def register(request):
"""allow only an anonymous user to register"""
redirect_to = sanitize_redirection(request)
if request.user.is_anonymous:
if request.method == 'POST':
try:
stub_account = User.objects.filter(
profile__stub_account=True,
).get(
email__iexact=request.POST.get('email'),
)
except User.DoesNotExist:
stub_account = False
if stub_account:
form = UserCreationFormExtended(
request.POST,
instance=stub_account
)
else:
form = UserCreationFormExtended(request.POST)
consent_form = OptInConsentForm(request.POST)
if form.is_valid() and consent_form.is_valid():
cd = form.cleaned_data
if not stub_account:
# make a new user that is active, but has not confirmed
# their email address
user = User.objects.create_user(
cd['username'],
cd['email'],
cd['password1']
)
up = UserProfile(user=user)
else:
# Upgrade the stub account to make it a regular account.
user = stub_account
user.set_password(cd['password1'])
user.username = cd['username']
up = stub_account.profile
up.stub_account = False
if cd['first_name']:
user.first_name = cd['first_name']
if cd['last_name']:
user.last_name = cd['last_name']
user.save()
# Build and assign the activation key
up.activation_key = sha1_activation_key(user.username)
up.key_expires = now() + timedelta(days=5)
up.save()
email = emails['confirm_your_new_account']
send_mail(
email['subject'],
email['body'] % (user.username, up.activation_key),
email['from'],
[user.email]
)
email = emails['new_account_created']
send_mail(
email['subject'] % up.user.username,
email['body'] % (
up.user.get_full_name() or "Not provided",
up.user.email
),
email['from'],
email['to'],
)
tally_stat('user.created')
get_str = '?next=%s&email=%s' % (urlencode(redirect_to),
urlencode(user.email))
return HttpResponseRedirect(reverse('register_success') +
get_str)
else:
form = UserCreationFormExtended()
consent_form = OptInConsentForm()
return render(request, "register/register.html", {
'form': form,
'consent_form': consent_form,
'private': False
})
else:
# The user is already logged in. Direct them to their settings page as
# a logical fallback
return HttpResponseRedirect(reverse('view_settings'))
def register(request: HttpRequest) -> HttpResponse:
"""allow only an anonymous user to register"""
redirect_to = get_redirect_or_login_url(request, "next")
if request.user.is_anonymous:
if request.method == "POST":
try:
stub_account = User.objects.filter(
profile__stub_account=True, ).get(
email__iexact=request.POST.get("email"))
except User.DoesNotExist:
stub_account = False
if stub_account:
form = UserCreationFormExtended(request.POST,
instance=stub_account)
else:
form = UserCreationFormExtended(request.POST)
consent_form = OptInConsentForm(request.POST)
if form.is_valid() and consent_form.is_valid():
cd = form.cleaned_data
if not stub_account:
# make a new user that is active, but has not confirmed
# their email address
user = User.objects.create_user(cd["username"],
cd["email"],
cd["password1"])
up = UserProfile(user=user)
else:
# Upgrade the stub account to make it a regular account.
user = stub_account
user.set_password(cd["password1"])
user.username = cd["username"]
up = stub_account.profile
up.stub_account = False
if cd["first_name"]:
user.first_name = cd["first_name"]
if cd["last_name"]:
user.last_name = cd["last_name"]
user.save()
# Build and assign the activation key
up.activation_key = sha1_activation_key(user.username)
up.key_expires = now() + timedelta(days=5)
up.save()
email: EmailType = emails["confirm_your_new_account"]
send_mail(
email["subject"],
email["body"] % (user.username, up.activation_key),
email["from_email"],
[user.email],
)
email: EmailType = emails["new_account_created"]
send_mail(
email["subject"] % up.user.username,
email["body"] % (
up.user.get_full_name() or "Not provided",
up.user.email,
),
email["from_email"],
email["to"],
)
tally_stat("user.created")
get_str = "?next=%s&email=%s" % (
urlencode(redirect_to),
urlencode(user.email),
)
return HttpResponseRedirect(
reverse("register_success") + get_str)
else:
form = UserCreationFormExtended()
consent_form = OptInConsentForm()
return render(
request,
"register/register.html",
{
"form": form,
"consent_form": consent_form,
"private": False
},
)
else:
# The user is already logged in. Direct them to their settings page as
# a logical fallback
return HttpResponseRedirect(reverse("view_settings"))
def register(request):
"""allow only an anonymous user to register"""
redirect_to = request.GET.get('next', '')
if 'sign-in' in redirect_to:
# thus, we don't redirect people back to the sign-in form
redirect_to = ''
# security checks:
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.user.is_anonymous():
if request.method == 'POST':
try:
stub_account = User.objects.filter(
profile__stub_account=True, ).get(
email__iexact=request.POST.get('email'), )
except User.DoesNotExist:
stub_account = False
if stub_account:
form = UserCreationFormExtended(request.POST,
instance=stub_account)
else:
form = UserCreationFormExtended(request.POST)
if form.is_valid():
cd = form.cleaned_data
if not stub_account:
# make a new user that is active, but has not confirmed
# their email address
user = User.objects.create_user(cd['username'],
cd['email'],
cd['password1'])
up = UserProfile(user=user)
else:
# Upgrade the stub account to make it a regular account.
user = stub_account
user.set_password(cd['password1'])
user.username = cd['username']
up = stub_account.profile
up.stub_account = False
if cd['first_name']:
user.first_name = cd['first_name']
if cd['last_name']:
user.last_name = cd['last_name']
user.save()
# Build and assign the activation key
salt = hashlib.sha1(str(random.random())).hexdigest()[:5]
up.activation_key = hashlib.sha1(salt +
user.username).hexdigest()
up.key_expires = now() + timedelta(days=5)
up.save()
email = emails['confirm_your_new_account']
send_mail(email['subject'],
email['body'] % (user.username, up.activation_key),
email['from'], [user.email])
email = emails['new_account_created']
send_mail(
email['subject'] % up.user.username,
email['body'] %
(up.user.get_full_name() or "Not provided", up.user.email),
email['from'],
email['to'],
)
tally_stat('user.created')
return HttpResponseRedirect(
reverse('register_success') + '?next=%s' % redirect_to)
else:
form = UserCreationFormExtended()
return render(request, "register/register.html", {
'form': form,
'private': False
})
else:
# The user is already logged in. Direct them to their settings page as
# a logical fallback
return HttpResponseRedirect(reverse('view_settings'))
def register(request):
"""allow only an anonymous user to register"""
redirect_to = request.GET.get('next', '')
if 'sign-in' in redirect_to:
# thus, we don't redirect people back to the sign-in form
redirect_to = ''
# security checks:
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or ' ' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Heavier security check -- redirects to http://example.com should
# not be allowed, but things like /view/?param=http://example.com
# should be allowed. This regex checks if there is a '//' *before* a
# question mark.
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.user.is_anonymous:
if request.method == 'POST':
try:
stub_account = User.objects.filter(
profile__stub_account=True,
).get(
email__iexact=request.POST.get('email'),
)
except User.DoesNotExist:
stub_account = False
if stub_account:
form = UserCreationFormExtended(
request.POST,
instance=stub_account
)
else:
form = UserCreationFormExtended(request.POST)
consent_form = OptInConsentForm(request.POST)
if form.is_valid() and consent_form.is_valid():
cd = form.cleaned_data
if not stub_account:
# make a new user that is active, but has not confirmed
# their email address
user = User.objects.create_user(
cd['username'],
cd['email'],
cd['password1']
)
up = UserProfile(user=user)
else:
# Upgrade the stub account to make it a regular account.
user = stub_account
user.set_password(cd['password1'])
user.username = cd['username']
up = stub_account.profile
up.stub_account = False
if cd['first_name']:
user.first_name = cd['first_name']
if cd['last_name']:
user.last_name = cd['last_name']
user.save()
# Build and assign the activation key
salt = hashlib.sha1(str(random.random())).hexdigest()[:5]
up.activation_key = hashlib.sha1(
salt + user.username).hexdigest()
up.key_expires = now() + timedelta(days=5)
up.save()
email = emails['confirm_your_new_account']
send_mail(
email['subject'],
email['body'] % (user.username, up.activation_key),
email['from'],
[user.email]
)
email = emails['new_account_created']
send_mail(
email['subject'] % up.user.username,
email['body'] % (
up.user.get_full_name() or "Not provided",
up.user.email
),
email['from'],
email['to'],
)
tally_stat('user.created')
get_str = '?next=%s&email=%s' % (urlencode(redirect_to),
urlencode(user.email))
return HttpResponseRedirect(reverse('register_success') +
get_str)
else:
form = UserCreationFormExtended()
consent_form = OptInConsentForm()
return render(request, "register/register.html", {
'form': form,
'consent_form': consent_form,
'private': False
})
else:
# The user is already logged in. Direct them to their settings page as
# a logical fallback
return HttpResponseRedirect(reverse('view_settings'))
