def do_c(self, request, token=''):
if not token:
# TODO: show a form where they can paste in their token?
raise Http404
token = token.rstrip('/').encode('utf8')
try:
value = signed.unsign(
token,
key=(self.confirm_link_secret or settings.SECRET_KEY) +
self.confirm_link_salt)
except signed.BadSignature:
return self.show_message(request, self.invalid_token_message,
self.invalid_token_message + ': ' + token)
user_id = hex_to_int(value)
user = self.lookup_user_by_id(user_id)
if not user: # Maybe the user was deleted?
return self.show_error(request, self.r_user_not_found_message)
# Check user is NOT active but IS in the correct group
if self.user_is_unconfirmed(user):
# Confirm them
user.is_active = True
user.save()
self.mark_user_confirmed(user)
self.log_in_user(request, user)
return self.on_registration_complete(request)
else:
return self.show_error(request, self.c_already_confirmed_message)
def do_c(self, request, token = ''):
if not token:
# TODO: show a form where they can paste in their token?
raise Http404
token = token.rstrip('/').encode('utf8')
try:
value = signed.unsign(token, key = (
self.confirm_link_secret or settings.SECRET_KEY
) + self.confirm_link_salt)
except signed.BadSignature:
return self.show_message(
request, self.invalid_token_message,
self.invalid_token_message + ': ' + token
)
user_id = hex_to_int(value)
user = self.lookup_user_by_id(user_id)
if not user: # Maybe the user was deleted?
return self.show_error(request, r_user_not_found_message)
# Check user is NOT active but IS in the correct group
if self.user_is_unconfirmed(user):
# Confirm them
user.is_active = True
user.save()
self.mark_user_confirmed(user)
self.log_in_user(request, user)
return self.on_registration_complete(request)
else:
return self.show_error(request, self.c_already_confirmed_message)
def do_r(self, request, token=''):
if not token:
# TODO: show a form where they can paste in their token?
raise Http404
token = token.rstrip('/').encode('utf8')
try:
value = signed.unsign(
token,
key=(self.recovery_link_secret or settings.SECRET_KEY) +
self.recovery_link_salt)
except signed.BadSignature:
return self.show_message(request, self.invalid_token_message,
self.invalid_token_message + ': ' + token)
hex_days, hex_user_id = (value.split('.') + ['', ''])[:2]
days = hex_to_int(hex_days)
user_id = hex_to_int(hex_user_id)
user = self.lookup_user_by_id(user_id)
if not user: # Maybe the user was deleted?
return self.show_error(request, r_user_not_found_message)
# Has the token expired?
now_days = (datetime.date.today() - self.recovery_origin_date).days
if (now_days - days) > self.recovery_expires_after_days:
return self.render(
request, self.recovery_expired_template, {
'days': self.recovery_expires_after_days,
'recover_url': urljoin(request.path, '../../recover/'),
})
# Token is valid! Log them in as that user and show the recovery page
self.log_in_user(request, user)
return self.render(
request, self.recovery_complete_template, {
'change_password_url': urljoin(request.path,
'../../password/'),
'associate_url': urljoin(request.path, '../../associations/'),
'user': user,
})
def do_r(self, request, token = ''):
if not token:
# TODO: show a form where they can paste in their token?
raise Http404
token = token.rstrip('/').encode('utf8')
try:
value = signed.unsign(token, key = (
self.recovery_link_secret or settings.SECRET_KEY
) + self.recovery_link_salt)
except signed.BadSignature:
return self.show_message(
request, self.invalid_token_message,
self.invalid_token_message + ': ' + token
)
hex_days, hex_user_id = (value.split('.') + ['', ''])[:2]
days = hex_to_int(hex_days)
user_id = hex_to_int(hex_user_id)
user = self.lookup_user_by_id(user_id)
if not user: # Maybe the user was deleted?
return self.show_error(request, r_user_not_found_message)
# Has the token expired?
now_days = (datetime.date.today() - self.recovery_origin_date).days
if (now_days - days) > self.recovery_expires_after_days:
return self.render(request, self.recovery_expired_template, {
'days': self.recovery_expires_after_days,
'recover_url': urljoin(request.path, '../../recover/'),
})
# Token is valid! Log them in as that user and show the recovery page
self.log_in_user(request, user)
return self.render(request, self.recovery_complete_template, {
'change_password_url': urljoin(request.path, '../../password/'),
'associate_url': urljoin(request.path, '../../associations/'),
'user': user,
})
