Ejemplo n.º 1
0
def signup(request):
    user = request.user
    if user.is_authenticated():
        return HttpResponseRedirect(reverse_lazy('dashboard'))
    form = RegistrationForm()
    if request.method == 'POST':
        form = RegistrationForm(data=request.POST)
        if form.is_valid():
            email = form.cleaned_data['email']
            password = form.cleaned_data['password']
            existing_user = get_object_or_None(AuthUser, email=email)

            if existing_user:
                msg = _('That email already belongs to someone, please login:'******'Login Successful')
                messages.success(request, msg)

                return HttpResponseRedirect(reverse_lazy('dashboard'))

    elif request.method == 'GET':
        # Preseed name and/or email if passed through GET string
        email = request.GET.get('e')
        full_name = request.GET.get('name')
        if email or full_name:
            form = RegistrationForm(initial={
                'email': email,
                'full_name': full_name,
            })

    return {
        'form': form,
        'is_input_page': True,
    }
Ejemplo n.º 2
0
def reset_pw(request, verif_code):
    '''
    Page you arrive on after clicking a link to (re)set your password
    '''
    sent_email = get_object_or_404(SentEmail, verif_code=verif_code)

    if now() - sent_email.sent_at > timedelta(hours=72):
        msg = _('Sorry, that link has expired. Please try again.')
        messages.warning(request, msg)
        return HttpResponseRedirect(reverse_lazy('forgot_password'))

    if sent_email.verified_at and (now() - sent_email.verified_at >
                                   timedelta(minutes=60)):
        msg = _('Sorry, that was already used. Please try again.')
        messages.warning(request, msg)
        return HttpResponseRedirect(reverse_lazy('forgot_password'))

    else:
        form = SetPWForm()
        if request.method == 'POST':
            form = SetPWForm(data=request.POST)
            if form.is_valid():
                sent_email.verify_user_email(request)

                password = form.cleaned_data['password']
                auth_user = sent_email.auth_user

                auth_user.set_password(password)
                auth_user.save()

                msg = _('Your password has been set.')
                messages.success(request, msg)

                # login user
                user_to_login = authenticate(email=auth_user.email,
                                             password=password)
                login(request, user_to_login)

                # Log the login
                LoggedLogin.record_login(request)

                # All done
                return HttpResponseRedirect(reverse_lazy('dashboard'))

    return {
        # 'user': sent_email.auth_user,
        'form': form,
        'verif_code': verif_code,
        'is_input_page': True,
    }
Ejemplo n.º 3
0
def confirm_subscription(request, verif_code):
    '''
    New user onboarding where they confirm their email and then we ask for a PW
    '''
    sent_email = get_object_or_404(SentEmail, verif_code=verif_code)
    auth_user = sent_email.auth_user

    # Login the user
    # http://stackoverflow.com/a/3807891/1754586
    auth_user.backend = 'django.contrib.auth.backends.ModelBackend'
    login(request, auth_user)

    # Log the login
    LoggedLogin.record_login(request)

    if sent_email.verified_at and auth_user.email_verified:
        # already verified
        msg = _('<b>%(email_address)s</b> already verified' %
                {'email_address': sent_email.to_email})
        messages.info(request, msg, extra_tags='safe')
        return HttpResponseRedirect(reverse_lazy('dashboard'))

    else:
        # not yet verified
        sent_email.verify_user_email(request)

        if sent_email.address_forwarding:
            b58_address = sent_email.address_forwarding.initial_address
        else:
            b58_address = sent_email.address_subscription.b58_address

        msg_merge = {
            'email_address': sent_email.to_email,
            'b58_address': b58_address,
        }
        msg = _(
            '<b>%(email_address)s</b> verified, you will now receive email notifications for <b>%(b58_address)s</b>.'
            % msg_merge)
        messages.info(request, msg, extra_tags='safe')

        # Ask them to create a new PW
        return HttpResponseRedirect(reverse_lazy('password_upsell'))
Ejemplo n.º 4
0
def unsubscribe_address(request, unsub_code):
    '''
    1-click unsubscribe an address via email
    '''
    sent_email = get_object_or_404(SentEmail, unsub_code=unsub_code)

    auth_user = sent_email.auth_user

    # Login the user
    # http://stackoverflow.com/a/3807891/1754586
    auth_user.backend = 'django.contrib.auth.backends.ModelBackend'
    login(request, auth_user)

    # Log the login
    LoggedLogin.record_login(request)

    if sent_email.unsubscribed_at:
        msg = _("You've already unsubscribed from this alert")
        messages.info(request, msg)

    else:
        address_subscription = sent_email.address_subscription
        assert address_subscription

        address_subscription.user_unsubscribe_subscription()

        addr_uri = reverse('address_overview',
                           kwargs={
                               'coin_symbol': address_subscription.coin_symbol,
                               'address': address_subscription.b58_address,
                           })

        msg = _(
            'You have been unsubscribed from notifications on <a href="%(addr_uri)s">%(b58_address)s</a>'
            % {
                'b58_address': address_subscription.b58_address,
                'addr_uri': addr_uri,
            })
        messages.info(request, msg, extra_tags='safe')

    return HttpResponseRedirect(reverse('dashboard'))
Ejemplo n.º 5
0
def setup_address_forwarding(request, coin_symbol):

    # kind of tricky because we have to deal with both logged in and new users
    already_authenticated = request.user.is_authenticated()

    initial = {'coin_symbol': coin_symbol}

    if already_authenticated:
        form = KnownUserAddressForwardingForm(initial=initial)
    else:
        form = NewUserAddressForwardingForm(initial=initial)

    if request.method == 'POST':
        if already_authenticated:
            form = KnownUserAddressForwardingForm(data=request.POST)
        else:
            form = NewUserAddressForwardingForm(data=request.POST)

        if form.is_valid():
            coin_symbol = form.cleaned_data['coin_symbol']
            destination_address = form.cleaned_data['coin_address']
            user_email = form.cleaned_data.get('email')
            # optional. null in case of KnownUserAddressForwardingForm

            if already_authenticated:
                auth_user = request.user
            else:
                auth_user = None

                if user_email:
                    # Check for existing user with that email
                    existing_user = get_object_or_None(AuthUser,
                                                       email=user_email)
                    if existing_user:
                        msg = _(
                            'Please first login to this account to create a notification'
                        )
                        messages.info(request, msg)
                        return HttpResponseRedirect(
                            existing_user.get_login_uri())

                    else:
                        # Create user with unknown (random) password
                        auth_user = AuthUser.objects.create_user(
                            email=user_email,
                            password=None,  # it will create a random pw
                            creation_ip=get_client_ip(request),
                            creation_user_agent=get_user_agent(request),
                        )

                        # Login the user
                        # http://stackoverflow.com/a/3807891/1754586
                        auth_user.backend = 'django.contrib.auth.backends.ModelBackend'
                        login(request, auth_user)

                        # Log the login
                        LoggedLogin.record_login(request)
                else:
                    # No user email given, proceed anonymously
                    # FIXME: confirm this
                    pass

            # Setup Payment Forwarding
            forwarding_address_details = get_forwarding_address_details(
                destination_address=destination_address,
                api_key=BLOCKCYPHER_API_KEY,
                callback_url=
                None,  # notifications happen separately (and not always)
                coin_symbol=coin_symbol,
            )

            if 'error' in forwarding_address_details:
                # Display error message back to user
                messages.warning(request,
                                 forwarding_address_details['error'],
                                 extra_tags='safe')

            else:

                initial_address = forwarding_address_details['input_address']

                # create forwarding object
                address_forwarding_obj = AddressForwarding.objects.create(
                    coin_symbol=coin_symbol,
                    initial_address=initial_address,
                    destination_address=destination_address,
                    auth_user=auth_user,
                    blockcypher_id=forwarding_address_details['id'],
                )

                subscribe_uri = reverse('subscribe_address',
                                        kwargs={'coin_symbol': coin_symbol})
                uri_qs = {'a': initial_address}
                if user_email:
                    uri_qs['e'] = user_email
                if already_authenticated:
                    uri_qs['e'] = auth_user.email
                subscribe_uri = '%s?%s' % (subscribe_uri, urlencode(uri_qs))

                initial_addr_uri = reverse('address_overview',
                                           kwargs={
                                               'coin_symbol': coin_symbol,
                                               'address': initial_address,
                                           })
                destination_addr_uri = reverse('address_overview',
                                               kwargs={
                                                   'coin_symbol': coin_symbol,
                                                   'address':
                                                   destination_address,
                                               })
                msg_merge_dict = {
                    'initial_address': initial_address,
                    'initial_addr_uri': initial_addr_uri,
                    'destination_address': destination_address,
                    'destination_addr_uri': destination_addr_uri,
                    'subscribe_uri': subscribe_uri,
                    'small_payments_msg': SMALL_PAYMENTS_MSG,
                }
                if auth_user:
                    msg_merge_dict['user_email'] = auth_user.email

                if user_email or (
                        already_authenticated
                        and form.cleaned_data['wants_email_notification']):

                    # Create an address subscription for all of these cases

                    # Hit blockcypher and return subscription id
                    callback_uri = reverse(
                        'address_webhook',
                        kwargs={
                            'secret_key': WEBHOOK_SECRET_KEY,
                            # hack for rare case of two webhooks requested on same address:
                            'ignored_key': simple_pw_generator(num_chars=10),
                        })
                    callback_url = uri_to_url(callback_uri)
                    bcy_id = subscribe_to_address_webhook(
                        subscription_address=initial_address,
                        callback_url=callback_url,
                        coin_symbol=coin_symbol,
                        api_key=BLOCKCYPHER_API_KEY,
                    )

                    # only notify for deposits
                    AddressSubscription.objects.create(
                        coin_symbol=coin_symbol,
                        b58_address=initial_address,
                        auth_user=auth_user,
                        blockcypher_id=bcy_id,
                        notify_on_deposit=True,
                        notify_on_withdrawal=False,
                        address_forwarding_obj=address_forwarding_obj,
                    )

                    if user_email:
                        # New signup
                        msg = _('''
                        Transactions sent to <a href="%(initial_addr_uri)s">%(initial_address)s</a>
                        will now be automatically forwarded to <a href="%(destination_addr_uri)s">%(destination_address)s</a>,
                        but you must confirm your email to receive notifications.
                        <br /><br /> <i>%(small_payments_msg)s</i>
                        ''' % msg_merge_dict)
                        messages.success(request, msg, extra_tags='safe')

                        address_forwarding_obj.send_forwarding_welcome_email()
                        return HttpResponseRedirect(
                            reverse('unconfirmed_email'))
                    else:
                        if auth_user.email_verified:

                            msg = _('''
                            Transactions sent to <a href="%(initial_addr_uri)s">%(initial_address)s</a>
                            will now be automatically forwarded to <a href="%(destination_addr_uri)s">%(destination_address)s</a>,
                            and you will immediately receive an email notification at <b>%(user_email)s</b>.
                            <br /><br /> <i>%(small_payments_msg)s</i>
                            ''' % msg_merge_dict)
                            messages.success(request, msg, extra_tags='safe')

                            return HttpResponseRedirect(reverse('dashboard'))

                        else:
                            # existing unconfirmed user
                            msg = _('''
                            Transactions sent to <a href="%(initial_addr_uri)s">%(initial_address)s</a>
                            will now be automatically forwarded to <a href="%(destination_addr_uri)s">%(destination_address)s</a>,
                            but you must confirm your email to receive notifications.
                            <br /><br /> <i>%(small_payments_msg)s</i>
                            ''' % msg_merge_dict)
                            messages.success(request, msg, extra_tags='safe')

                            address_forwarding_obj.send_forwarding_welcome_email(
                            )

                            return HttpResponseRedirect(
                                reverse('unconfirmed_email'))

                elif already_authenticated:
                    # already authenticated and doesn't want subscriptions
                    msg = _('''
                    Transactions sent to <a href="%(initial_addr_uri)s">%(initial_address)s</a>
                    will now be automatically forwarded to <a href="%(destination_addr_uri)s">%(destination_address)s</a>.
                    You will not receive email notifications (<a href="%(subscribe_uri)s">subscribe</a>).
                    <br /><br /> <i>%(small_payments_msg)s</i>
                    ''' % msg_merge_dict)
                    messages.success(request, msg, extra_tags='safe')

                    return HttpResponseRedirect(reverse('dashboard'))

                else:
                    # New signup sans email
                    msg = _('''
                    Transactions sent to <a href="%(initial_addr_uri)s">%(initial_address)s</a>
                    will now be automatically forwarded to <a href="%(destination_addr_uri)s">%(destination_address)s</a>.
                    You will not receive email notifications (<a href="%(subscribe_uri)s">subscribe</a>).
                    <br /><br /> <i>%(small_payments_msg)s</i>
                    ''' % msg_merge_dict)
                    messages.success(request, msg, extra_tags='safe')

                    return HttpResponseRedirect(destination_addr_uri)

    elif request.method == 'GET':
        coin_address = request.GET.get('a')
        subscriber_email = request.GET.get('e')
        if coin_address:
            initial['coin_address'] = coin_address
        if subscriber_email and not already_authenticated:
            initial['email'] = subscriber_email
        if coin_address or subscriber_email:
            if already_authenticated:
                form = KnownUserAddressForwardingForm(initial=initial)
            else:
                form = NewUserAddressForwardingForm(initial=initial)

    return {
        'form': form,
        'coin_symbol': coin_symbol,
        'is_input_page': True,
    }
Ejemplo n.º 6
0
def subscribe_address(request, coin_symbol):

    already_authenticated = request.user.is_authenticated()
    # kind of tricky because we have to deal with both logged in and new users

    initial = {'coin_symbol': coin_symbol}

    if already_authenticated:
        form = KnownUserAddressSubscriptionForm(initial=initial)
    else:
        form = NewUserAddressSubscriptionForm(initial=initial)

    if request.method == 'POST':
        if already_authenticated:
            form = KnownUserAddressSubscriptionForm(data=request.POST)
        else:
            form = NewUserAddressSubscriptionForm(data=request.POST)

        if form.is_valid():
            coin_symbol = form.cleaned_data['coin_symbol']
            coin_address = form.cleaned_data['coin_address']

            if already_authenticated:
                auth_user = request.user
            else:
                user_email = form.cleaned_data['email']
                # Check for existing user with that email
                existing_user = get_object_or_None(AuthUser, email=user_email)
                if existing_user:
                    msg = _(
                        'Please first login to this account to create a notification'
                    )
                    messages.info(request, msg)
                    return HttpResponseRedirect(existing_user.get_login_uri())

                else:
                    # Create user with unknown (random) password
                    auth_user = AuthUser.objects.create_user(
                        email=user_email,
                        password=None,  # it will create a random pw
                        creation_ip=get_client_ip(request),
                        creation_user_agent=get_user_agent(request),
                    )

                    # Login the user
                    # http://stackoverflow.com/a/3807891/1754586
                    auth_user.backend = 'django.contrib.auth.backends.ModelBackend'
                    login(request, auth_user)

                    # Log the login
                    LoggedLogin.record_login(request)

            existing_subscription_cnt = AddressSubscription.objects.filter(
                auth_user=auth_user,
                b58_address=coin_address,
                unsubscribed_at=None,
                disabled_at=None,
            ).count()
            if existing_subscription_cnt:
                msg = _(
                    "You're already subscribed to that address. Please choose another address."
                )
                messages.warning(request, msg)
            else:
                # TODO: this is inefficiently happening before email verification

                # Hit blockcypher and return subscription id
                callback_uri = reverse(
                    'address_webhook',
                    kwargs={
                        'secret_key': WEBHOOK_SECRET_KEY,
                        # hack for rare case of two webhooks requested on same address:
                        'ignored_key': simple_pw_generator(num_chars=10),
                    })
                callback_url = uri_to_url(callback_uri)
                bcy_id = subscribe_to_address_webhook(
                    subscription_address=coin_address,
                    callback_url=callback_url,
                    coin_symbol=coin_symbol,
                    api_key=BLOCKCYPHER_API_KEY,
                )

                address_subscription = AddressSubscription.objects.create(
                    coin_symbol=coin_symbol,
                    b58_address=coin_address,
                    auth_user=auth_user,
                    blockcypher_id=bcy_id,
                )

                address_uri = reverse('address_overview',
                                      kwargs={
                                          'coin_symbol': coin_symbol,
                                          'address': coin_address,
                                      })
                if already_authenticated and auth_user.email_verified:
                    msg = _(
                        'You will now be emailed notifications for <a href="%(address_uri)s">%(coin_address)s</a>'
                        % {
                            'coin_address': coin_address,
                            'address_uri': address_uri,
                        })
                    messages.success(request, msg, extra_tags='safe')
                    return HttpResponseRedirect(reverse('dashboard'))
                else:
                    address_subscription.send_notifications_welcome_email()
                    return HttpResponseRedirect(reverse('unconfirmed_email'))

    elif request.method == 'GET':
        coin_address = request.GET.get('a')
        subscriber_email = request.GET.get('e')
        if coin_address:
            initial['coin_address'] = coin_address
        if subscriber_email and not already_authenticated:
            initial['email'] = subscriber_email
        if coin_address or subscriber_email:
            if already_authenticated:
                form = KnownUserAddressSubscriptionForm(initial=initial)
            else:
                form = NewUserAddressSubscriptionForm(initial=initial)

    return {
        'form': form,
        'coin_symbol': coin_symbol,
        'is_input_page': True,
    }
Ejemplo n.º 7
0
def user_login(request):
    user = request.user
    if user.is_authenticated():
        # TODO: notification
        return HttpResponseRedirect(reverse_lazy('dashboard'))

    form = LoginForm()
    if request.method == 'POST':
        form = LoginForm(data=request.POST)
        if form.is_valid():
            email = form.cleaned_data['email']
            password = form.cleaned_data['password']

            auth_user = get_object_or_None(AuthUser, email=email)
            if auth_user:
                if auth_user.has_usable_password():
                    user = authenticate(email=email, password=password)
                    if user:
                        login(request, user)
                        LoggedLogin.record_login(request)
                        if user.is_staff:
                            return HttpResponseRedirect('/admin/')
                        else:
                            post_login_url = reverse_lazy('dashboard')
                            return HttpResponseRedirect(post_login_url)
                    else:
                        pw_reset_uri = reverse_lazy('forgot_password')
                        pw_reset_uri = '%s?e=%s' % (pw_reset_uri,
                                                    escape(email))
                        msg = _(
                            'Sorry, that password is incorrect. Would you like to <a href="%(pw_reset_uri)s">reset your password</a>?'
                            % {
                                'pw_reset_uri': pw_reset_uri,
                            })
                        messages.warning(request, msg, extra_tags='safe')
                else:
                    msg = _(
                        "Sorry, that account doesn't have a password set yet.")
                    messages.info(request, msg, extra_tags='safe')
                    redir_uri = reverse_lazy('forgot_password')
                    redir_uri = '%s?e=%s' % (redir_uri, escape(email))
                    return HttpResponseRedirect(redir_uri)

            else:
                signup_base = reverse_lazy('signup')
                signup_uri = '%s?e=%s' % (signup_base, escape(email))
                msg = _(
                    'Account not found. Did you mean to <a href="%(signup_uri)s">sign up</a>?'
                    % {
                        'signup_uri': signup_uri,
                    })
                messages.warning(request, msg, extra_tags='safe')
    elif request.method == 'GET':
        email = request.GET.get('e')
        if email:
            form = LoginForm(initial={'email': email})

    return {
        'form': form,
        'is_input_page': True,
    }