Ejemplo n.º 1
0
def form(request):
    message = None
    if request.method == 'POST':
        form = UserSendSpecialMailForm(request.POST, request=request)
        if form.is_valid():
            user = form.found_user
            user_ban = check_ban(username=user.username, email=user.email)
            if user_ban:
                return error_banned(request, user, user_ban)
            elif user.activation != User.ACTIVATION_NONE:
                return error403(request, Message(request, 'users/activation/required', {'user': user}))
            user.token = get_random_string(12)
            user.save(force_update=True)
            request.messages.set_flash(Message(request, 'users/password/reset_confirm', extra={'user':user}), 'success')
            user.email_user(
                            request,
                            'users/password/confirm',
                            _("Confirm New Password Request")
                            )
            return redirect(reverse('index'))
        else:
            message = Message(request, form.non_field_errors()[0])
    else:
        form = UserSendSpecialMailForm(request=request)
    return request.theme.render_to_response('users/forgot_password.html',
                                            {
                                             'message': message,
                                             'form': FormLayout(form),
                                            },
                                            context_instance=RequestContext(request));
Ejemplo n.º 2
0
def reset(request, username="", user="******", token=""):
    user = int(user)
    try:
        user = User.objects.get(pk=user)
        user_ban = check_ban(username=user.username, email=user.email)
        if user_ban:
            return error_banned(request, user, user_ban)
        if user.activation != User.ACTIVATION_NONE:
            return error403(request, Message(request, 'users/activation/required', {'user': user}))
        if not token or not user.token or user.token != token:
            return error403(request, Message(request, 'users/invalid_confirmation_link', {'user': user}))
        new_password = get_random_string(6)
        user.token = None
        user.set_password(new_password)
        user.save(force_update=True)
        # Logout signed in and kill remember me tokens
        Session.objects.filter(user=user).update(user=None)
        Token.objects.filter(user=user).delete()
        # Set flash and mail new password
        request.messages.set_flash(Message(request, 'users/password/reset_done', extra={'user':user}), 'success')
        user.email_user(
                        request,
                        'users/password/new',
                        _("Your New Password"),
                        {'password': new_password}
                        )
        return redirect(reverse('sign_in'))
    except User.DoesNotExist:
        return error404(request)
Ejemplo n.º 3
0
def reset(request, username="", user="******", token=""):
    user = int(user)
    try:
        user = User.objects.get(pk=user)
        user_ban = check_ban(username=user.username, email=user.email)
        if user_ban:
            return error_banned(request, user, user_ban)
        if user.activation != User.ACTIVATION_NONE:
            return error403(
                request,
                Message(request, 'users/activation/required', {'user': user}))
        if not token or not user.token or user.token != token:
            return error403(
                request,
                Message(request, 'users/invalid_confirmation_link',
                        {'user': user}))
        new_password = get_random_string(6)
        user.token = None
        user.set_password(new_password)
        user.save(force_update=True)
        # Logout signed in and kill remember me tokens
        Session.objects.filter(user=user).update(user=None)
        Token.objects.filter(user=user).delete()
        # Set flash and mail new password
        request.messages.set_flash(
            Message(request, 'users/password/reset_done',
                    extra={'user': user}), 'success')
        user.email_user(request, 'users/password/new', _("Your New Password"),
                        {'password': new_password})
        return redirect(reverse('sign_in'))
    except User.DoesNotExist:
        return error404(request)
Ejemplo n.º 4
0
def form(request):
    message = None
    if request.method == 'POST':
        form = UserSendSpecialMailForm(request.POST, request=request)
        if form.is_valid():
            user = form.found_user
            user_ban = check_ban(username=user.username, email=user.email)
            if user_ban:
                return error_banned(request, user, user_ban)
            elif user.activation != User.ACTIVATION_NONE:
                return error403(
                    request,
                    Message(request, 'users/activation/required',
                            {'user': user}))
            user.token = get_random_string(12)
            user.save(force_update=True)
            request.messages.set_flash(
                Message(request,
                        'users/password/reset_confirm',
                        extra={'user': user}), 'success')
            user.email_user(request, 'users/password/confirm',
                            _("Confirm New Password Request"))
            return redirect(reverse('index'))
        else:
            message = Message(request, form.non_field_errors()[0])
    else:
        form = UserSendSpecialMailForm(request=request)
    return request.theme.render_to_response(
        'users/forgot_password.html', {
            'message': message,
            'form': FormLayout(form),
        },
        context_instance=RequestContext(request))
Ejemplo n.º 5
0
 def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', activation=0, request=False):
     token = ''
     if activation > 0:
         token = get_random_string(12)
         
     if timezone == False:
         try:
             timezone = request.settings['default_timezone']
             db_settings = request.settings
         except AttributeError:
             db_settings = DBSettings()
             timezone = db_settings['default_timezone']
     
     # Get first rank
     try:
         default_rank = Rank.objects.filter(special=0).order_by('order')[0]
     except Rank.DoesNotExist:
         default_rank = None
     
     # Store user in database
     new_user = User(
                     join_date=tz_util.now(),
                     join_ip=ip,
                     activation=activation,
                     token=token,
                     timezone=timezone,
                     rank=default_rank,
                     )
     
     new_user.set_username(username)
     new_user.set_email(email)
     new_user.set_password(password)
     new_user.full_clean()
     new_user.default_avatar(db_settings)
     new_user.save(force_insert=True)
     
     # Set user roles
     new_user.roles.add(Role.objects.get(token='registered'))
     new_user.save(force_update=True)
     
     # Load monitor
     try:
         monitor = request.monitor
     except AttributeError:
         monitor = Monitor()
     
     # Update forum stats
     if activation == 0:
         monitor['users'] = int(monitor['users']) + 1
         monitor['last_user'] = new_user.pk
         monitor['last_user_name'] = new_user.username
         monitor['last_user_slug'] = new_user.username_slug
     else:
         monitor['users_inactive'] = int(monitor['users_inactive']) + 1
         
     # Return new user
     return new_user
Ejemplo n.º 6
0
 def process_request(self, request):
     if request.user.is_crawler():
         return None
     if 'csrf_token' in request.session:
         csrf_token = request.session['csrf_token']
     else:
         csrf_token = get_random_string(16);
         request.session['csrf_token'] = csrf_token
     request.csrf = CSRFProtection(csrf_token)
Ejemplo n.º 7
0
 def process_request(self, request):
     if request.user.is_crawler():
         return None
     if 'csrf_token' in request.session:
         csrf_token = request.session['csrf_token']
     else:
         csrf_token = get_random_string(16)
         request.session['csrf_token'] = csrf_token
     request.csrf = CSRFProtection(csrf_token)
Ejemplo n.º 8
0
 def _get_new_session_key(self):
     return get_random_string(42)
Ejemplo n.º 9
0
    def create_user(self,
                    username,
                    email,
                    password,
                    timezone=False,
                    ip='127.0.0.1',
                    activation=0,
                    request=False):
        token = ''
        if activation > 0:
            token = get_random_string(12)

        if timezone == False:
            try:
                timezone = request.settings['default_timezone']
                db_settings = request.settings
            except AttributeError:
                db_settings = DBSettings()
                timezone = db_settings['default_timezone']

        # Get first rank
        try:
            default_rank = Rank.objects.filter(special=0).order_by('order')[0]
        except Rank.DoesNotExist:
            default_rank = None

        # Store user in database
        new_user = User(
            join_date=tz_util.now(),
            join_ip=ip,
            activation=activation,
            token=token,
            timezone=timezone,
            rank=default_rank,
        )

        new_user.set_username(username)
        new_user.set_email(email)
        new_user.set_password(password)
        new_user.full_clean()
        new_user.default_avatar(db_settings)
        new_user.save(force_insert=True)

        # Set user roles
        new_user.roles.add(Role.objects.get(token='registered'))
        new_user.save(force_update=True)

        # Load monitor
        try:
            monitor = request.monitor
        except AttributeError:
            monitor = Monitor()

        # Update forum stats
        if activation == 0:
            monitor['users'] = int(monitor['users']) + 1
            monitor['last_user'] = new_user.pk
            monitor['last_user_name'] = new_user.username
            monitor['last_user_slug'] = new_user.username_slug
        else:
            monitor['users_inactive'] = int(monitor['users_inactive']) + 1

        # Return new user
        return new_user
Ejemplo n.º 10
0
def signin(request):
    message = request.messages.get_message('security')
    if request.method == 'POST':
        form = SignInForm(
                          request.POST,
                          show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
                          show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'],
                          request=request
                          )
        if form.is_valid():
            try:
                # Configure correct auth and redirect links
                if request.firewall.admin:
                    auth_method = auth_admin
                    success_redirect = reverse(site.get_admin_index())
                else:
                    auth_method = auth_forum
                    success_redirect = reverse('index')
                
                # Authenticate user
                user = auth_method(
                                  request,
                                  form.cleaned_data['user_email'],
                                  form.cleaned_data['user_password'],
                                  )
                
                if not request.firewall.admin and request.settings['sessions_hidden'] and form.cleaned_data['user_stay_hidden']:
                    request.session.hidden = True                    
                
                sign_user_in(request, user, request.session.hidden)     
                           
                remember_me_token = False
                if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']:
                    remember_me_token = get_random_string(42)
                    remember_me = Token(
                                        id=remember_me_token,
                                        user=user,
                                        created=timezone.now(),
                                        accessed=timezone.now(),
                                        hidden=request.session.hidden
                                        )
                    remember_me.save()
                if remember_me_token:
                    request.cookie_jar.set('TOKEN', remember_me_token, True)
                request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security')
                return redirect(success_redirect)
            except AuthException as e:
                message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban})
                message.type = 'error'
                # If not in Admin, register failed attempt
                if not request.firewall.admin and e.type == auth.CREDENTIALS:
                    SignInAttempt.objects.register_attempt(request.session.get_ip(request))
                    # Have we jammed our account?
                    if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)):
                        request.jam.expires = timezone.now()
                        return redirect(reverse('sign_in'))
        else:
            message = Message(request, form.non_field_errors()[0])
            message.type = 'error'
    else:
        form = SignInForm(
                          show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
                          show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'],
                          request=request
                          )
    return request.theme.render_to_response('signin.html',
                                            {
                                             'message': message,
                                             'form': FormLayout(form, [
                                                 (
                                                     None,
                                                     [('user_email', {'attrs': {'placeholder': _("Enter your e-mail")}}), ('user_password', {'has_value': False, 'placeholder': _("Enter your password")})]
                                                 ),
                                                 (
                                                     None,
                                                     ['user_remember_me', 'user_stay_hidden'],
                                                 ),
                                             ]),
                                             'hide_signin': True, 
                                            },
                                            context_instance=RequestContext(request));
Ejemplo n.º 11
0
 def _get_new_session_key(self):
     return get_random_string(42)