def confirm(request, user_id, secret, request_id=None):
if request.user.is_authenticated():
messages.add_message(request, messages.ERROR,
_('You are logged in and cannot use a confirmation link.'))
return redirect('account-show')
user = get_object_or_404(auth.models.User, pk=int(user_id))
if user.is_active:
return redirect('account-login')
account_manager = AccountManager(user)
if account_manager.confirm_account(secret, request_id):
messages.add_message(request, messages.WARNING,
_('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.'))
login_user(request, user)
if request_id is not None:
foirequest = FoiRequest.confirmed_request(user, request_id)
if foirequest:
messages.add_message(request, messages.SUCCESS,
_('Your request "%s" has now been sent') % foirequest.title)
next = request.GET.get('next', request.session.get('next'))
if next:
if 'next' in request.session:
del request.session['next']
return redirect(next)
return redirect(reverse('account-show') + "?new#change-password-now")
else:
messages.add_message(request, messages.ERROR,
_('You can only use the confirmation link once, please login with your password.'))
return redirect('account-login')
def confirm(request, user_id, secret, request_id=None):
if request.user.is_authenticated():
messages.add_message(request, messages.ERROR,
_('You are logged in and cannot use a confirmation link.'))
return redirect('account-show')
user = get_object_or_404(auth.models.User, pk=int(user_id))
if user.is_active:
return redirect('account-login')
account_manager = AccountManager(user)
if account_manager.confirm_account(secret, request_id):
messages.add_message(request, messages.WARNING,
_('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.'))
login_user(request, user)
if request_id is not None:
foirequest = FoiRequest.confirmed_request(user, request_id)
if foirequest:
messages.add_message(request, messages.SUCCESS,
_('Your request "%s" has now been sent') % foirequest.title)
next = request.GET.get('next', request.session.get('next'))
if next:
if 'next' in request.session:
del request.session['next']
return redirect(next)
return redirect(reverse('account-show') + "?new#change-password-now")
else:
messages.add_message(request, messages.ERROR,
_('You can only use the confirmation link once, please login with your password.'))
return redirect('account-login')
def password_reset_confirm(request, uidb36=None, token=None):
response = django_password_reset_confirm(request, uidb36=uidb36, token=token,
template_name='account/password_reset_confirm.html',
post_reset_redirect=reverse('account-show'))
if response.status_code == 302:
uid_int = base36_to_int(uidb36)
user = auth.models.User.objects.get(id=uid_int)
login_user(request, user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been set and you are now logged in.'))
return response
def password_reset_confirm(request, uidb36=None, token=None):
response = django_password_reset_confirm(request, uidb36=uidb36, token=token,
template_name='account/password_reset_confirm.html',
post_reset_redirect=reverse('account-show'))
# TODO: this is not the smartest of ideas
# if django view returns 302, it is assumed that everything was fine
# currently this seems safe to assume.
if response.status_code == 302:
uid_int = base36_to_int(uidb36)
user = auth.models.User.objects.get(id=uid_int)
login_user(request, user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been set and you are now logged in.'))
return response
def go(request, user_id, secret, url):
if request.user.is_authenticated():
if request.user.id != int(user_id):
messages.add_message(request, messages.INFO,
_('You are logged in with a different user account. Please logout first before using this link.'))
else:
user = get_object_or_404(auth.models.User, pk=int(user_id))
if not user.is_active:
messages.add_message(request, messages.ERROR,
_('Your account is not active.'))
raise Http404
account_manager = AccountManager(user)
if account_manager.check_autologin_secret(secret):
login_user(request, user)
return redirect(url)
def go(request, user_id, secret, url):
if request.user.is_authenticated():
if request.user.id != int(user_id):
messages.add_message(request, messages.INFO,
_('You are logged in with a different user account. Please logout first before using this link.'))
else:
user = get_object_or_404(auth.models.User, pk=int(user_id))
if not user.is_active:
messages.add_message(request, messages.ERROR,
_('Your account is not active.'))
raise Http404
account_manager = AccountManager(user)
if account_manager.check_autologin_secret(secret):
login_user(request, user)
return redirect(url)
def password_reset_confirm(request, uidb36=None, token=None):
response = django_password_reset_confirm(request, uidb36=uidb36, token=token,
template_name='account/password_reset_confirm.html',
post_reset_redirect=reverse('account-show'))
# TODO: this is not the smartest of ideas
# if django view returns 302, it is assumed that everything was fine
# currently this seems safe to assume.
if response.status_code == 302:
uid_int = base36_to_int(uidb36)
user = auth.models.User.objects.get(id=uid_int)
login_user(request, user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been set and you are now logged in.'))
if 'next' in request.session:
response['Location'] = request.session['next']
del request.session['next']
return response
def password_reset_confirm(request, uidb64=None, token=None):
# TODO: Fix this code
# - don't sniff response
# - make redirect
response = django_password_reset_confirm(request, uidb64=uidb64, token=token,
template_name='account/password_reset_confirm.html',
post_reset_redirect=reverse('account-show'))
if response.status_code == 302:
uid = urlsafe_base64_decode(uidb64)
user = auth.get_user_model().objects.get(pk=uid)
login_user(request, user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been set and you are now logged in.'))
if 'next' in request.session and is_safe_url(
url=request.session['next'],
host=request.get_host()):
response['Location'] = request.session['next']
del request.session['next']
return response
def password_reset_confirm(request, uidb64=None, token=None):
# TODO: Fix this code
# - don't sniff response
# - make redirect
response = django_password_reset_confirm(request, uidb64=uidb64, token=token,
template_name='account/password_reset_confirm.html',
post_reset_redirect=reverse('account-show'))
if response.status_code == 302:
uid = urlsafe_base64_decode(uidb64)
user = auth.get_user_model().objects.get(pk=uid)
login_user(request, user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been set and you are now logged in.'))
if 'next' in request.session and is_safe_url(
url=request.session['next'],
host=request.get_host()):
response['Location'] = request.session['next']
del request.session['next']
return response
