(c)), None, [amouser.email], use_blacklist=False, real_email=True, ) # Reset the original email back. We aren't changing their # address until they confirm the new one amouser.email = original_email form.save() return redirect("users.edit") else: messages.error( request, _("Errors Found"), _("There were errors in the changes " "you made. Please correct them and " "resubmit."), ) else: form = forms.UserEditForm(instance=amouser, webapp=webapp) return jingo.render(request, "users/edit.html", {"form": form, "amouser": amouser, "webapp": webapp})
def register(request): if waffle.switch_is_active('fxa-auth'): return login(request) if request.user.is_authenticated(): messages.info(request, _('You are already logged in to an account.')) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) mkt_user = UserProfile.objects.filter(email=form.data['email'], password='') if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.lang = request.LANG u.save() log.info(u'Registered new account for user (%s)', u) log_cef('New Account', 5, request, username=u.username, signature='AUTHNOTICE', msg='User created a new account') u.email_confirmation_code() msg = _('Congratulations! Your user account was ' 'successfully created.') messages.success(request, msg) msg = _(u'An email has been sent to your address {0} to ' 'confirm your account. Before you can log in, you ' 'have to activate your account by clicking on the ' 'link provided in this email.').format(u.email) messages.info(request, _('Confirmation Email Sent'), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to the end user so we just log it... log.error('Failed to register new user (%s): %s' % (u, e)) return http.HttpResponseRedirect(reverse('users.login')) elif mkt_user.exists(): f = PasswordResetForm() f.users_cache = [mkt_user[0]] f.save(use_https=request.is_secure(), email_template_name='users/email/pwreset.ltxt', request=request) return render(request, 'users/newpw_sent.html', {}) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.'))
def login(request): logout(request) if 'to' in request.GET: request = _clean_next_url(request) r = auth.views.login(request, template_name='users/login.html', redirect_field_name='to', authentication_form=forms.AuthenticationForm) if isinstance(r, http.HttpResponseRedirect): # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there user = request.user.get_profile() if user.deleted: logout(request) log.warning(u'Attempt to log in with deleted account (%s)' % user) messages.error(request, _('Wrong email address or password!')) return jingo.render(request, 'users/login.html', {'form': forms.AuthenticationForm()}) if user.confirmationcode: logout(request) log.info(u'Attempt to log in with unconfirmed account (%s)' % user) msg1 = _(('A link to activate your user account was sent by email ' 'to your address {0}. You have to click it before you ' 'can log in.').format(user.email)) url = "%s%s" % (settings.SITE_URL, reverse('users.confirm.resend', args=[user.id])) msg2 = _(('If you did not receive the confirmation email, make ' 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' 'to your email address mentioned above.') % url) messages.error(request, _('Activation Email Sent'), msg1) messages.info(request, _('Having Trouble?'), msg2, title_safe=True) return jingo.render(request, 'users/login.html', {'form': forms.AuthenticationForm()}) rememberme = request.POST.get('rememberme', None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug((u'User (%s) logged in successfully with ' '"remember me" set') % user) else: user.log_login_attempt(request, True) elif 'username' in request.POST: # Hitting POST directly because cleaned_data doesn't exist user = UserProfile.objects.filter(email=request.POST['username']) if user: user.get().log_login_attempt(request, False) return r
def blocklist(request, addon): """ Blocklists the app by creating a new version/file. """ if addon.status != amo.STATUS_BLOCKED: addon.create_blocklisted_version() messages.success(request, _('Created blocklisted version.')) else: messages.info(request, _('App already blocklisted.')) return redirect(addon.get_dev_url('versions'))
def edit(request): # Don't use request.amo_user since it has too much caching. amouser = UserProfile.objects.get(pk=request.user.id) if request.method == 'POST': # ModelForm alters the instance you pass in. We need to keep a copy # around in case we need to use it below (to email the user) original_email = amouser.email form = forms.UserEditForm(request.POST, request.FILES, request=request, instance=amouser) if form.is_valid(): messages.success(request, _('Profile Updated')) if amouser.email != original_email: l = {'user': amouser, 'mail1': original_email, 'mail2': amouser.email} log.info(u"User (%(user)s) has requested email change from " u"(%(mail1)s) to (%(mail2)s)" % l) messages.info( request, _('Email Confirmation Sent'), _(u'An email has been sent to {0} to confirm your new ' u'email address. For the change to take effect, you ' u'need to click on the link provided in this email. ' u'Until then, you can keep logging in with your ' u'current email address.').format(amouser.email)) token, hash_ = EmailResetCode.create(amouser.id, amouser.email) url = '%s%s' % (settings.SITE_URL, reverse('users.emailchange', args=[amouser.id, token, hash_])) t = loader.get_template('users/email/emailchange.ltxt') c = {'domain': settings.DOMAIN, 'url': url} send_mail( _('Please confirm your email address ' 'change at %s' % settings.DOMAIN), t.render(Context(c)), None, [amouser.email], use_blacklist=False, real_email=True) # Reset the original email back. We aren't changing their # address until they confirm the new one amouser.email = original_email form.save() return redirect('users.edit') else: messages.error( request, _('Errors Found'), _('There were errors in the changes you made. Please correct ' 'them and resubmit.')) else: form = forms.UserEditForm(instance=amouser, request=request) return render(request, 'users/edit.html', {'form': form, 'amouser': amouser})
def test_html_rendered_properly(): """Html markup is properly displayed in final template.""" request = HttpRequest() setattr(request, '_messages', default_storage(request)) # This will call _file_message, which in turn calls _make_message, which in # turn renders the message_content.html template, which adds html markup. # We want to make sure this markup reaches the final rendering unescaped. info(request, 'Title', 'Body') messages = django_messages.get_messages(request) template = env.get_template('messages.html') html = template.render({'messages': messages}) assert "<h2>" in html # The html from _make_message is not escaped.
def edit(request): amouser = request.user.get_profile() if request.method == 'POST': # ModelForm alters the instance you pass in. We need to keep a copy # around in case we need to use it below (to email the user) original_email = amouser.email form = forms.UserEditForm(request.POST, request.FILES, request=request, instance=amouser) if form.is_valid(): messages.success(request, _('Profile Updated')) if amouser.email != original_email: l = {'user': amouser, 'mail1': original_email, 'mail2': amouser.email} log.info(u"User (%(user)s) has requested email change from" "(%(mail1)s) to (%(mail2)s)" % l) messages.info(request, _(('An email has been sent to {0} to ' 'confirm your new email address. For the change to take ' 'effect, you need to click on the link provided in this ' 'email. Until then, you can keep logging in with your ' 'current email address.')).format(amouser.email)) domain = settings.DOMAIN token, hash = EmailResetCode.create(amouser.id, amouser.email) url = "%s%s" % (settings.SITE_URL, reverse('users.emailchange', args=[amouser.id, token, hash])) t = loader.get_template('users/email/emailchange.ltxt') c = {'domain': domain, 'url': url, } send_mail(_(("Please confirm your email address " "change at %s") % domain), t.render(Context(c)), None, [amouser.email]) # Reset the original email back. We aren't changing their # address until they confirm the new one amouser.email = original_email form.save() return http.HttpResponseRedirect(reverse('users.edit')) else: messages.error(request, _('There were errors in the changes ' 'you made. Please correct them and ' 'resubmit.')) else: form = forms.UserEditForm(instance=amouser) return jingo.render(request, 'users/edit.html', {'form': form, 'amouser': amouser})
def confirm_resend(request, user): if not user.confirmationcode: return redirect('users.login') # Potential for flood here if someone requests a confirmationcode and then # re-requests confirmations. We may need to track requests in the future. log.info(u"Account confirm re-requested for user (%s)", user) user.email_confirmation_code() msg = _(u'An email has been sent to your address {0} to confirm ' u'your account. Before you can log in, you have to activate ' u'your account by clicking on the link provided in this ' u'email.').format(user.email) messages.info(request, _('Confirmation Email Sent'), msg) return redirect('users.login')
def confirm_resend(request, user): if not user.confirmationcode: return redirect('users.login') # Potential for flood here if someone requests a confirmationcode and then # re-requests confirmations. We may need to track requests in the future. log.info(u"Account confirm re-requested for user (%s)", user) user.email_confirmation_code() msg = _(u'An email has been sent to your address {0} to confirm ' 'your account. Before you can log in, you have to activate ' 'your account by clicking on the link provided in this ' 'email.').format(user.email) messages.info(request, _('Confirmation Email Sent'), msg) return redirect('users.login')
def register(request): if request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) u.email_confirmation_code() msg = _('Congratulations! Your user account was successfully ' 'created.') messages.success(request, msg) msg = _(('An email has been sent to your address {0} to ' 'confirm your account. Before you can log in, you ' 'have to activate your account by clicking on the ' 'link provided in this email.').format(u.email)) messages.info(request, _('Confirmation Email Sent'), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to tne end user so we just log it... log.error("Failed to register new user (%s): %s" % (u, e)) amo.utils.clear_messages(request) return http.HttpResponseRedirect(reverse('users.login') + '?m=3') # TODO POSTREMORA Replace the above two lines # when remora goes away with this: #return http.HttpResponseRedirect(reverse('users.login')) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.'))
def register(request): if request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) u.email_confirmation_code() msg = _('Congratulations! Your user account was successfully ' 'created.') messages.success(request, msg) msg = _(u'An email has been sent to your address {0} to ' 'confirm your account. Before you can log in, you ' 'have to activate your account by clicking on the ' 'link provided in this email.').format(u.email) messages.info(request, _('Confirmation Email Sent'), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to tne end user so we just log it... log.error("Failed to register new user (%s): %s" % (u, e)) amo.utils.clear_messages(request) return http.HttpResponseRedirect(reverse('users.login') + '?m=3') # TODO POSTREMORA Replace the above two lines # when remora goes away with this: #return http.HttpResponseRedirect(reverse('users.login')) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.'))
def confirm_resend(request, user_id): user = get_object_or_404(UserProfile, id=user_id) if not user.confirmationcode: return http.HttpResponseRedirect(reverse('users.login')) # Potential for flood here if someone requests a confirmationcode and then # re-requests confirmations. We may need to track requests in the future. log.info(u"Account confirm re-requested for user (%s)", user) user.email_confirmation_code() msg = _(u'An email has been sent to your address {0} to confirm ' 'your account. Before you can log in, you have to activate ' 'your account by clicking on the link provided in this ' 'email.').format(user.email) messages.info(request, _('Confirmation Email Sent'), msg) return http.HttpResponseRedirect(reverse('users.login'))
def confirm_resend(request, user_id): user = get_object_or_404(UserProfile, id=user_id) if not user.confirmationcode: return http.HttpResponseRedirect(reverse('users.login')) # Potential for flood here if someone requests a confirmationcode and then # re-requests confirmations. We may need to track requests in the future. log.info(u"Account confirm re-requested for user (%s)", user) user.email_confirmation_code() msg = _('An email has been sent to your address {0} to confirm ' 'your account. Before you can log in, you have to activate ' 'your account by clicking on the link provided in this ' 'email.').format(user.email) messages.info(request, msg) return http.HttpResponseRedirect(reverse('users.login'))
def register(request): if request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) if form.is_valid(): u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) u.email_confirmation_code() messages.success( request, _('Congratulations! Your user account ' 'was successfully created.')) msg = _(('An email has been sent to your address {0} to confirm ' 'your account. Before you can log in, you have to ' 'activate your account by clicking on the link provided ' ' in this email.').format(u.email)) messages.info(request, _('Confirmation Email Sent'), msg) amo.utils.clear_messages(request) return http.HttpResponseRedirect(reverse('users.login') + '?m=3') # TODO POSTREMORA Replace the above with this line # when remora goes away #return http.HttpResponseRedirect(reverse('users.login')) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.')) else: form = forms.UserRegisterForm() return jingo.render(request, 'users/register.html', { 'form': form, })
def elastic(request): INDEX = settings.ES_INDEXES['default'] es = elasticutils.get_es() mappings = { 'addons': reindex_addons, 'apps': reindex_apps, 'collections': reindex_collections, 'compat': compatibility_report, 'users': reindex_users, 'stats_latest': index_latest_stats, 'mkt_stats': index_mkt_stats, 'mkt_stats_latest': index_latest_mkt_stats } if request.method == 'POST': if request.POST.get('recreate'): es.delete_index_if_exists(INDEX) # We must set up the mappings before we create the index again. setup_mapping() setup_indexes() if setup_mkt_indexes: setup_mkt_indexes() create_es_index_if_missing(INDEX) messages.info(request, 'Deleting %s index.' % INDEX) if request.POST.get('reindex') in mappings: name = request.POST['reindex'] # Reindex. if mappings.get(name): mappings[name]() messages.info(request, 'Reindexing %s.' % name) return redirect('zadmin.elastic') indexes = set(settings.ES_INDEXES.values()) es_mappings = es.get_mapping(None, indexes) ctx = { 'index': INDEX, 'nodes': es.cluster_nodes(), 'health': es.cluster_health(), 'state': es.cluster_state(), 'mappings': [(index, es_mappings.get(index, {})) for index in indexes], 'choices': mappings, } return jingo.render(request, 'zadmin/elastic.html', ctx)
def elastic(request): INDEX = settings.ES_INDEXES["default"] es = elasticutils.get_es() mappings = { "addons": reindex_addons, "apps": reindex_apps, "collections": reindex_collections, "compat": compatibility_report, "users": reindex_users, "stats_latest": index_latest_stats, "mkt_stats": index_mkt_stats, "mkt_stats_latest": index_latest_mkt_stats, } if request.method == "POST": if request.POST.get("recreate"): es.delete_index_if_exists(INDEX) # We must set up the mappings before we create the index again. setup_mapping() setup_indexes() if setup_mkt_indexes: setup_mkt_indexes() create_es_index_if_missing(INDEX) messages.info(request, "Deleting %s index." % INDEX) if request.POST.get("reindex") in mappings: name = request.POST["reindex"] # Reindex. if mappings.get(name): mappings[name]() messages.info(request, "Reindexing %s." % name) return redirect("zadmin.elastic") indexes = set(settings.ES_INDEXES.values()) es_mappings = es.get_mapping(None, indexes) ctx = { "index": INDEX, "nodes": es.cluster_nodes(), "health": es.cluster_health(), "state": es.cluster_state(), "mappings": [(index, es_mappings.get(index, {})) for index in indexes], "choices": mappings, } return jingo.render(request, "zadmin/elastic.html", ctx)
def confirm_resend(request, user_id): user = get_object_or_404(UserProfile, id=user_id) if not user.confirmationcode: return redirect("users.login") # Potential for flood here if someone requests a confirmationcode and then # re-requests confirmations. We may need to track requests in the future. log.info(u"Account confirm re-requested for user (%s)", user) user.email_confirmation_code() if waffle.switch_is_active("zamboni-login"): msg = _( u"An email has been sent to your address {0} to confirm " "your account. Before you can log in, you have to activate " "your account by clicking on the link provided in this " "email." ).format(user.email) messages.info(request, _("Confirmation Email Sent"), msg) return redirect("users.login")
def register(request): if request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) if form.is_valid(): u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) u.email_confirmation_code() messages.success(request, _('Congratulations! Your user account ' 'was successfully created.')) msg = _(('An email has been sent to your address {0} to confirm ' 'your account. Before you can log in, you have to ' 'activate your account by clicking on the link provided ' ' in this email.').format(u.email)) messages.info(request, msg) amo.utils.clear_messages(request) return http.HttpResponseRedirect(reverse('users.login') + '?m=3') # TODO POSTREMORA Replace the above with this line # when remora goes away #return http.HttpResponseRedirect(reverse('users.login')) else: messages.error(request, _(('There are errors in this form. Please ' 'correct them and resubmit.'))) else: form = forms.UserRegisterForm() return jingo.render(request, 'users/register.html', {'form': form, })
def test_l10n_dups(): """Test that L10n values are preserved.""" request = HttpRequest() setattr(request, '_messages', default_storage(request)) info(request, _('Title'), _('Body')) info(request, _('Title'), _('Body')) info(request, _('Another Title'), _('Another Body')) storage = django_messages.get_messages(request) eq_(len(storage), 2, 'Too few or too many messages recorded.')
def test_unicode_dups(): """Test that unicode values are preserved.""" request = HttpRequest() setattr(request, "_messages", default_storage(request)) info(request, u"Titlé", u"Body") info(request, u"Titlé", u"Body") info(request, u"Another Titlé", u"Another Body") storage = django_messages.get_messages(request) eq_(len(storage), 2, "Too few or too many messages recorded.")
def test_unicode_dups(): """Test that unicode values are preserved.""" request = HttpRequest() setattr(request, '_messages', default_storage(request)) info(request, u'Titlé', u'Body') info(request, u'Titlé', u'Body') info(request, u'Another Titlé', u'Another Body') storage = django_messages.get_messages(request) eq_(len(storage), 2, 'Too few or too many messages recorded.')
def test_no_dupes(): """Test that duplicate messages aren't saved.""" request = HttpRequest() setattr(request, '_messages', default_storage(request)) info(request, 'Title', 'Body') info(request, 'Title', 'Body') info(request, 'Another Title', 'Another Body') storage = django_messages.get_messages(request) eq_(len(storage), 2, 'Too few or too many messages recorded.')
def test_l10n_dups(): """Test that L10n values are preserved.""" request = HttpRequest() setattr(request, "_messages", default_storage(request)) info(request, _("Title"), _("Body")) info(request, _("Title"), _("Body")) info(request, _("Another Title"), _("Another Body")) storage = django_messages.get_messages(request) eq_(len(storage), 2, "Too few or too many messages recorded.")
def test_no_dupes(): """Test that duplicate messages aren't saved.""" request = HttpRequest() setattr(request, "_messages", default_storage(request)) info(request, "Title", "Body") info(request, "Title", "Body") info(request, "Another Title", "Another Body") storage = django_messages.get_messages(request) eq_(len(storage), 2, "Too few or too many messages recorded.")
def register(request): if settings.APP_PREVIEW and waffle.switch_is_active("browserid-login"): messages.error(request, loc("Registrations must be through browserid.")) form = None raise http.Http404() elif request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == "POST": form = forms.UserRegisterForm(request.POST) mkt_user = UserProfile.objects.filter(email=form.data["email"], password="") if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data["password"]) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) log_cef( "New Account", 5, request, username=u.username, signature="AUTHNOTICE", msg="User created a new account", ) u.email_confirmation_code() msg = _("Congratulations! Your user account was " "successfully created.") messages.success(request, msg) msg = _( u"An email has been sent to your address {0} to " "confirm your account. Before you can log in, you " "have to activate your account by clicking on the " "link provided in this email." ).format(u.email) messages.info(request, _("Confirmation Email Sent"), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to the end user so we just log it... log.error("Failed to register new user (%s): %s" % (u, e)) return http.HttpResponseRedirect(reverse("users.login")) elif mkt_user.exists(): # Handle BrowserID if mkt_user.count() == 1 and mkt_user[0].source in amo.LOGIN_SOURCE_BROWSERIDS: messages.info(request, _("You already have an account.")) form = None else: f = PasswordResetForm() f.users_cache = [mkt_user[0]] f.save(use_https=request.is_secure(), email_template_name="users/email/pwreset.ltxt", request=request) return jingo.render(request, "users/newpw_sent.html", {}) else: messages.error(request, _("There are errors in this form"), _("Please correct them and resubmit."))
def _login(request, template=None, data=None, dont_redirect=False): data = data or {} usercount = UserProfile.objects.count() data.update( webapp=settings.APP_PREVIEW, registration_closed=(settings.REGISTER_USER_LIMIT > 0 and usercount > settings.REGISTER_USER_LIMIT), ) # In case we need it later. See below. get_copy = request.GET.copy() if "to" in request.GET: request = _clean_next_url(request) if request.user.is_authenticated(): return redirect(request.GET.get("to", settings.LOGIN_REDIRECT_URL)) limited = getattr(request, "limited", "recaptcha_shown" in request.POST) user = None login_status = None if "username" in request.POST: try: # We are doing all this before we try and validate the form. user = UserProfile.objects.get(email=request.POST["username"]) limited = (user.failed_login_attempts >= settings.LOGIN_RATELIMIT_USER) or limited login_status = False except UserProfile.DoesNotExist: log_cef( "Authentication Failure", 5, request, username=request.POST["username"], signature="AUTHFAIL", msg="The username was invalid", ) pass partial_form = partial(forms.AuthenticationForm, use_recaptcha=limited) r = auth.views.login( request, template_name=template, redirect_field_name="to", authentication_form=partial_form, extra_context=data ) if isinstance(r, http.HttpResponseRedirect): # Django's auth.views.login has security checks to prevent someone from # redirecting to another domain. Since we want to allow this in # certain cases, we have to make a new response object here to replace # the above. if "domain" in request.GET: request.GET = get_copy request = _clean_next_url(request) r = http.HttpResponseRedirect(request.GET["to"]) # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there. user = request.user.get_profile() if user.deleted: logout(request) log.warning(u"Attempt to log in with deleted account (%s)" % user) messages.error(request, _("Wrong email address or password!")) data.update({"form": partial_form()}) user.log_login_attempt(False) log_cef( "Authentication Failure", 5, request, username=request.user, signature="AUTHFAIL", msg="Account is deactivated", ) return jingo.render(request, template, data) if user.confirmationcode: logout(request) log.info(u"Attempt to log in with unconfirmed account (%s)" % user) msg1 = _( u"A link to activate your user account was sent by email " "to your address {0}. You have to click it before you " "can log in." ).format(user.email) url = "%s%s" % (settings.SITE_URL, reverse("users.confirm.resend", args=[user.id])) msg2 = ( _( "If you did not receive the confirmation email, make " 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' "to your email address mentioned above." ) % url ) messages.error(request, _("Activation Email Sent"), msg1) messages.info(request, _("Having Trouble?"), msg2, title_safe=True, message_safe=True) data.update({"form": partial_form()}) user.log_login_attempt(False) return jingo.render(request, template, data) rememberme = request.POST.get("rememberme", None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug((u"User (%s) logged in successfully with " '"remember me" set') % user) login_status = True if dont_redirect: # We're recalling the middleware to re-initialize amo_user ACLMiddleware().process_request(request) r = jingo.render(request, template, data) if login_status is not None: user.log_login_attempt(login_status) log_cef( "Authentication Failure", 5, request, username=request.POST["username"], signature="AUTHFAIL", msg="The password was incorrect", ) if settings.REGISTER_OVERRIDE_TOKEN and request.GET.get("ro") == settings.REGISTER_OVERRIDE_TOKEN: # This allows the browser ID registration to see the token. r.set_cookie( "reg_override_token", value=settings.REGISTER_OVERRIDE_TOKEN, expires=datetime.utcnow() + timedelta(weeks=1) ) return r
def login(request, template=None): # In case we need it later. See below. get_copy = request.GET.copy() logout(request) if 'to' in request.GET: request = _clean_next_url(request) limited = getattr(request, 'limited', 'recaptcha_shown' in request.POST) partial_form = partial(forms.AuthenticationForm, use_recaptcha=limited) r = auth.views.login(request, template_name=template, redirect_field_name='to', authentication_form=partial_form) if isinstance(r, http.HttpResponseRedirect): # Django's auth.views.login has security checks to prevent someone from # redirecting to another domain. Since we want to allow this in # certain cases, we have to make a new response object here to replace # the above. if 'domain' in request.GET: request.GET = get_copy request = _clean_next_url(request) r = http.HttpResponseRedirect(request.GET['to']) # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there. user = request.user.get_profile() if user.deleted: logout(request) log.warning(u'Attempt to log in with deleted account (%s)' % user) messages.error(request, _('Wrong email address or password!')) return jingo.render(request, 'users/login.html', {'form': partial_form()}) if user.confirmationcode: logout(request) log.info(u'Attempt to log in with unconfirmed account (%s)' % user) msg1 = _(u'A link to activate your user account was sent by email ' 'to your address {0}. You have to click it before you ' 'can log in.').format(user.email) url = "%s%s" % (settings.SITE_URL, reverse('users.confirm.resend', args=[user.id])) msg2 = _(('If you did not receive the confirmation email, make ' 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' 'to your email address mentioned above.') % url) messages.error(request, _('Activation Email Sent'), msg1) messages.info(request, _('Having Trouble?'), msg2, title_safe=True) return jingo.render(request, 'users/login.html', {'form': partial_form()}) if (user.failed_login_attempts > settings.LOGIN_RATELIMIT_USER and not limited): # This reshows the form with the recaptcha. Until they are logged # in we don't know if the user needs to have recaptcha shown. # The UX for this isn't good, we should fix this. logout(request) log.info(u'Attempt to log in with too many failures (%s)' % user) form = forms.AuthenticationForm(request.POST, use_recaptcha=True) return jingo.render(request, 'users/login.html', {'form': form}) rememberme = request.POST.get('rememberme', None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug((u'User (%s) logged in successfully with ' '"remember me" set') % user) else: user.log_login_attempt(request, True) elif 'username' in request.POST: # Hitting POST directly because cleaned_data doesn't exist user = UserProfile.objects.filter(email=request.POST['username']) if user: user.get().log_login_attempt(request, False) return r
def register(request): if settings.APP_PREVIEW and waffle.switch_is_active("browserid-login"): messages.error(request, loc("Registrations must be through browserid.")) form = None elif ( settings.REGISTER_USER_LIMIT and UserProfile.objects.count() > settings.REGISTER_USER_LIMIT and not can_override_reg_limit(request) ): _m = loc( "Sorry, no more registrations are allowed. " '<a href="https://developer.mozilla.org/en-US/apps">' "Learn more</a>" ) messages.error(request, _m, title_safe=True, message_safe=True) form = None elif request.user.is_authenticated(): messages.info(request, _("You are already logged in to an account.")) form = None elif request.method == "POST": form = forms.UserRegisterForm(request.POST) mkt_user = UserProfile.objects.filter(email=form.data["email"], password="") if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data["password"]) u.generate_confirmationcode() u.save() u.create_django_user() log.info(u"Registered new account for user (%s)", u) log_cef( "New Account", 5, request, username=u.username, signature="AUTHNOTICE", msg="User created a new account", ) u.email_confirmation_code() if waffle.switch_is_active("zamboni-login"): # Hide these messages since prod still uses remora for # authentication, so django messages won't be displayed # until post-login. msg = _("Congratulations! Your user account was " "successfully created.") messages.success(request, msg) msg = _( u"An email has been sent to your address {0} to " "confirm your account. Before you can log in, you " "have to activate your account by clicking on the " "link provided in this email." ).format(u.email) messages.info(request, _("Confirmation Email Sent"), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to the end user so we just log it... log.error("Failed to register new user (%s): %s" % (u, e)) return http.HttpResponseRedirect(reverse("users.login")) elif mkt_user.exists(): f = PasswordResetForm() f.users_cache = [mkt_user[0]] f.save(use_https=request.is_secure(), email_template_name="users/email/pwreset.ltxt", request=request) return jingo.render(request, "users/newpw_sent.html", {}) else: messages.error(request, _("There are errors in this form"), _("Please correct them and resubmit."))
def register(request): if waffle.switch_is_active('browserid-login'): messages.error(request, loc('Registrations must be through browserid.')) form = None raise http.Http404() elif request.user.is_authenticated(): messages.info(request, _('You are already logged in to an account.')) form = None elif request.method == 'POST': form = forms.UserRegisterForm(request.POST) mkt_user = UserProfile.objects.filter(email=form.data['email'], password='') if form.is_valid(): try: u = form.save(commit=False) u.set_password(form.cleaned_data['password']) u.generate_confirmationcode() u.lang = request.LANG u.save() log.info(u'Registered new account for user (%s)', u) log_cef('New Account', 5, request, username=u.username, signature='AUTHNOTICE', msg='User created a new account') u.email_confirmation_code() msg = _('Congratulations! Your user account was ' 'successfully created.') messages.success(request, msg) msg = _(u'An email has been sent to your address {0} to ' 'confirm your account. Before you can log in, you ' 'have to activate your account by clicking on the ' 'link provided in this email.').format(u.email) messages.info(request, _('Confirmation Email Sent'), msg) except IntegrityError, e: # I was unable to reproduce this, but I suspect it happens # when they POST twice quickly and the slaves don't have the # new info yet (total guess). Anyway, I'm assuming the # first one worked properly, so this is still a success # case to the end user so we just log it... log.error('Failed to register new user (%s): %s' % (u, e)) return http.HttpResponseRedirect(reverse('users.login')) elif mkt_user.exists(): # Handle BrowserID if (mkt_user.count() == 1 and mkt_user[0].source in amo.LOGIN_SOURCE_BROWSERIDS): messages.info(request, _('You already have an account.')) form = None else: f = PasswordResetForm() f.users_cache = [mkt_user[0]] f.save(use_https=request.is_secure(), email_template_name='users/email/pwreset.ltxt', request=request) return render(request, 'users/newpw_sent.html', {}) else: messages.error(request, _('There are errors in this form'), _('Please correct them and resubmit.'))
def _login(request, template=None, data=None, dont_redirect=False): data = data or {} # In case we need it later. See below. get_copy = request.GET.copy() if 'to' in request.GET: request = _clean_next_url(request) if request.user.is_authenticated(): return http.HttpResponseRedirect( request.GET.get('to', settings.LOGIN_REDIRECT_URL)) limited = getattr(request, 'limited', 'recaptcha_shown' in request.POST) user = None login_status = None if 'username' in request.POST: try: # We are doing all this before we try and validate the form. user = UserProfile.objects.get(email=request.POST['username']) limited = ( (user.failed_login_attempts >= settings.LOGIN_RATELIMIT_USER) or limited) login_status = False except UserProfile.DoesNotExist: log_cef('Authentication Failure', 5, request, username=request.POST['username'], signature='AUTHFAIL', msg='The username was invalid') pass partial_form = partial(forms.AuthenticationForm, use_recaptcha=limited) r = auth.views.login(request, template_name=template, redirect_field_name='to', authentication_form=partial_form, extra_context=data) if isinstance(r, http.HttpResponseRedirect): # Django's auth.views.login has security checks to prevent someone from # redirecting to another domain. Since we want to allow this in # certain cases, we have to make a new response object here to replace # the above. if 'domain' in request.GET: request.GET = get_copy request = _clean_next_url(request) r = http.HttpResponseRedirect(request.GET['to']) # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there. if user.deleted: logout(request) log.warning(u'Attempt to log in with deleted account (%s)' % user) messages.error(request, _('Wrong email address or password!')) data.update({'form': partial_form()}) user.log_login_attempt(False) log_cef('Authentication Failure', 5, request, username=request.user, signature='AUTHFAIL', msg='Account is deactivated') return render(request, template, data) if user.confirmationcode: logout(request) log.info(u'Attempt to log in with unconfirmed account (%s)' % user) msg1 = _(u'A link to activate your user account was sent by email ' u'to your address {0}. You have to click it before you ' u'can log in.').format(user.email) url = "%s%s" % (settings.SITE_URL, reverse('users.confirm.resend', args=[user.id])) msg2 = _('If you did not receive the confirmation email, make ' 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' 'to your email address mentioned above.') % url messages.error(request, _('Activation Email Sent'), msg1) messages.info(request, _('Having Trouble?'), msg2, title_safe=True, message_safe=True) data.update({'form': partial_form()}) user.log_login_attempt(False) return render(request, template, data) rememberme = request.POST.get('rememberme', None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug( u'User (%s) logged in successfully with "remember me" set' % user) login_status = True if dont_redirect: # We're recalling the middleware to re-initialize amo_user ACLMiddleware().process_request(request) r = render(request, template, data) if login_status is not None: user.log_login_attempt(login_status) log_cef('Authentication Failure', 5, request, username=request.POST['username'], signature='AUTHFAIL', msg='The password was incorrect') return r
def _login(request, template=None, data=None, dont_redirect=False): data = data or {} data['webapp'] = settings.APP_PREVIEW # In case we need it later. See below. get_copy = request.GET.copy() if 'to' in request.GET: request = _clean_next_url(request) if request.user.is_authenticated(): return http.HttpResponseRedirect( request.GET.get('to', settings.LOGIN_REDIRECT_URL)) limited = getattr(request, 'limited', 'recaptcha_shown' in request.POST) user = None login_status = None if 'username' in request.POST: try: # We are doing all this before we try and validate the form. user = UserProfile.objects.get(email=request.POST['username']) limited = ((user.failed_login_attempts >= settings.LOGIN_RATELIMIT_USER) or limited) login_status = False except UserProfile.DoesNotExist: log_cef('Authentication Failure', 5, request, username=request.POST['username'], signature='AUTHFAIL', msg='The username was invalid') pass partial_form = partial(forms.AuthenticationForm, use_recaptcha=limited) r = auth.views.login(request, template_name=template, redirect_field_name='to', authentication_form=partial_form, extra_context=data) if isinstance(r, http.HttpResponseRedirect): # Django's auth.views.login has security checks to prevent someone from # redirecting to another domain. Since we want to allow this in # certain cases, we have to make a new response object here to replace # the above. if 'domain' in request.GET: request.GET = get_copy request = _clean_next_url(request) r = http.HttpResponseRedirect(request.GET['to']) # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there. user = request.user.get_profile() if user.deleted: logout(request) log.warning(u'Attempt to log in with deleted account (%s)' % user) messages.error(request, _('Wrong email address or password!')) data.update({'form': partial_form()}) user.log_login_attempt(False) log_cef('Authentication Failure', 5, request, username=request.user, signature='AUTHFAIL', msg='Account is deactivated') return jingo.render(request, template, data) if user.confirmationcode: logout(request) log.info(u'Attempt to log in with unconfirmed account (%s)' % user) msg1 = _(u'A link to activate your user account was sent by email ' 'to your address {0}. You have to click it before you ' 'can log in.').format(user.email) url = "%s%s" % (settings.SITE_URL, reverse('users.confirm.resend', args=[user.id])) msg2 = _('If you did not receive the confirmation email, make ' 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' 'to your email address mentioned above.') % url messages.error(request, _('Activation Email Sent'), msg1) messages.info(request, _('Having Trouble?'), msg2, title_safe=True, message_safe=True) data.update({'form': partial_form()}) user.log_login_attempt(False) return jingo.render(request, template, data) rememberme = request.POST.get('rememberme', None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug((u'User (%s) logged in successfully with ' '"remember me" set') % user) login_status = True if dont_redirect: # We're recalling the middleware to re-initialize amo_user ACLMiddleware().process_request(request) r = jingo.render(request, template, data) if login_status is not None: user.log_login_attempt(login_status) log_cef('Authentication Failure', 5, request, username=request.POST['username'], signature='AUTHFAIL', msg='The password was incorrect') return r
def login(request): # In case we need it later. See below. get_copy = request.GET.copy() logout(request) if 'to' in request.GET: request = _clean_next_url(request) r = auth.views.login(request, template_name='users/login.html', redirect_field_name='to', authentication_form=forms.AuthenticationForm) if isinstance(r, http.HttpResponseRedirect): # Django's auth.views.login has security checks to prevent someone from # redirecting to another domain. Since we want to allow this in certain # cases, we have to make a new response object here to replace the above if 'domain' in request.GET: request.GET = get_copy request = _clean_next_url(request) r = http.HttpResponseRedirect(request.GET['to']) # Succsesful log in according to django. Now we do our checks. I do # the checks here instead of the form's clean() because I want to use # the messages framework and it's not available in the request there user = request.user.get_profile() if user.deleted: logout(request) log.warning(u'Attempt to log in with deleted account (%s)' % user) messages.error(request, _('Wrong email address or password!')) return jingo.render(request, 'users/login.html', {'form': forms.AuthenticationForm()}) if user.confirmationcode: logout(request) log.info(u'Attempt to log in with unconfirmed account (%s)' % user) msg1 = _(('A link to activate your user account was sent by email ' 'to your address {0}. You have to click it before you ' 'can log in.').format(user.email)) url = "%s%s" % (settings.SITE_URL, reverse('users.confirm.resend', args=[user.id])) msg2 = _(('If you did not receive the confirmation email, make ' 'sure your email service did not mark it as "junk ' 'mail" or "spam". If you need to, you can have us ' '<a href="%s">resend the confirmation message</a> ' 'to your email address mentioned above.') % url) messages.error(request, _('Activation Email Sent'), msg1) messages.info(request, _('Having Trouble?'), msg2, title_safe=True) return jingo.render(request, 'users/login.html', {'form': forms.AuthenticationForm()}) rememberme = request.POST.get('rememberme', None) if rememberme: request.session.set_expiry(settings.SESSION_COOKIE_AGE) log.debug((u'User (%s) logged in successfully with ' '"remember me" set') % user) else: user.log_login_attempt(request, True) elif 'username' in request.POST: # Hitting POST directly because cleaned_data doesn't exist user = UserProfile.objects.filter(email=request.POST['username']) if user: user.get().log_login_attempt(request, False) return r