def register_hash(request, hashcode, group = None):
params = dict([(x[0],x[1][0]) for x in urldecode(decryptString( settings.SECRET_KEY, hashcode )).iteritems()])
next = params.pop('next', '/')
# Validate the email address, etc.
params['password2'] = params['password']
reg_form = RegistrationForm( params )
if reg_form.is_valid():
# OK, create the new user
vitals = reg_form.cleaned_data
user = User(
username=vitals['username']
, first_name=vitals['first_name']
, last_name=vitals['last_name']
, email=vitals['email']
)
user.set_password(vitals['password'])
user.save()
user = authenticate(
username = user.username, password = vitals['password'])
auth_login(request, user)
request.session['account_message'] = 'User account created. You are now logged in!'
return HttpResponseRedirect(next)
else:
raise Http404
return render_to_response( 'login_or_register.html',
{ 'form': reg_form },
context_instance = RequestContext(request) )
def url_equals(to_check):
if to_check[:4] != check_parts[:4]:
return False
args = urldecode(to_check[4])
for key, value in args:
if check_query.get(key) != value:
return False
return True
def get_redirect_target(environ, user_url=None, invalid_targets=(),
allowed_redirects=None):
"""Check the request and get the redirect target if possible.
If not this function returns just `None`. The return value of this
function is suitable to be passed to `redirect`.
"""
check_target = user_url or environ.get('HTTP_REFERER')
# if there is no information in either the form data
# or the wsgi environment about a jump target we have
# to use the target url
if not check_target:
return
# otherwise drop the leading slash
check_target = check_target.lstrip('/')
root_url = get_current_url(environ)
root_parts = urlparse(root_url)
check_parts = urlparse(urljoin(root_url, check_target))
check_query = urldecode(check_parts[4])
def url_equals(to_check):
if to_check[:4] != check_parts[:4]:
return False
args = urldecode(to_check[4])
for key, value in args:
if check_query.get(key) != value:
return False
return True
allowed_redirects = chain([get_host(environ)], allowed_redirects or ())
# if the jump target is on a different server we probably have
# a security problem and better try to use the target url.
# except the host is whitelisted in the config
if root_parts[:2] != check_parts[:2]:
host = check_parts[1].split(':', 1)[0]
for rule in allowed_redirects:
if fnmatch(host, rule):
break
else:
return
# if the jump url is the same url as the current url we've had
# a bad redirect before and use the target url to not create a
# infinite redirect.
if url_equals(urlparse(get_current_url(environ))):
return
# if the `check_target` is one of the invalid targets we also
# fall back.
for invalid in invalid_targets:
if url_equals(urlparse(urljoin(root_url, invalid))):
return
return check_target
