def confirm(request, user_id, secret, request_id=None): if request.user.is_authenticated(): messages.add_message(request, messages.ERROR, _('You are logged in and cannot use a confirmation link.')) return redirect('account-show') user = get_object_or_404(auth.models.User, pk=int(user_id)) if user.is_active: return redirect('account-login') account_manager = AccountManager(user) if account_manager.confirm_account(secret, request_id): messages.add_message(request, messages.WARNING, _('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.')) login_user(request, user) if request_id is not None: foirequest = FoiRequest.confirmed_request(user, request_id) if foirequest: messages.add_message(request, messages.SUCCESS, _('Your request "%s" has now been sent') % foirequest.title) next = request.GET.get('next', request.session.get('next')) if next: if 'next' in request.session: del request.session['next'] return redirect(next) return redirect(reverse('account-show') + "?new#change-password-now") else: messages.add_message(request, messages.ERROR, _('You can only use the confirmation link once, please login with your password.')) return redirect('account-login')
def password_reset_confirm(request, uidb36=None, token=None): response = django_password_reset_confirm(request, uidb36=uidb36, token=token, template_name='account/password_reset_confirm.html', post_reset_redirect=reverse('account-show')) if response.status_code == 302: uid_int = base36_to_int(uidb36) user = auth.models.User.objects.get(id=uid_int) login_user(request, user) messages.add_message(request, messages.SUCCESS, _('Your password has been set and you are now logged in.')) return response
def password_reset_confirm(request, uidb36=None, token=None): response = django_password_reset_confirm(request, uidb36=uidb36, token=token, template_name='account/password_reset_confirm.html', post_reset_redirect=reverse('account-show')) # TODO: this is not the smartest of ideas # if django view returns 302, it is assumed that everything was fine # currently this seems safe to assume. if response.status_code == 302: uid_int = base36_to_int(uidb36) user = auth.models.User.objects.get(id=uid_int) login_user(request, user) messages.add_message(request, messages.SUCCESS, _('Your password has been set and you are now logged in.')) return response
def go(request, user_id, secret, url): if request.user.is_authenticated(): if request.user.id != int(user_id): messages.add_message(request, messages.INFO, _('You are logged in with a different user account. Please logout first before using this link.')) else: user = get_object_or_404(auth.models.User, pk=int(user_id)) if not user.is_active: messages.add_message(request, messages.ERROR, _('Your account is not active.')) raise Http404 account_manager = AccountManager(user) if account_manager.check_autologin_secret(secret): login_user(request, user) return redirect(url)
def password_reset_confirm(request, uidb36=None, token=None): response = django_password_reset_confirm(request, uidb36=uidb36, token=token, template_name='account/password_reset_confirm.html', post_reset_redirect=reverse('account-show')) # TODO: this is not the smartest of ideas # if django view returns 302, it is assumed that everything was fine # currently this seems safe to assume. if response.status_code == 302: uid_int = base36_to_int(uidb36) user = auth.models.User.objects.get(id=uid_int) login_user(request, user) messages.add_message(request, messages.SUCCESS, _('Your password has been set and you are now logged in.')) if 'next' in request.session: response['Location'] = request.session['next'] del request.session['next'] return response
def password_reset_confirm(request, uidb64=None, token=None): # TODO: Fix this code # - don't sniff response # - make redirect response = django_password_reset_confirm(request, uidb64=uidb64, token=token, template_name='account/password_reset_confirm.html', post_reset_redirect=reverse('account-show')) if response.status_code == 302: uid = urlsafe_base64_decode(uidb64) user = auth.get_user_model().objects.get(pk=uid) login_user(request, user) messages.add_message(request, messages.SUCCESS, _('Your password has been set and you are now logged in.')) if 'next' in request.session and is_safe_url( url=request.session['next'], host=request.get_host()): response['Location'] = request.session['next'] del request.session['next'] return response