def submitbug(request):
if request.method == 'POST':
form = SubmitBugForm(request.POST)
if form.is_valid():
c = connection.cursor()
c.execute("SELECT nextval('bug_id_seq')")
bugid = c.fetchall()[0][0]
send_template_mail(
form.cleaned_data['email'],
settings.BUGREPORT_EMAIL,
'BUG #%s: %s' % (bugid, form.cleaned_data['shortdesc']),
'misc/bugmail.txt',
{
'bugid': bugid,
'bug': form.cleaned_data,
}
)
return render_to_response('misc/bug_completed.html', {
'bugid': bugid,
}, NavContext(request, 'support'))
else:
form = SubmitBugForm()
versions = Version.objects.filter(supported=True)
return render_to_response('base/form.html', {
'form': form,
'formitemtype': 'bug report',
'operation': 'Submit',
'form_intro': template_to_string('misc/bug_header.html', {
'supportedversions': versions,
}),
}, NavContext(request, 'support'))
def change_email(request):
tokens = EmailChangeToken.objects.filter(user=request.user)
token = len(tokens) and tokens[0] or None
if request.method == 'POST':
form = ChangeEmailForm(request.user, data=request.POST)
if form.is_valid():
# If there is an existing token, delete it
if token:
token.delete()
# Create a new token
token = EmailChangeToken(user=request.user,
email=form.cleaned_data['email'],
token=generate_random_token())
token.save()
send_template_mail(settings.NOTIFICATION_FROM,
form.cleaned_data['email'],
'Your postgresql.org community account',
'account/email_change_email.txt',
{ 'token': token , 'user': request.user, }
)
return HttpResponseRedirect('done/')
else:
form = ChangeEmailForm(request.user)
return render_to_response('account/emailchangeform.html', {
'form': form,
'token': token,
}, NavContext(request, "account"))
def resetpwd(request):
# Basic django password reset feature is completely broken. For example, it does not support
# resetting passwords for users with "old hashes", which means they have no way to ever
# recover. So implement our own, since it's quite the trivial feature.
if request.method == "POST":
try:
u = User.objects.get(email__iexact=request.POST['email'])
if u.password == OAUTH_PASSWORD_STORE:
return HttpServerError(request, "This account cannot change password as it's connected to a third party login site.")
except User.DoesNotExist:
log.info("Attempting to reset password of {0}, user not found".format(request.POST['email']))
return HttpResponseRedirect('/account/reset/done/')
form = PgwebPasswordResetForm(data=request.POST)
if form.is_valid():
log.info("Initiating password set from {0} for {1}".format(get_client_ip(request), form.cleaned_data['email']))
token = default_token_generator.make_token(u)
send_template_mail(settings.ACCOUNTS_NOREPLY_FROM,
form.cleaned_data['email'],
'Password reset for your postgresql.org account',
'account/password_reset_email.txt',
{
'user': u,
'uid': urlsafe_base64_encode(force_bytes(u.pk)),
'token': token,
},
)
return HttpResponseRedirect('/account/reset/done/')
else:
form = PgwebPasswordResetForm()
return render_pgweb(request, 'account', 'account/password_reset.html', {
'form': form,
})
def signup(request):
if request.user.is_authenticated:
return HttpSimpleResponse(
request, "Account error",
"You must log out before you can sign up for a new account")
if request.method == 'POST':
# Attempt to create user then, eh?
form = SignupForm(get_client_ip(request), data=request.POST)
if form.is_valid():
# Attempt to create the user here
# XXX: Do we need to validate something else?
log.info("Creating user for {0} from {1}".format(
form.cleaned_data['username'], get_client_ip(request)))
user = User.objects.create_user(
form.cleaned_data['username'].lower(),
form.cleaned_data['email'].lower(),
last_login=datetime.now())
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
# generate a random value for password. It won't be possible to log in with it, but
# it creates more entropy for the token generator (I think).
user.password = generate_random_token()
user.save()
# Now generate a token
token = default_token_generator.make_token(user)
log.info("Generated token {0} for user {1} from {2}".format(
token, form.cleaned_data['username'], get_client_ip(request)))
# Generate an outgoing email
send_template_mail(
settings.ACCOUNTS_NOREPLY_FROM, form.cleaned_data['email'],
'Your new postgresql.org community account',
'account/new_account_email.txt', {
'uid': urlsafe_base64_encode(force_bytes(user.id)),
'token': token,
'user': user
})
return HttpResponseRedirect('/account/signup/complete/')
else:
form = SignupForm(get_client_ip(request))
return render_pgweb(
request, 'account', 'base/form.html', {
'form': form,
'formitemtype': 'Account',
'form_intro': """
To sign up for a free community account, enter your preferred userid and email address.
Note that a community account is only needed if you want to submit information - all
content is available for reading without an account. A confirmation email will be sent
to the specified address, and once confirmed a password for the new account can be specified.
""",
'savebutton': 'Sign up',
'operation': 'New',
'recaptcha': True,
})
def resetpwd(request):
# Basic django password reset feature is completely broken. For example, it does not support
# resetting passwords for users with "old hashes", which means they have no way to ever
# recover. So implement our own, since it's quite the trivial feature.
if request.method == "POST":
try:
u = User.objects.get(email__iexact=request.POST['email'])
if u.password == OAUTH_PASSWORD_STORE:
return HttpServerError(request, "This account cannot change password as it's connected to a third party login site.")
except User.DoesNotExist:
log.info("Attempting to reset password of {0}, user not found".format(request.POST['email']))
return HttpResponseRedirect('/account/reset/done/')
form = PgwebPasswordResetForm(data=request.POST)
if form.is_valid():
log.info("Initiating password set from {0} for {1}".format(get_client_ip(request), form.cleaned_data['email']))
token = default_token_generator.make_token(u)
send_template_mail(
settings.ACCOUNTS_NOREPLY_FROM,
form.cleaned_data['email'],
'Password reset for your postgresql.org account',
'account/password_reset_email.txt',
{
'user': u,
'uid': urlsafe_base64_encode(force_bytes(u.pk)),
'token': token,
},
)
return HttpResponseRedirect('/account/reset/done/')
else:
form = PgwebPasswordResetForm()
return render_pgweb(request, 'account', 'account/password_reset.html', {
'form': form,
})
def submitbug(request):
if request.method == "POST":
form = SubmitBugForm(request.POST)
if form.is_valid():
c = connection.cursor()
c.execute("SELECT nextval('bug_id_seq')")
bugid = c.fetchall()[0][0]
send_template_mail(
form.cleaned_data["email"],
settings.BUGREPORT_EMAIL,
"BUG #%s: %s" % (bugid, form.cleaned_data["shortdesc"]),
"misc/bugmail.txt",
{"bugid": bugid, "bug": form.cleaned_data},
)
return render_to_response("misc/bug_completed.html", {"bugid": bugid}, NavContext(request, "support"))
else:
form = SubmitBugForm()
versions = Version.objects.filter(supported=True)
return render_to_response(
"base/form.html",
{
"form": form,
"formitemtype": "bug report",
"operation": "Submit",
"nocsrf": True,
"form_intro": template_to_string("misc/bug_header.html", {"supportedversions": versions}),
},
NavContext(request, "support"),
)
def admin_resetpassword(request, userid):
user = get_object_or_404(User, pk=userid)
if request.method == 'POST':
form = AdminResetPasswordForm(data=request.POST)
if form.is_valid():
log.info("Admin {0} initiating password reset for {1}".format(
request.user.username, user.email))
token = default_token_generator.make_token(user)
send_template_mail(
settings.ACCOUNTS_NOREPLY_FROM,
user.email,
'Password reset for your postgresql.org account',
'account/password_reset_email.txt',
{
'user': user,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': token,
},
)
messages.info(request, "Password reset token sent.")
return HttpResponseRedirect("../")
else:
form = AdminResetPasswordForm()
return render(
request, 'core/admin_reset_password.html', {
'is_oauth': user.password == OAUTH_PASSWORD_STORE,
'user': user,
'form': form,
})
def change_email(request):
tokens = EmailChangeToken.objects.filter(user=request.user)
token = len(tokens) and tokens[0] or None
if request.method == 'POST':
form = ChangeEmailForm(request.user, data=request.POST)
if form.is_valid():
# If there is an existing token, delete it
if token:
token.delete()
# Create a new token
token = EmailChangeToken(user=request.user,
email=form.cleaned_data['email'],
token=generate_random_token())
token.save()
send_template_mail(settings.NOTIFICATION_FROM,
form.cleaned_data['email'],
'Your postgresql.org community account',
'account/email_change_email.txt',
{ 'token': token , 'user': request.user, }
)
return HttpResponseRedirect('done/')
else:
form = ChangeEmailForm(request.user)
return render_to_response('account/emailchangeform.html', {
'form': form,
'token': token,
}, NavContext(request, "account"))
def submitbug(request):
if request.method == 'POST':
form = SubmitBugForm(request.POST)
if form.is_valid():
c = connection.cursor()
c.execute("SELECT nextval('bug_id_seq')")
bugid = c.fetchall()[0][0]
send_template_mail(
settings.BUGREPORT_NOREPLY_EMAIL,
settings.BUGREPORT_EMAIL,
'BUG #%s: %s' % (bugid, form.cleaned_data['shortdesc']),
'misc/bugmail.txt',
{
'bugid': bugid,
'bug': form.cleaned_data,
},
usergenerated=True,
cc=form.cleaned_data['email'],
replyto='%s, %s' %
(form.cleaned_data['email'], settings.BUGREPORT_EMAIL),
sendername="PG Bug reporting form",
)
return render_pgweb(request, 'support', 'misc/bug_completed.html',
{
'bugid': bugid,
})
else:
form = SubmitBugForm(
initial={
'name': '%s %s' %
(request.user.first_name, request.user.last_name),
'email': request.user.email,
})
versions = Version.objects.filter(supported=True)
return render_pgweb(
request, 'support', 'base/form.html', {
'form':
form,
'formitemtype':
'bug report',
'formtitle':
'Submit Bug Report <i class="fas fa-bug"></i>',
'operation':
'Submit',
'form_intro':
template_to_string('misc/bug_header.html', {
'supportedversions': versions,
}),
'savebutton':
'Submit and Send Email',
})
def handle(self, *args, **options):
with transaction.atomic():
counts = [{'name': str(x['name']), 'count': len(x['entries'])} for x in get_all_pending_moderations()]
if len(counts):
# Generate an email and send it off
send_template_mail(settings.NOTIFICATION_FROM,
settings.NOTIFICATION_EMAIL,
"PostgreSQL moderation report: %s" % datetime.now(),
"core/moderation_report.txt",
{
'items': counts,
})
def commentform(request, itemid, version, filename):
if version == 'current':
v = Version.objects.get(current=True)
else:
v = get_object_or_404(Version, tree=version)
if not v.supported:
# No docs comments on unsupported versions
return HttpResponseRedirect("/docs/{0}/{1}".format(version, filename))
if request.method == 'POST':
form = DocCommentForm(request.POST)
if form.is_valid():
if version == '0.0':
version = 'devel'
send_template_mail(
settings.DOCSREPORT_NOREPLY_EMAIL,
settings.DOCSREPORT_EMAIL,
'%s' % form.cleaned_data['shortdesc'],
'docs/docsbugmail.txt', {
'version': version,
'filename': filename,
'details': form.cleaned_data['details'],
},
usergenerated=True,
cc=form.cleaned_data['email'],
replyto='%s, %s' %
(form.cleaned_data['email'], settings.DOCSREPORT_EMAIL),
sendername='PG Doc comments form')
return HttpResponseRedirect("done/")
else:
form = DocCommentForm(
initial={
'name': '%s %s' %
(request.user.first_name, request.user.last_name),
'email': request.user.email,
})
return render_pgweb(
request, 'docs', 'base/form.html', {
'form':
form,
'formitemtype':
'documentation comment',
'operation':
'Submit',
'form_intro':
template_to_string('docs/docsbug.html', {
'user': request.user,
}),
'savebutton':
'Send Email',
})
def signup(request):
if request.user.is_authenticated():
return HttpServerError(request, "You must log out before you can sign up for a new account")
if request.method == 'POST':
# Attempt to create user then, eh?
form = SignupForm(get_client_ip(request), data=request.POST)
if form.is_valid():
# Attempt to create the user here
# XXX: Do we need to validate something else?
log.info("Creating user for {0} from {1}".format(form.cleaned_data['username'], get_client_ip(request)))
user = User.objects.create_user(form.cleaned_data['username'].lower(), form.cleaned_data['email'].lower(), last_login=datetime.now())
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
# generate a random value for password. It won't be possible to log in with it, but
# it creates more entropy for the token generator (I think).
user.password = generate_random_token()
user.save()
# Now generate a token
token = default_token_generator.make_token(user)
log.info("Generated token {0} for user {1} from {2}".format(token, form.cleaned_data['username'], get_client_ip(request)))
# Generate an outgoing email
send_template_mail(settings.ACCOUNTS_NOREPLY_FROM,
form.cleaned_data['email'],
'Your new postgresql.org community account',
'account/new_account_email.txt',
{'uid': urlsafe_base64_encode(force_bytes(user.id)), 'token': token, 'user': user}
)
return HttpResponseRedirect('/account/signup/complete/')
else:
form = SignupForm(get_client_ip(request))
return render_pgweb(request, 'account', 'base/form.html', {
'form': form,
'formitemtype': 'Account',
'form_intro': """
To sign up for a free community account, enter your preferred userid and email address.
Note that a community account is only needed if you want to submit information - all
content is available for reading without an account. A confirmation email will be sent
to the specified address, and once confirmed a password for the new account can be specified.
""",
'savebutton': 'Sign up',
'operation': 'New',
'recaptcha': True,
})
def save(self, commit=True):
model = super(OrganisationForm, self).save(commit=False)
ops = []
if self.cleaned_data.get('add_email', None):
# Create the email record
e = OrganisationEmail(
org=model,
address=self.cleaned_data['add_email'].lower(),
token=generate_random_token())
e.save()
# Send email for confirmation
send_template_mail(
settings.NOTIFICATION_FROM,
e.address,
"Email address added to postgresql.org organisation",
'core/org_add_email.txt',
{
'org': model,
'email': e,
},
)
ops.append('Added email {}, confirmation request sent'.format(
e.address))
if self.cleaned_data.get('remove_email', None):
for e in self.cleaned_data['remove_email']:
ops.append('Removed email {}'.format(e.address))
e.delete()
if 'add_manager' in self.cleaned_data and self.cleaned_data[
'add_manager']:
u = User.objects.get(
email=self.cleaned_data['add_manager'].lower())
model.managers.add(u)
ops.append('Added manager {}'.format(u.username))
if 'remove_manager' in self.cleaned_data and self.cleaned_data[
'remove_manager']:
for toremove in self.cleaned_data['remove_manager']:
model.managers.remove(toremove)
ops.append('Removed manager {}'.format(toremove.username))
if ops:
send_simple_mail(
settings.NOTIFICATION_FROM, settings.NOTIFICATION_EMAIL,
"{0} modified {1}".format(get_current_user().username, model),
"The following changes were made to {}:\n\n{}".format(
model, "\n".join(ops)))
return model
def submitbug(request):
if request.method == 'POST':
form = SubmitBugForm(request.POST)
if form.is_valid():
with transaction.atomic():
c = connection.cursor()
c.execute("SELECT nextval('bug_id_seq')")
bugid = c.fetchall()[0][0]
messageid = _make_bugs_messageid(bugid)
BugIdMap(id=bugid, messageid=messageid.strip('<>')).save()
send_template_mail(
settings.BUGREPORT_NOREPLY_EMAIL,
settings.BUGREPORT_EMAIL,
'BUG #%s: %s' % (bugid, form.cleaned_data['shortdesc']),
'misc/bugmail.txt',
{
'bugid': bugid,
'bug': form.cleaned_data,
},
usergenerated=True,
cc=form.cleaned_data['email'],
replyto='%s, %s' % (form.cleaned_data['email'], settings.BUGREPORT_EMAIL),
sendername="PG Bug reporting form",
messageid=messageid,
)
return HttpResponseRedirect("/account/submitbug/{0}/".format(bugid))
else:
form = SubmitBugForm(initial={
'name': '%s %s' % (request.user.first_name, request.user.last_name),
'email': request.user.email,
})
versions = Version.objects.filter(supported=True)
return render_pgweb(request, 'support', 'base/form.html', {
'form': form,
'formitemtype': 'bug report',
'formtitle': 'Submit Bug Report <i class="fas fa-bug"></i>',
'operation': 'Submit',
'form_intro': template_to_string('misc/bug_header.html', {
'supportedversions': versions,
}),
'savebutton': 'Submit and Send Email',
})
def signup(request):
if request.user.is_authenticated():
return HttpServerError("You must log out before you can sign up for a new account")
if request.method == "POST":
# Attempt to create user then, eh?
form = SignupForm(data=request.POST)
if form.is_valid():
# Attempt to create the user here
# XXX: Do we need to validate something else?
user = User.objects.create_user(form.cleaned_data["username"].lower(), form.cleaned_data["email"])
user.first_name = form.cleaned_data["first_name"]
user.last_name = form.cleaned_data["last_name"]
user.save()
# Now generate a token
token = default_token_generator.make_token(user)
# Generate an outgoing email
send_template_mail(
settings.NOTIFICATION_FROM,
form.cleaned_data["email"],
"Your new postgresql.org community account",
"account/new_account_email.txt",
{"uid": int_to_base36(user.id), "token": token, "user": user},
)
return HttpResponseRedirect("/account/signup/complete/")
else:
form = SignupForm()
return render_to_response(
"base/form.html",
{
"form": form,
"formitemtype": "Account",
"form_intro": """
To sign up for a free community account, enter your preferred userid and email address.
Note that a community account is only needed if you want to submit information - all
content is available for reading without an account.
""",
"savebutton": "Sign up",
"operation": "New",
},
NavContext(request, "account"),
)
def commentform(request, itemid, version, filename):
if version == 'current':
v = Version.objects.get(current=True)
else:
v = get_object_or_404(Version, tree=version)
if not v.supported:
# No docs comments on unsupported versions
return HttpResponseRedirect("/docs/{0}/{1}".format(version, filename))
if request.method == 'POST':
form = DocCommentForm(request.POST)
if form.is_valid():
if version == '0.0':
version = 'devel'
send_template_mail(
settings.DOCSREPORT_NOREPLY_EMAIL,
settings.DOCSREPORT_EMAIL,
'%s' % form.cleaned_data['shortdesc'],
'docs/docsbugmail.txt', {
'version': version,
'filename': filename,
'details': form.cleaned_data['details'],
},
usergenerated=True,
cc=form.cleaned_data['email'],
replyto='%s, %s' % (form.cleaned_data['email'], settings.DOCSREPORT_EMAIL),
sendername='PG Doc comments form'
)
return HttpResponseRedirect("done/")
else:
form = DocCommentForm(initial={
'name': '%s %s' % (request.user.first_name, request.user.last_name),
'email': request.user.email,
})
return render_pgweb(request, 'docs', 'base/form.html', {
'form': form,
'formitemtype': 'documentation comment',
'operation': 'Submit',
'form_intro': template_to_string('docs/docsbug.html', {
'user': request.user,
}),
'savebutton': 'Send Email',
})
def submitbug(request):
if request.method == 'POST':
form = SubmitBugForm(request.POST)
if form.is_valid():
c = connection.cursor()
c.execute("SELECT nextval('bug_id_seq')")
bugid = c.fetchall()[0][0]
send_template_mail(form.cleaned_data['email'],
settings.BUGREPORT_EMAIL,
'BUG #%s: %s' %
(bugid, form.cleaned_data['shortdesc']),
'misc/bugmail.txt', {
'bugid': bugid,
'bug': form.cleaned_data,
},
usergenerated=True)
return render_to_response('misc/bug_completed.html', {
'bugid': bugid,
}, NavContext(request, 'support'))
else:
form = SubmitBugForm(
initial={
'name': '%s %s' %
(request.user.first_name, request.user.last_name),
'email': request.user.email,
})
versions = Version.objects.filter(supported=True)
return render_to_response(
'base/form.html', {
'form':
form,
'formitemtype':
'bug report',
'operation':
'Submit',
'form_intro':
template_to_string('misc/bug_header.html', {
'supportedversions': versions,
}),
}, NavContext(request, 'support'))
def signup(request):
if request.user.is_authenticated():
return HttpServerError("You must log out before you can sign up for a new account")
if request.method == 'POST':
# Attempt to create user then, eh?
form = SignupForm(data=request.POST)
if form.is_valid():
# Attempt to create the user here
# XXX: Do we need to validate something else?
user = User.objects.create_user(form.cleaned_data['username'].lower(), form.cleaned_data['email'].lower())
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
user.save()
# Now generate a token
token = default_token_generator.make_token(user)
# Generate an outgoing email
send_template_mail(settings.NOTIFICATION_FROM,
form.cleaned_data['email'],
'Your new postgresql.org community account',
'account/new_account_email.txt',
{ 'uid': int_to_base36(user.id), 'token': token, 'user': user}
)
return HttpResponseRedirect('/account/signup/complete/')
else:
form = SignupForm()
return render_to_response('base/form.html', {
'form': form,
'formitemtype': 'Account',
'form_intro': """
To sign up for a free community account, enter your preferred userid and email address.
Note that a community account is only needed if you want to submit information - all
content is available for reading without an account.
""",
'savebutton': 'Sign up',
'operation': 'New',
}, NavContext(request, 'account'))
def change_email(request):
tokens = EmailChangeToken.objects.filter(user=request.user)
token = len(tokens) and tokens[0] or None
if request.user.password == OAUTH_PASSWORD_STORE:
# Link shouldn't exist in this case, so just throw an unfriendly
# error message.
return HttpServerError(
request,
"This account cannot change email address as it's connected to a third party login site."
)
if request.method == 'POST':
form = ChangeEmailForm(request.user, data=request.POST)
if form.is_valid():
# If there is an existing token, delete it
if token:
token.delete()
# Create a new token
token = EmailChangeToken(user=request.user,
email=form.cleaned_data['email'].lower(),
token=generate_random_token())
token.save()
send_template_mail(settings.ACCOUNTS_NOREPLY_FROM,
form.cleaned_data['email'],
'Your postgresql.org community account',
'account/email_change_email.txt', {
'token': token,
'user': request.user,
})
return HttpResponseRedirect('done/')
else:
form = ChangeEmailForm(request.user)
return render_pgweb(request, 'account', 'account/emailchangeform.html', {
'form': form,
'token': token,
})
def commentform(request, itemid, version, filename):
if request.method == 'POST':
form = DocCommentForm(request.POST)
if form.is_valid():
send_template_mail(
form.cleaned_data['email'],
settings.DOCSREPORT_EMAIL,
'%s' % form.cleaned_data['shortdesc'],
'docs/docsbugmail.txt',
{
'version': version,
'filename': filename,
'details': form.cleaned_data['details'],
},
usergenerated=True,
)
return render_to_response('docs/docsbug_completed.html', {},
NavContext(request, 'docs'))
else:
form = DocCommentForm(
initial={
'name': '%s %s' %
(request.user.first_name, request.user.last_name),
'email': request.user.email,
})
return render_to_response(
'base/form.html', {
'form':
form,
'formitemtype':
'documentation correction',
'operation':
'Submit',
'form_intro':
template_to_string('docs/docsbug.html', {
'user': request.user,
}),
}, NavContext(request, 'docs'))
def change_email(request):
tokens = EmailChangeToken.objects.filter(user=request.user)
token = len(tokens) and tokens[0] or None
if request.user.password == OAUTH_PASSWORD_STORE:
# Link shouldn't exist in this case, so just throw an unfriendly
# error message.
return HttpServerError(request, "This account cannot change email address as it's connected to a third party login site.")
if request.method == 'POST':
form = ChangeEmailForm(request.user, data=request.POST)
if form.is_valid():
# If there is an existing token, delete it
if token:
token.delete()
# Create a new token
token = EmailChangeToken(user=request.user,
email=form.cleaned_data['email'].lower(),
token=generate_random_token())
token.save()
send_template_mail(
settings.ACCOUNTS_NOREPLY_FROM,
form.cleaned_data['email'],
'Your postgresql.org community account',
'account/email_change_email.txt',
{'token': token, 'user': request.user, }
)
return HttpResponseRedirect('done/')
else:
form = ChangeEmailForm(request.user)
return render_pgweb(request, 'account', 'account/emailchangeform.html', {
'form': form,
'token': token,
})
def profile(request):
# We always have the user, but not always the profile. And we need a bit
# of a hack around the normal forms code since we have two different
# models on a single form.
(profile, created) = UserProfile.objects.get_or_create(pk=request.user.pk)
# Don't allow users whose accounts were created via oauth to change
# their email, since that would kill the connection between the
# accounts.
can_change_email = (request.user.password != OAUTH_PASSWORD_STORE)
# We may have a contributor record - and we only show that part of the
# form if we have it for this user.
try:
contrib = Contributor.objects.get(user=request.user.pk)
except Contributor.DoesNotExist:
contrib = None
contribform = None
secondaryaddresses = SecondaryEmail.objects.filter(user=request.user)
if request.method == 'POST':
# Process this form
userform = UserForm(can_change_email,
secondaryaddresses,
data=request.POST,
instance=request.user)
profileform = UserProfileForm(data=request.POST, instance=profile)
secondaryemailform = AddEmailForm(request.user, data=request.POST)
if contrib:
contribform = ContributorForm(data=request.POST, instance=contrib)
if userform.is_valid() and profileform.is_valid(
) and secondaryemailform.is_valid() and (not contrib
or contribform.is_valid()):
user = userform.save()
# Email takes some magic special handling, since we only allow picking of existing secondary emails, but it's
# not a foreign key (due to how the django auth model works).
if can_change_email and userform.cleaned_data[
'primaryemail'] != user.email:
# Changed it!
oldemail = user.email
# Create a secondary email for the old primary one
SecondaryEmail(user=user,
email=oldemail,
confirmed=True,
token='').save()
# Flip the main email
user.email = userform.cleaned_data['primaryemail']
user.save(update_fields=[
'email',
])
# Finally remove the old secondary address, since it can`'t be both primary and secondary at the same time
SecondaryEmail.objects.filter(user=user,
email=user.email).delete()
log.info("User {} changed primary email from {} to {}".format(
user.username, oldemail, user.email))
profileform.save()
if contrib:
contribform.save()
if secondaryemailform.cleaned_data.get('email1', ''):
sa = SecondaryEmail(
user=request.user,
email=secondaryemailform.cleaned_data['email1'],
token=generate_random_token())
sa.save()
send_template_mail(settings.ACCOUNTS_NOREPLY_FROM, sa.email,
'Your postgresql.org community account',
'account/email_add_email.txt', {
'secondaryemail': sa,
'user': request.user,
})
for k, v in request.POST.items():
if k.startswith('deladdr_') and v == '1':
ii = int(k[len('deladdr_'):])
SecondaryEmail.objects.filter(user=request.user,
id=ii).delete()
return HttpResponseRedirect(".")
else:
# Generate form
userform = UserForm(can_change_email,
secondaryaddresses,
instance=request.user)
profileform = UserProfileForm(instance=profile)
secondaryemailform = AddEmailForm(request.user)
if contrib:
contribform = ContributorForm(instance=contrib)
return render_pgweb(
request, 'account', 'account/userprofileform.html', {
'userform': userform,
'profileform': profileform,
'secondaryemailform': secondaryemailform,
'secondaryaddresses': secondaryaddresses,
'secondarypending': any(not a.confirmed
for a in secondaryaddresses),
'contribform': contribform,
})
