def clean(self):
data = super(ChangeEmailPasswordForm, self).clean()
current_password = data.get('current_password')
new_email = data.get('new_email')
new_password = data.get('new_password')
if not data.get('current_password'):
message = _("You have to enter your current password.")
raise forms.ValidationError(message)
if not self.user.check_password(current_password):
raise forms.ValidationError(_("Entered password is invalid."))
if not (new_email or new_password):
message = _("You have to enter new e-mail or password.")
raise forms.ValidationError(message)
if new_email:
if new_email.lower() == self.user.email.lower():
message = _("New e-mail is same as current one.")
raise forms.ValidationError(message)
validate_email(new_email)
if new_password:
validate_password(new_password)
return data
def create_user(self, username, email, password=None,
set_default_avatar=False, **extra_fields):
from misago.users.validators import (validate_email, validate_password,
validate_username)
with transaction.atomic():
if not email:
raise ValueError(_("User must have an email address."))
if not password:
raise ValueError(_("User must have a password."))
validate_username(username)
validate_email(email)
validate_password(password)
if not 'joined_from_ip' in extra_fields:
extra_fields['joined_from_ip'] = '127.0.0.1'
if not 'timezone' in extra_fields:
extra_fields['timezone'] = settings.default_timezone
WATCH_DICT = {
'no': AUTO_SUBSCRIBE_NONE,
'watch': AUTO_SUBSCRIBE_WATCH,
'watch_email': AUTO_SUBSCRIBE_WATCH_AND_EMAIL,
}
if not 'subscribe_to_started_threads' in extra_fields:
new_value = WATCH_DICT[settings.subscribe_start]
extra_fields['subscribe_to_started_threads'] = new_value
if not 'subscribe_to_replied_threads' in extra_fields:
new_value = WATCH_DICT[settings.subscribe_reply]
extra_fields['subscribe_to_replied_threads'] = new_value
now = timezone.now()
user = self.model(is_staff=False, is_superuser=False,
last_login=now, joined_on=now, **extra_fields)
user.set_username(username)
user.set_email(email)
user.set_password(password)
if not 'rank' in extra_fields:
user.rank = Rank.objects.get_default()
user.save(using=self._db)
if set_default_avatar:
avatars.set_default_avatar(user)
authenticated_role = Role.objects.get(special_role='authenticated')
if authenticated_role not in user.roles.all():
user.roles.add(authenticated_role)
user.update_acl_key()
user.save(update_fields=['acl_key'])
return user
def clean_password(self):
new_user = User.objects.get_blank_user()
new_user.set_password(self.cleaned_data['password'])
try:
new_user.full_clean()
except ValidationError as e:
new_user.is_password_valid(e)
validate_password(self.cleaned_data['password'], self.request.settings)
return self.cleaned_data['password']
def create_user(self, username, email, password=None, set_default_avatar=False, **extra_fields):
from misago.users.validators import validate_email, validate_password, validate_username
with transaction.atomic():
if not email:
raise ValueError(_("User must have an email address."))
if not password:
raise ValueError(_("User must have a password."))
validate_username(username)
validate_email(email)
validate_password(password)
if not "joined_from_ip" in extra_fields:
extra_fields["joined_from_ip"] = "127.0.0.1"
WATCH_DICT = {
"no": AUTO_SUBSCRIBE_NONE,
"watch": AUTO_SUBSCRIBE_WATCH,
"watch_email": AUTO_SUBSCRIBE_WATCH_AND_EMAIL,
}
if not "subscribe_to_started_threads" in extra_fields:
new_value = WATCH_DICT[settings.subscribe_start]
extra_fields["subscribe_to_started_threads"] = new_value
if not "subscribe_to_replied_threads" in extra_fields:
new_value = WATCH_DICT[settings.subscribe_reply]
extra_fields["subscribe_to_replied_threads"] = new_value
now = timezone.now()
user = self.model(is_staff=False, is_superuser=False, last_login=now, joined_on=now, **extra_fields)
user.set_username(username)
user.set_email(email)
user.set_password(password)
if not "rank" in extra_fields:
user.rank = Rank.objects.get_default()
user.save(using=self._db)
if set_default_avatar:
avatars.set_default_avatar(user)
user.avatar_hash = avatars.get_avatar_hash(user)
else:
user.avatar_hash = "abcdef01"
authenticated_role = Role.objects.get(special_role="authenticated")
if authenticated_role not in user.roles.all():
user.roles.add(authenticated_role)
user.update_acl_key()
user.save(update_fields=["avatar_hash", "acl_key"])
return user
def process_forgotten_password_form(request, user):
new_password = request.data.get('password', '').strip()
try:
validate_password(new_password)
user.set_password(new_password)
user.save()
except ValidationError as e:
return Response({'detail': e.messages[0]},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': 'ok'})
def clean(self):
data = super(SetNewPasswordForm, self).clean()
new_password = data.get('new_password')
if not new_password or len(new_password) > 250:
raise forms.ValidationError(_("You have to fill out form."))
validate_password(new_password)
return data
def clean_new_password(self):
if self.cleaned_data['new_password']:
self.user.set_password(self.cleaned_data['new_password'])
try:
self.user.full_clean()
except ValidationError as e:
self.user.is_password_valid(e)
validate_password(self.cleaned_data['new_password'])
return self.cleaned_data['new_password']
return ''
def change_password(request, user, token):
new_password = request.DATA.get('password', '').strip()
try:
validate_password(new_password)
user.set_password(new_password)
user.save()
except ValidationError as e:
return Response({'detail': e.messages[0]},
status=status.HTTP_400_BAD_REQUEST)
return Response({'detail': 'ok'})
def change_forgotten_password(request, user_id, token):
User = auth.get_user_model()
invalid_message = _("Form link is invalid. Please try again.")
expired_message = _("Your link has expired. Please request new one.")
try:
try:
user = User.objects.get(pk=user_id)
except User.DoesNotExist:
raise PasswordChangeFailed(invalid_message)
if request.user.is_authenticated() and request.user.id != user.id:
raise PasswordChangeFailed(invalid_message)
if not is_password_change_token_valid(user, token):
raise PasswordChangeFailed(invalid_message)
if user.requires_activation:
raise PasswordChangeFailed(expired_message)
if get_user_ban(user):
raise PasswordChangeFailed(expired_message)
except PasswordChangeFailed as e:
return Response({
'detail': e.args[0]
}, status=status.HTTP_400_BAD_REQUEST)
try:
new_password = request.data.get('password', '').strip()
validate_password(new_password)
user.set_password(new_password)
user.save()
except ValidationError as e:
return Response({
'detail': e.messages[0]
}, status=status.HTTP_400_BAD_REQUEST)
return Response({
'username': user.username
})
def test_invalid_name(self):
"""validate_password disallows invalid password"""
with self.assertRaises(ValidationError):
validate_password('A' * (settings.password_length_min - 1))
def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', agent='', no_roles=False, activation=0, request=False):
token = ''
if activation > 0:
token = get_random_string(12)
try:
db_settings = request.settings
except AttributeError:
db_settings = DBSettings()
if timezone == False:
timezone = db_settings['default_timezone']
# Get first rank
try:
from misago.ranks.models import Rank
default_rank = Rank.objects.filter(special=0).order_by('order')[0]
except IndexError:
default_rank = None
# Store user in database
new_user = User(
last_sync=tz_util.now(),
join_date=tz_util.now(),
join_ip=ip,
join_agent=agent,
activation=activation,
token=token,
timezone=timezone,
rank=default_rank,
subscribe_start=db_settings['subscribe_start'],
subscribe_reply=db_settings['subscribe_reply'],
)
validate_username(username, db_settings)
validate_password(password, db_settings)
new_user.set_username(username)
new_user.set_email(email)
new_user.set_password(password)
new_user.full_clean()
new_user.default_avatar(db_settings)
new_user.save(force_insert=True)
# Set user roles?
if not no_roles:
from misago.roles.models import Role
new_user.roles.add(Role.objects.get(token='registered'))
new_user.make_acl_key()
new_user.save(force_update=True)
# Load monitor
try:
monitor = request.monitor
except AttributeError:
monitor = Monitor()
# Update forum stats
if activation == 0:
monitor['users'] = int(monitor['users']) + 1
monitor['last_user'] = new_user.pk
monitor['last_user_name'] = new_user.username
monitor['last_user_slug'] = new_user.username_slug
else:
monitor['users_inactive'] = int(monitor['users_inactive']) + 1
# Return new user
return new_user
def clean_new_password(self):
data = self.cleaned_data['new_password']
if data:
validate_password(data)
return data
def clean_new_password(self):
data = self.cleaned_data['new_password']
if data:
validate_password(data)
return data
def test_invalid_name(self):
"""validate_password disallows invalid password"""
with self.assertRaises(ValidationError):
validate_password('A' * (settings.password_length_min - 1))
def test_valid_password(self):
"""validate_password allows valid password"""
validate_password('A' * (settings.password_length_min + 1))
def validate_password(request):
try:
validators.validate_password(request.POST['password'])
return _("Entered password is valid.")
except KeyError:
raise ValidationError(_('Enter password.'))
def test_valid_password(self):
"""validate_password allows valid password"""
validate_password('A' * (settings.password_length_min + 1))
def validate_password(request):
try:
validators.validate_password(request.POST["password"])
return _("Entered password is valid.")
except KeyError:
raise ValidationError(_("Enter password."))
def create_user(self,
username,
email,
password=None,
set_default_avatar=False,
**extra_fields):
from misago.users.validators import (validate_email, validate_password,
validate_username)
with transaction.atomic():
if not email:
raise ValueError(_("User must have an email address."))
if not password:
raise ValueError(_("User must have a password."))
validate_username(username)
validate_email(email)
validate_password(password)
if not 'joined_from_ip' in extra_fields:
extra_fields['joined_from_ip'] = '127.0.0.1'
if not 'timezone' in extra_fields:
extra_fields['timezone'] = settings.default_timezone
WATCH_DICT = {
'no': AUTO_SUBSCRIBE_NONE,
'watch': AUTO_SUBSCRIBE_WATCH,
'watch_email': AUTO_SUBSCRIBE_WATCH_AND_EMAIL,
}
if not 'subscribe_to_started_threads' in extra_fields:
new_value = WATCH_DICT[settings.subscribe_start]
extra_fields['subscribe_to_started_threads'] = new_value
if not 'subscribe_to_replied_threads' in extra_fields:
new_value = WATCH_DICT[settings.subscribe_reply]
extra_fields['subscribe_to_replied_threads'] = new_value
now = timezone.now()
user = self.model(is_staff=False,
is_superuser=False,
last_login=now,
joined_on=now,
**extra_fields)
user.set_username(username)
user.set_email(email)
user.set_password(password)
if not 'rank' in extra_fields:
user.rank = Rank.objects.get_default()
user.save(using=self._db)
if set_default_avatar:
avatars.set_default_avatar(user)
authenticated_role = Role.objects.get(special_role='authenticated')
if authenticated_role not in user.roles.all():
user.roles.add(authenticated_role)
user.update_acl_key()
user.save(update_fields=['acl_key'])
return user
def handle(self, *args, **options):
username = options.get("username")
email = options.get("email")
password = options.get("password")
interactive = options.get("interactive")
verbosity = int(options.get("verbosity", 1))
# Validate initial inputs
if username is not None:
try:
username = username.strip()
validate_username(username)
except ValidationError as e:
self.stderr.write(e.messages[0])
username = None
if email is not None:
try:
email = email.strip()
validate_email(email)
except ValidationError as e:
self.stderr.write(e.messages[0])
email = None
if password is not None:
try:
password = password.strip()
validate_password(password)
except ValidationError as e:
self.stderr.write(e.messages[0])
password = None
if not interactive:
if username and email and password:
# Call User manager's create_superuser using our wrapper
self.create_superuser(username, email, password, verbosity)
else:
try:
if hasattr(self.stdin, "isatty") and not self.stdin.isatty():
raise NotRunningInTTYException("Not running in a TTY")
# Prompt for username/password, and any other required fields.
# Enclose this whole thing in a try/except to trap for a
# keyboard interrupt and exit gracefully.
while not username:
try:
message = force_str("Enter displayed username: "******"Enter E-mail address: ").strip()
validate_email(raw_value)
email = raw_value
except ValidationError as e:
self.stderr.write(e.messages[0])
while not password:
try:
raw_value = getpass("Enter password: "******"Repeat password: "******"Entered passwords are different.")
password = raw_value
except ValidationError as e:
self.stderr.write(e.messages[0])
# Call User manager's create_superuser using our wrapper
self.create_superuser(username, email, password, verbosity)
except KeyboardInterrupt:
self.stderr.write("\nOperation cancelled.")
sys.exit(1)
except NotRunningInTTYException:
self.stdout.write(
"Superuser creation skipped due to not running in a TTY. "
"You can run `manage.py createsuperuser` in your project "
"to create one manually."
)