def test_get_ip_ban(self): """get_ip_ban returns valid ban""" nonexistent_ban = get_ip_ban('123.0.0.1') self.assertIsNone(nonexistent_ban) Ban.objects.create( banned_value='124.0.0.1', check_type=Ban.IP, expires_on=timezone.now() - timedelta(days=7) ) expired_ban = get_ip_ban('124.0.0.1') self.assertIsNone(expired_ban) Ban.objects.create( banned_value='wrongtype', check_type=Ban.EMAIL ) wrong_type_ban = get_ip_ban('wrongtype') self.assertIsNone(wrong_type_ban) valid_ban = Ban.objects.create( banned_value='125.0.0.*', check_type=Ban.IP, expires_on=timezone.now() + timedelta(days=7) ) self.assertEqual(get_ip_ban('125.0.0.1').pk, valid_ban.pk)
def raise_if_ip_banned(self): ban = get_ip_ban(self.request.user_ip, registration_only=True) if ban: if ban.user_message: raise ValidationError(ban.user_message) else: raise ValidationError(_("New registrations from this IP address are not allowed."))
def validate(self, data): request = self.context['request'] ban = get_ip_ban(request.user_ip, registration_only=True) if ban: if ban.user_message: raise ValidationError(ban.user_message) else: raise ValidationError( _("New registrations from this IP address are not allowed." )) self._added_errors = {} try: self.full_clean_password(data) except ValidationError as e: self._added_errors['password'] = [e] validators.validate_new_registration(request, self, data) if self._added_errors: # fail registration with additional errors raise serializers.ValidationError(self._added_errors) # run test for captcha try: captcha.test_request(self.context['request']) except ValidationError as e: raise serializers.ValidationError({'captcha': e.message}) return data
def test_ban_ip(self): """ban_ip utility bans IP address""" ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason') self.assertEqual(ban.user_message, 'User reason') self.assertEqual(ban.staff_message, 'Staff reason') db_ban = get_ip_ban('127.0.0.1') self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self): """ban_ip bans IP address""" ban = ban_ip("127.0.0.1", "User reason", "Staff reason") self.assertEqual(ban.user_message, "User reason") self.assertEqual(ban.staff_message, "Staff reason") db_ban = get_ip_ban("127.0.0.1") self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self): """ban_ip bans IP address""" ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason') self.assertEqual(ban.user_message, 'User reason') self.assertEqual(ban.staff_message, 'Staff reason') db_ban = get_ip_ban('127.0.0.1') self.assertEqual(ban.pk, db_ban.pk)
def test_get_ip_ban(self): """get_ip_ban returns valid ban""" nonexistent_ban = get_ip_ban("123.0.0.1") self.assertIsNone(nonexistent_ban) Ban.objects.create(banned_value="124.0.0.1", check_type=BAN_IP, expires_on=timezone.now() - timedelta(days=7)) expired_ban = get_ip_ban("124.0.0.1") self.assertIsNone(expired_ban) Ban.objects.create(banned_value="wrongtype", check_type=BAN_EMAIL) wrong_type_ban = get_ip_ban("wrongtype") self.assertIsNone(wrong_type_ban) valid_ban = Ban.objects.create( banned_value="125.0.0.*", check_type=BAN_IP, expires_on=timezone.now() + timedelta(days=7) ) self.assertEqual(get_ip_ban("125.0.0.1").pk, valid_ban.pk)
def create_endpoint(request): if settings.account_activation == 'closed': raise PermissionDenied(_("New users registrations are currently closed.")) ban = get_ip_ban(request.user_ip, registration_only=True) if ban: raise Banned(ban) serializer = RegisterUserSerializer( data=request.data, context={'request': request}, ) serializer.is_valid(raise_exception=True) activation_kwargs = {} if settings.account_activation == 'user': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER} elif settings.account_activation == 'admin': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN} try: new_user = UserModel.objects.create_user( serializer.validated_data['username'], serializer.validated_data['email'], serializer.validated_data['password'], joined_from_ip=request.user_ip, set_default_avatar=True, **activation_kwargs ) except IntegrityError: return Response( { 'detail': _("Please try resubmitting the form."), }, status=400, ) send_welcome_email(request, new_user) if not new_user.requires_activation == 'none': authenticated_user = authenticate( username=new_user.email, password=serializer.validated_data['password'], ) login(request, authenticated_user) return Response(get_registration_result_json(new_user))
def clean(self): cleaned_data = super(RegisterForm, self).clean() ban = get_ip_ban(self.request.user_ip, registration_only=True) if ban: if ban.user_message: raise ValidationError(ban.user_message) else: raise ValidationError(_("New registrations from this IP address are not allowed.")) try: self.full_clean_password(cleaned_data) except forms.ValidationError as e: self.add_error('password', e) validators.validate_new_registration(self.request, self, cleaned_data) return cleaned_data
def clean(self): cleaned_data = super(RegisterForm, self).clean() ban = get_ip_ban(self.request.user_ip, registration_only=True) if ban: if ban.user_message: raise ValidationError(ban.user_message) else: raise ValidationError( _("New registrations from this IP address are not allowed." )) try: self.full_clean_password(cleaned_data) except forms.ValidationError as e: self.add_error('password', e) validators.validate_new_registration(self.request, self, cleaned_data) return cleaned_data
def test_get_ip_ban(self): """get_ip_ban returns valid ban""" nonexistent_ban = get_ip_ban('123.0.0.1') self.assertIsNone(nonexistent_ban) Ban.objects.create( banned_value='124.0.0.1', check_type=Ban.IP, expires_on=timezone.now() - timedelta(days=7), ) expired_ban = get_ip_ban('124.0.0.1') self.assertIsNone(expired_ban) Ban.objects.create( banned_value='wrongtype', check_type=Ban.EMAIL, ) wrong_type_ban = get_ip_ban('wrongtype') self.assertIsNone(wrong_type_ban) valid_ban = Ban.objects.create( banned_value='125.0.0.*', check_type=Ban.IP, expires_on=timezone.now() + timedelta(days=7), ) self.assertEqual(get_ip_ban('125.0.0.1').pk, valid_ban.pk) regitration_ban = Ban.objects.create( banned_value='188.*', check_type=Ban.IP, expires_on=timezone.now() + timedelta(days=7), registration_only=True, ) self.assertIsNone(get_ip_ban('188.12.12.41')) self.assertEqual(get_ip_ban('188.12.12.41', True).pk, regitration_ban.pk)
def create_endpoint(request): if settings.account_activation == 'closed': raise PermissionDenied(_("New users registrations are currently closed.")) ban = get_ip_ban(request.user_ip, registration_only=True) if ban: raise Banned(ban) serializer = RegisterUserSerializer( data=request.data, context={'request': request}, ) serializer.is_valid(raise_exception=True) activation_kwargs = {} if settings.account_activation == 'user': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER} elif settings.account_activation == 'admin': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN} try: new_user = UserModel.objects.create_user( serializer.validated_data['username'], serializer.validated_data['email'], serializer.validated_data['password'], joined_from_ip=request.user_ip, set_default_avatar=True, **activation_kwargs ) except IntegrityError: return Response( { 'detail': _("Please try resubmitting the form."), }, status=400, ) mail_subject = _("Welcome on %(forum_name)s forums!") mail_subject = mail_subject % {'forum_name': settings.forum_name} if settings.account_activation == 'none': authenticated_user = authenticate( username=new_user.email, password=serializer.validated_data['password'], ) login(request, authenticated_user) mail_user(request, new_user, mail_subject, 'misago/emails/register/complete') return Response({ 'activation': None, 'username': new_user.username, 'email': new_user.email }) else: activation_token = make_activation_token(new_user) activation_by_admin = new_user.requires_activation_by_admin activation_by_user = new_user.requires_activation_by_user mail_user( request, new_user, mail_subject, 'misago/emails/register/inactive', { 'activation_token': activation_token, 'activation_by_admin': activation_by_admin, 'activation_by_user': activation_by_user, } ) if activation_by_admin: activation_method = 'admin' else: activation_method = 'user' return Response({ 'activation': activation_method, 'username': new_user.username, 'email': new_user.email })