def do_c(self, request, token=''): if not token: # TODO: show a form where they can paste in their token? raise Http404 token = token.rstrip('/').encode('utf8') try: value = signed.unsign( token, key=(self.confirm_link_secret or settings.SECRET_KEY) + self.confirm_link_salt) except signed.BadSignature: return self.show_message(request, self.invalid_token_message, self.invalid_token_message + ': ' + token) user_id = hex_to_int(value) user = self.lookup_user_by_id(user_id) if not user: # Maybe the user was deleted? return self.show_error(request, self.r_user_not_found_message) # Check user is NOT active but IS in the correct group if self.user_is_unconfirmed(user): # Confirm them user.is_active = True user.save() self.mark_user_confirmed(user) self.log_in_user(request, user) return self.on_registration_complete(request) else: return self.show_error(request, self.c_already_confirmed_message)
def do_c(self, request, token = ''): if not token: # TODO: show a form where they can paste in their token? raise Http404 token = token.rstrip('/').encode('utf8') try: value = signed.unsign(token, key = ( self.confirm_link_secret or settings.SECRET_KEY ) + self.confirm_link_salt) except signed.BadSignature: return self.show_message( request, self.invalid_token_message, self.invalid_token_message + ': ' + token ) user_id = hex_to_int(value) user = self.lookup_user_by_id(user_id) if not user: # Maybe the user was deleted? return self.show_error(request, r_user_not_found_message) # Check user is NOT active but IS in the correct group if self.user_is_unconfirmed(user): # Confirm them user.is_active = True user.save() self.mark_user_confirmed(user) self.log_in_user(request, user) return self.on_registration_complete(request) else: return self.show_error(request, self.c_already_confirmed_message)
def do_r(self, request, token=''): if not token: # TODO: show a form where they can paste in their token? raise Http404 token = token.rstrip('/').encode('utf8') try: value = signed.unsign( token, key=(self.recovery_link_secret or settings.SECRET_KEY) + self.recovery_link_salt) except signed.BadSignature: return self.show_message(request, self.invalid_token_message, self.invalid_token_message + ': ' + token) hex_days, hex_user_id = (value.split('.') + ['', ''])[:2] days = hex_to_int(hex_days) user_id = hex_to_int(hex_user_id) user = self.lookup_user_by_id(user_id) if not user: # Maybe the user was deleted? return self.show_error(request, r_user_not_found_message) # Has the token expired? now_days = (datetime.date.today() - self.recovery_origin_date).days if (now_days - days) > self.recovery_expires_after_days: return self.render( request, self.recovery_expired_template, { 'days': self.recovery_expires_after_days, 'recover_url': urljoin(request.path, '../../recover/'), }) # Token is valid! Log them in as that user and show the recovery page self.log_in_user(request, user) return self.render( request, self.recovery_complete_template, { 'change_password_url': urljoin(request.path, '../../password/'), 'associate_url': urljoin(request.path, '../../associations/'), 'user': user, })
def do_r(self, request, token = ''): if not token: # TODO: show a form where they can paste in their token? raise Http404 token = token.rstrip('/').encode('utf8') try: value = signed.unsign(token, key = ( self.recovery_link_secret or settings.SECRET_KEY ) + self.recovery_link_salt) except signed.BadSignature: return self.show_message( request, self.invalid_token_message, self.invalid_token_message + ': ' + token ) hex_days, hex_user_id = (value.split('.') + ['', ''])[:2] days = hex_to_int(hex_days) user_id = hex_to_int(hex_user_id) user = self.lookup_user_by_id(user_id) if not user: # Maybe the user was deleted? return self.show_error(request, r_user_not_found_message) # Has the token expired? now_days = (datetime.date.today() - self.recovery_origin_date).days if (now_days - days) > self.recovery_expires_after_days: return self.render(request, self.recovery_expired_template, { 'days': self.recovery_expires_after_days, 'recover_url': urljoin(request.path, '../../recover/'), }) # Token is valid! Log them in as that user and show the recovery page self.log_in_user(request, user) return self.render(request, self.recovery_complete_template, { 'change_password_url': urljoin(request.path, '../../password/'), 'associate_url': urljoin(request.path, '../../associations/'), 'user': user, })