def change_email(request): tokens = EmailChangeToken.objects.filter(user=request.user) token = len(tokens) and tokens[0] or None if request.method == 'POST': form = ChangeEmailForm(request.user, data=request.POST) if form.is_valid(): # If there is an existing token, delete it if token: token.delete() # Create a new token token = EmailChangeToken(user=request.user, email=form.cleaned_data['email'], token=generate_random_token()) token.save() send_template_mail(settings.NOTIFICATION_FROM, form.cleaned_data['email'], 'Your postgresql.org community account', 'account/email_change_email.txt', { 'token': token , 'user': request.user, } ) return HttpResponseRedirect('done/') else: form = ChangeEmailForm(request.user) return render_to_response('account/emailchangeform.html', { 'form': form, 'token': token, }, NavContext(request, "account"))
def signup(request): if request.user.is_authenticated: return HttpSimpleResponse( request, "Account error", "You must log out before you can sign up for a new account") if request.method == 'POST': # Attempt to create user then, eh? form = SignupForm(get_client_ip(request), data=request.POST) if form.is_valid(): # Attempt to create the user here # XXX: Do we need to validate something else? log.info("Creating user for {0} from {1}".format( form.cleaned_data['username'], get_client_ip(request))) user = User.objects.create_user( form.cleaned_data['username'].lower(), form.cleaned_data['email'].lower(), last_login=datetime.now()) user.first_name = form.cleaned_data['first_name'] user.last_name = form.cleaned_data['last_name'] # generate a random value for password. It won't be possible to log in with it, but # it creates more entropy for the token generator (I think). user.password = generate_random_token() user.save() # Now generate a token token = default_token_generator.make_token(user) log.info("Generated token {0} for user {1} from {2}".format( token, form.cleaned_data['username'], get_client_ip(request))) # Generate an outgoing email send_template_mail( settings.ACCOUNTS_NOREPLY_FROM, form.cleaned_data['email'], 'Your new postgresql.org community account', 'account/new_account_email.txt', { 'uid': urlsafe_base64_encode(force_bytes(user.id)), 'token': token, 'user': user }) return HttpResponseRedirect('/account/signup/complete/') else: form = SignupForm(get_client_ip(request)) return render_pgweb( request, 'account', 'base/form.html', { 'form': form, 'formitemtype': 'Account', 'form_intro': """ To sign up for a free community account, enter your preferred userid and email address. Note that a community account is only needed if you want to submit information - all content is available for reading without an account. A confirmation email will be sent to the specified address, and once confirmed a password for the new account can be specified. """, 'savebutton': 'Sign up', 'operation': 'New', 'recaptcha': True, })
def signup(request): if request.user.is_authenticated(): return HttpServerError(request, "You must log out before you can sign up for a new account") if request.method == 'POST': # Attempt to create user then, eh? form = SignupForm(get_client_ip(request), data=request.POST) if form.is_valid(): # Attempt to create the user here # XXX: Do we need to validate something else? log.info("Creating user for {0} from {1}".format(form.cleaned_data['username'], get_client_ip(request))) user = User.objects.create_user(form.cleaned_data['username'].lower(), form.cleaned_data['email'].lower(), last_login=datetime.now()) user.first_name = form.cleaned_data['first_name'] user.last_name = form.cleaned_data['last_name'] # generate a random value for password. It won't be possible to log in with it, but # it creates more entropy for the token generator (I think). user.password = generate_random_token() user.save() # Now generate a token token = default_token_generator.make_token(user) log.info("Generated token {0} for user {1} from {2}".format(token, form.cleaned_data['username'], get_client_ip(request))) # Generate an outgoing email send_template_mail(settings.ACCOUNTS_NOREPLY_FROM, form.cleaned_data['email'], 'Your new postgresql.org community account', 'account/new_account_email.txt', {'uid': urlsafe_base64_encode(force_bytes(user.id)), 'token': token, 'user': user} ) return HttpResponseRedirect('/account/signup/complete/') else: form = SignupForm(get_client_ip(request)) return render_pgweb(request, 'account', 'base/form.html', { 'form': form, 'formitemtype': 'Account', 'form_intro': """ To sign up for a free community account, enter your preferred userid and email address. Note that a community account is only needed if you want to submit information - all content is available for reading without an account. A confirmation email will be sent to the specified address, and once confirmed a password for the new account can be specified. """, 'savebutton': 'Sign up', 'operation': 'New', 'recaptcha': True, })
def save(self, commit=True): model = super(OrganisationForm, self).save(commit=False) ops = [] if self.cleaned_data.get('add_email', None): # Create the email record e = OrganisationEmail( org=model, address=self.cleaned_data['add_email'].lower(), token=generate_random_token()) e.save() # Send email for confirmation send_template_mail( settings.NOTIFICATION_FROM, e.address, "Email address added to postgresql.org organisation", 'core/org_add_email.txt', { 'org': model, 'email': e, }, ) ops.append('Added email {}, confirmation request sent'.format( e.address)) if self.cleaned_data.get('remove_email', None): for e in self.cleaned_data['remove_email']: ops.append('Removed email {}'.format(e.address)) e.delete() if 'add_manager' in self.cleaned_data and self.cleaned_data[ 'add_manager']: u = User.objects.get( email=self.cleaned_data['add_manager'].lower()) model.managers.add(u) ops.append('Added manager {}'.format(u.username)) if 'remove_manager' in self.cleaned_data and self.cleaned_data[ 'remove_manager']: for toremove in self.cleaned_data['remove_manager']: model.managers.remove(toremove) ops.append('Removed manager {}'.format(toremove.username)) if ops: send_simple_mail( settings.NOTIFICATION_FROM, settings.NOTIFICATION_EMAIL, "{0} modified {1}".format(get_current_user().username, model), "The following changes were made to {}:\n\n{}".format( model, "\n".join(ops))) return model
def change_email(request): tokens = EmailChangeToken.objects.filter(user=request.user) token = len(tokens) and tokens[0] or None if request.user.password == OAUTH_PASSWORD_STORE: # Link shouldn't exist in this case, so just throw an unfriendly # error message. return HttpServerError( request, "This account cannot change email address as it's connected to a third party login site." ) if request.method == 'POST': form = ChangeEmailForm(request.user, data=request.POST) if form.is_valid(): # If there is an existing token, delete it if token: token.delete() # Create a new token token = EmailChangeToken(user=request.user, email=form.cleaned_data['email'].lower(), token=generate_random_token()) token.save() send_template_mail(settings.ACCOUNTS_NOREPLY_FROM, form.cleaned_data['email'], 'Your postgresql.org community account', 'account/email_change_email.txt', { 'token': token, 'user': request.user, }) return HttpResponseRedirect('done/') else: form = ChangeEmailForm(request.user) return render_pgweb(request, 'account', 'account/emailchangeform.html', { 'form': form, 'token': token, })
def change_email(request): tokens = EmailChangeToken.objects.filter(user=request.user) token = len(tokens) and tokens[0] or None if request.user.password == OAUTH_PASSWORD_STORE: # Link shouldn't exist in this case, so just throw an unfriendly # error message. return HttpServerError(request, "This account cannot change email address as it's connected to a third party login site.") if request.method == 'POST': form = ChangeEmailForm(request.user, data=request.POST) if form.is_valid(): # If there is an existing token, delete it if token: token.delete() # Create a new token token = EmailChangeToken(user=request.user, email=form.cleaned_data['email'].lower(), token=generate_random_token()) token.save() send_template_mail( settings.ACCOUNTS_NOREPLY_FROM, form.cleaned_data['email'], 'Your postgresql.org community account', 'account/email_change_email.txt', {'token': token, 'user': request.user, } ) return HttpResponseRedirect('done/') else: form = ChangeEmailForm(request.user) return render_pgweb(request, 'account', 'account/emailchangeform.html', { 'form': form, 'token': token, })
def profile(request): # We always have the user, but not always the profile. And we need a bit # of a hack around the normal forms code since we have two different # models on a single form. (profile, created) = UserProfile.objects.get_or_create(pk=request.user.pk) # Don't allow users whose accounts were created via oauth to change # their email, since that would kill the connection between the # accounts. can_change_email = (request.user.password != OAUTH_PASSWORD_STORE) # We may have a contributor record - and we only show that part of the # form if we have it for this user. try: contrib = Contributor.objects.get(user=request.user.pk) except Contributor.DoesNotExist: contrib = None contribform = None secondaryaddresses = SecondaryEmail.objects.filter(user=request.user) if request.method == 'POST': # Process this form userform = UserForm(can_change_email, secondaryaddresses, data=request.POST, instance=request.user) profileform = UserProfileForm(data=request.POST, instance=profile) secondaryemailform = AddEmailForm(request.user, data=request.POST) if contrib: contribform = ContributorForm(data=request.POST, instance=contrib) if userform.is_valid() and profileform.is_valid( ) and secondaryemailform.is_valid() and (not contrib or contribform.is_valid()): user = userform.save() # Email takes some magic special handling, since we only allow picking of existing secondary emails, but it's # not a foreign key (due to how the django auth model works). if can_change_email and userform.cleaned_data[ 'primaryemail'] != user.email: # Changed it! oldemail = user.email # Create a secondary email for the old primary one SecondaryEmail(user=user, email=oldemail, confirmed=True, token='').save() # Flip the main email user.email = userform.cleaned_data['primaryemail'] user.save(update_fields=[ 'email', ]) # Finally remove the old secondary address, since it can`'t be both primary and secondary at the same time SecondaryEmail.objects.filter(user=user, email=user.email).delete() log.info("User {} changed primary email from {} to {}".format( user.username, oldemail, user.email)) profileform.save() if contrib: contribform.save() if secondaryemailform.cleaned_data.get('email1', ''): sa = SecondaryEmail( user=request.user, email=secondaryemailform.cleaned_data['email1'], token=generate_random_token()) sa.save() send_template_mail(settings.ACCOUNTS_NOREPLY_FROM, sa.email, 'Your postgresql.org community account', 'account/email_add_email.txt', { 'secondaryemail': sa, 'user': request.user, }) for k, v in request.POST.items(): if k.startswith('deladdr_') and v == '1': ii = int(k[len('deladdr_'):]) SecondaryEmail.objects.filter(user=request.user, id=ii).delete() return HttpResponseRedirect(".") else: # Generate form userform = UserForm(can_change_email, secondaryaddresses, instance=request.user) profileform = UserProfileForm(instance=profile) secondaryemailform = AddEmailForm(request.user) if contrib: contribform = ContributorForm(instance=contrib) return render_pgweb( request, 'account', 'account/userprofileform.html', { 'userform': userform, 'profileform': profileform, 'secondaryemailform': secondaryemailform, 'secondaryaddresses': secondaryaddresses, 'secondarypending': any(not a.confirmed for a in secondaryaddresses), 'contribform': contribform, })