def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return error403(request, Message(request, "users/activation/not_required", extra={"user": user})) if user.activation == User.ACTIVATION_ADMIN: return error403(request, Message(request, "users/activation/only_by_admin", extra={"user": user})) if not token or not user.token or user.token != token: return error403(request, Message(request, "users/invalid_confirmation_link", extra={"user": user})) # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor request.monitor["users_inactive"] = request.monitor["users_inactive"] - 1 if current_activation == User.ACTIVATION_CREDENTIALS: request.messages.set_flash( Message(request, "users/activation/credentials", extra={"user": user}), "success" ) else: request.messages.set_flash(Message(request, "users/activation/new", extra={"user": user}), "success") return redirect(reverse("index")) except User.DoesNotExist: return error404(request)
def activate(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) current_activation = user.activation # Run checks user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation == User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/not_required', extra={'user': user})) if user.activation == User.ACTIVATION_ADMIN: return error403( request, Message(request, 'users/activation/only_by_admin', extra={'user': user})) if not token or not user.token or user.token != token: return error403( request, Message(request, 'users/invalid_confirmation_link', extra={'user': user})) # Activate and sign in our member user.activation = User.ACTIVATION_NONE sign_user_in(request, user) # Update monitor request.monitor[ 'users_inactive'] = request.monitor['users_inactive'] - 1 if current_activation == User.ACTIVATION_CREDENTIALS: request.messages.set_flash( Message(request, 'users/activation/credentials', extra={'user': user}), 'success') else: request.messages.set_flash( Message(request, 'users/activation/new', extra={'user': user}), 'success') return redirect(reverse('index')) except User.DoesNotExist: return error404(request)
def register(request): if request.settings['account_activation'] == 'block': return error403(request, Message(request, 'users/registration/registrations_off')) message = None if request.method == 'POST': form = UserRegisterForm(request.POST, request=request) if form.is_valid(): need_activation = 0 if request.settings['account_activation'] == 'user': need_activation = User.ACTIVATION_USER if request.settings['account_activation'] == 'admin': need_activation = User.ACTIVATION_ADMIN new_user = User.objects.create_user( form.cleaned_data['username'], form.cleaned_data['email'], form.cleaned_data['password'], ip=request.session.get_ip(request), activation=need_activation, request=request ) if need_activation == User.ACTIVATION_NONE: # No need for activation, sign in user sign_user_in(request, new_user) request.messages.set_flash(Message(request, 'users/activation/none', extra={'user':new_user}), 'success') if need_activation == User.ACTIVATION_USER: # Mail user activation e-mail request.messages.set_flash(Message(request, 'users/registration/activation_user', extra={'user':new_user}), 'info') new_user.email_user( request, 'users/activation/user', _("Welcome aboard, %(username)s!" % {'username': new_user.username}), ) if need_activation == User.ACTIVATION_ADMIN: # Require admin activation request.messages.set_flash(Message(request, 'users/registration/activation_admin', extra={'user':new_user}), 'info') new_user.email_user( request, 'users/activation/admin', _("Welcome aboard, %(username)s!" % {'username': new_user.username}), {'password': form.cleaned_data['password']} ) return redirect(reverse('index')) else: message = Message(request, form.non_field_errors()[0]) if request.settings['registrations_jams']: SignInAttempt.objects.register_attempt(request.session.get_ip(request)) # Have we jammed our account? if SignInAttempt.objects.is_jammed(request.session.get_ip(request)): request.jam.expires = timezone.now() return redirect(reverse('register')) else: form = UserRegisterForm(request=request) return request.theme.render_to_response('users/register.html', { 'message': message, 'form': FormLayout(form), 'hide_signin': True, }, context_instance=RequestContext(request));
def signin(request): message = request.messages.get_message('security') if request.method == 'POST': form = SignInForm( request.POST, show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'], show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'], request=request ) if form.is_valid(): try: # Configure correct auth and redirect links if request.firewall.admin: auth_method = auth_admin success_redirect = reverse(site.get_admin_index()) else: auth_method = auth_forum success_redirect = reverse('index') # Authenticate user user = auth_method( request, form.cleaned_data['user_email'], form.cleaned_data['user_password'], ) if not request.firewall.admin and request.settings['sessions_hidden'] and form.cleaned_data['user_stay_hidden']: request.session.hidden = True sign_user_in(request, user, request.session.hidden) remember_me_token = False if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']: remember_me_token = get_random_string(42) remember_me = Token( id=remember_me_token, user=user, created=timezone.now(), accessed=timezone.now(), hidden=request.session.hidden ) remember_me.save() if remember_me_token: request.cookie_jar.set('TOKEN', remember_me_token, True) request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security') return redirect(success_redirect) except AuthException as e: message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban}) message.type = 'error' # If not in Admin, register failed attempt if not request.firewall.admin and e.type == auth.CREDENTIALS: SignInAttempt.objects.register_attempt(request.session.get_ip(request)) # Have we jammed our account? if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)): request.jam.expires = timezone.now() return redirect(reverse('sign_in')) else: message = Message(request, form.non_field_errors()[0]) message.type = 'error' else: form = SignInForm( show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'], show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'], request=request ) return request.theme.render_to_response('signin.html', { 'message': message, 'form': FormLayout(form, [ ( None, [('user_email', {'attrs': {'placeholder': _("Enter your e-mail")}}), ('user_password', {'has_value': False, 'placeholder': _("Enter your password")})] ), ( None, ['user_remember_me', 'user_stay_hidden'], ), ]), 'hide_signin': True, }, context_instance=RequestContext(request));
def register(request): if request.settings['account_activation'] == 'block': return error403( request, Message(request, 'users/registration/registrations_off')) message = None if request.method == 'POST': form = UserRegisterForm(request.POST, request=request) if form.is_valid(): need_activation = 0 if request.settings['account_activation'] == 'user': need_activation = User.ACTIVATION_USER if request.settings['account_activation'] == 'admin': need_activation = User.ACTIVATION_ADMIN new_user = User.objects.create_user( form.cleaned_data['username'], form.cleaned_data['email'], form.cleaned_data['password'], ip=request.session.get_ip(request), activation=need_activation, request=request) if need_activation == User.ACTIVATION_NONE: # No need for activation, sign in user sign_user_in(request, new_user) request.messages.set_flash( Message(request, 'users/activation/none', extra={'user': new_user}), 'success') if need_activation == User.ACTIVATION_USER: # Mail user activation e-mail request.messages.set_flash( Message(request, 'users/registration/activation_user', extra={'user': new_user}), 'info') new_user.email_user( request, 'users/activation/user', _("Welcome aboard, %(username)s!" % {'username': new_user.username}), ) if need_activation == User.ACTIVATION_ADMIN: # Require admin activation request.messages.set_flash( Message(request, 'users/registration/activation_admin', extra={'user': new_user}), 'info') new_user.email_user( request, 'users/activation/admin', _("Welcome aboard, %(username)s!" % {'username': new_user.username}), {'password': form.cleaned_data['password']}) return redirect(reverse('index')) else: message = Message(request, form.non_field_errors()[0]) if request.settings['registrations_jams']: SignInAttempt.objects.register_attempt( request.session.get_ip(request)) # Have we jammed our account? if SignInAttempt.objects.is_jammed( request.session.get_ip(request)): request.jam.expires = timezone.now() return redirect(reverse('register')) else: form = UserRegisterForm(request=request) return request.theme.render_to_response( 'users/register.html', { 'message': message, 'form': FormLayout(form), 'hide_signin': True, }, context_instance=RequestContext(request))