def teacher_edit_account(request):
teacher = request.user.userprofile.teacher
backup_tokens = 0
# For teachers using 2FA, find out how many backup tokens they have
if default_device(request.user):
try:
backup_tokens = request.user.staticdevice_set.all()[0].token_set.count()
except Exception:
backup_tokens = 0
if request.method == "POST":
form = TeacherEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email = False
# check not default value for CharField
if data["password"] != "":
teacher.user.user.set_password(data["password"])
teacher.user.user.save()
update_session_auth_hash(request, form.user)
teacher.title = data["title"]
teacher.user.user.first_name = data["first_name"]
teacher.user.user.last_name = data["last_name"]
new_email = data["email"]
if new_email != "" and new_email != teacher.user.user.email:
# new email to set and verify
changing_email = True
send_verification_email(request, teacher.user, new_email)
teacher.save()
teacher.user.user.save()
if changing_email:
logout(request)
messages.success(
request,
"Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.",
)
return render(
request, "portal/email_verification_needed.html", {"userprofile": teacher.user, "email": new_email}
)
messages.success(request, "Your account details have been successfully changed.")
return HttpResponseRedirect(reverse_lazy("teacher_home"))
else:
form = TeacherEditAccountForm(
request.user,
initial={
"title": teacher.title,
"first_name": teacher.user.user.first_name,
"last_name": teacher.user.user.last_name,
"school": teacher.school,
},
)
return render(request, "portal/teach/teacher_edit_account.html", {"form": form, "backup_tokens": backup_tokens})
def teacher_edit_account(request):
teacher = request.user.userprofile.teacher
backup_tokens = 0
# For teachers using 2FA, find out how many backup tokens they have
if using_two_factor(request.user):
try:
backup_tokens = request.user.staticdevice_set.all()[0].token_set.count()
except Exception:
backup_tokens = 0
if request.method == 'POST':
form = TeacherEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email = False
# check not default value for CharField
if (data['password'] != ''):
teacher.user.user.set_password(data['password'])
teacher.user.user.save()
update_session_auth_hash(request, form.user)
teacher.title = data['title']
teacher.user.user.first_name = data['first_name']
teacher.user.user.last_name = data['last_name']
new_email = data['email']
if new_email != '' and new_email != teacher.user.user.email:
# new email to set and verify
changing_email = True
send_verification_email(request, teacher.user.user, new_email)
teacher.save()
teacher.user.user.save()
if changing_email:
logout(request)
messages.success(request, 'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.')
return render(request, 'portal/email_verification_needed.html',
{'userprofile': teacher.user,
'email': new_email})
messages.success(request, 'Your account details have been successfully changed.')
return HttpResponseRedirect(reverse_lazy('teacher_home'))
else:
form = TeacherEditAccountForm(request.user, initial={
'title': teacher.title,
'first_name': teacher.user.user.first_name,
'last_name': teacher.user.user.last_name,
'school': teacher.school,
})
return render(request, 'portal/teach/teacher_edit_account.html',
{'form': form,
'backup_tokens': backup_tokens})
def teacher_dismiss_students(request, access_code):
klass = get_object_or_404(Class, access_code=access_code)
# check user is authorised to deal with class
if request.user.userprofile.teacher != klass.teacher:
raise Http404
# get student objects for students to be deleted, confirming they are in the class
student_ids = json.loads(request.POST.get("transfer_students", "[]"))
students = [get_object_or_404(Student, id=i, class_field=klass) for i in student_ids]
TeacherDismissStudentsFormSet = formset_factory(
wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)),
extra=0,
formset=BaseTeacherDismissStudentsFormSet,
)
if request.method == "POST" and "submit_dismiss" in request.POST:
formset = TeacherDismissStudentsFormSet(request.POST)
if formset.is_valid():
for data in formset.cleaned_data:
student = get_object_or_404(
Student, class_field=klass, user__user__first_name__iexact=data["orig_name"]
)
student.class_field = None
student.user.awaiting_email_verification = True
student.user.user.first_name = data["name"]
student.user.user.username = data["name"]
student.user.user.email = data["email"]
student.save()
student.user.save()
student.user.user.save()
send_verification_email(request, student.user)
messages.success(request, "The students have been removed successfully from the class.")
return HttpResponseRedirect(reverse_lazy("teacher_class", kwargs={"access_code": access_code}))
else:
initial_data = [
{
"orig_name": student.user.user.first_name,
"name": generate_new_student_name(student.user.user.first_name),
"email": "",
}
for student in students
]
formset = TeacherDismissStudentsFormSet(initial=initial_data)
return render(
request,
"portal/teach/teacher_dismiss_students.html",
{"formset": formset, "class": klass, "students": students},
)
def student_edit_account(request):
student = request.user.userprofile.student
if request.method == 'POST':
form = StudentEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email = False
# check not default value for CharField
if (data['password'] != ''):
student.user.user.set_password(data['password'])
student.user.user.save()
update_session_auth_hash(request, form.user)
# allow individual students to update more
if not student.class_field:
new_email = data['email']
if new_email != '' and new_email != student.user.user.email:
# new email to set and verify
changing_email = True
send_verification_email(request, student.user, new_email)
student.user.user.first_name = data['name']
# save all tables
student.save()
student.user.user.save()
messages.success(
request,
'Your account details have been changed successfully.')
if changing_email:
logout(request)
return render(request, 'portal/email_verification_needed.html',
{
'userprofile': student.user,
'email': new_email
})
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
form = StudentEditAccountForm(
request.user, initial={'name': student.user.user.first_name})
return render(request, 'portal/play/student_edit_account.html',
{'form': form})
def teacher_dismiss_students(request, access_code):
klass = get_object_or_404(Class, access_code=access_code)
# check user is authorised to deal with class
if request.user.userprofile.teacher != klass.teacher:
raise Http404
# get student objects for students to be deleted, confirming they are in the class
student_ids = json.loads(request.POST.get('transfer_students', '[]'))
students = [get_object_or_404(Student, id=i, class_field=klass) for i in student_ids]
TeacherDismissStudentsFormSet = formset_factory(wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)), extra=0, formset=BaseTeacherDismissStudentsFormSet)
if request.method == 'POST' and 'submit_dismiss' in request.POST:
formset = TeacherDismissStudentsFormSet(request.POST)
if formset.is_valid():
for data in formset.cleaned_data:
student = get_object_or_404(Student, class_field=klass, user__user__first_name__iexact=data['orig_name'])
student.class_field = None
student.user.awaiting_email_verification = True
student.user.user.first_name = data['name']
student.user.user.username = data['name']
student.user.user.email = data['email']
student.save()
student.user.save()
student.user.user.save()
send_verification_email(request, student.user)
messages.success(request, 'The students have been removed successfully from the class.')
return HttpResponseRedirect(reverse_lazy('teacher_class', kwargs={'access_code': access_code }))
else:
initial_data = [{'orig_name' : student.user.user.first_name,
'name' : generate_new_student_name(student.user.user.first_name),
'email' : '',
} for student in students]
formset = TeacherDismissStudentsFormSet(initial=initial_data)
return render(request, 'portal/teach/teacher_dismiss_students.html', {
'formset': formset,
'class': klass,
'students': students,
})
def student_edit_account(request):
student = request.user.userprofile.student
if request.method == 'POST':
form = StudentEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email=False
# check not default value for CharField
if (data['password'] != ''):
student.user.user.set_password(data['password'])
student.user.user.save()
update_session_auth_hash(request, form.user)
# allow individual students to update more
if not student.class_field:
new_email = data['email']
if new_email != '' and new_email != student.user.user.email:
# new email to set and verify
changing_email=True
send_verification_email(request, student.user, new_email)
student.user.user.first_name = data['name']
# save all tables
student.save()
student.user.user.save()
messages.success(request, 'Your account details have been changed successfully.')
if changing_email:
logout(request)
return render(request, 'portal/email_verification_needed.html', { 'userprofile': student.user, 'email': new_email })
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
form = StudentEditAccountForm(request.user, initial={
'name': student.user.user.first_name})
return render(request, 'portal/play/student_edit_account.html', { 'form': form })
def teach(request):
invalid_form = False
limits = getattr(request, 'limits', {'ip': [0], 'email': [0]})
captcha_limit = 5
using_captcha = (limits['ip'][0] > captcha_limit
or limits['email'][0] > captcha_limit)
should_use_captcha = (limits['ip'][0] >= captcha_limit
or limits['email'][0] >= captcha_limit)
LoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(TeacherLoginForm,
recaptcha_client), request)
InputLoginForm = LoginFormWithCaptcha if using_captcha else TeacherLoginForm
OutputLoginForm = LoginFormWithCaptcha if should_use_captcha else TeacherLoginForm
login_form = OutputLoginForm(prefix='login')
signup_form = TeacherSignupForm(prefix='signup')
if request.method == 'POST':
if 'login' in request.POST:
login_form = InputLoginForm(request.POST, prefix='login')
if login_form.is_valid():
userProfile = login_form.user.userprofile
if userProfile.awaiting_email_verification:
send_verification_email(request, userProfile)
return render(request,
'portal/email_verification_needed.html',
{'userprofile': userProfile})
login(request, login_form.user)
if using_two_factor(request.user):
return render(
request, 'portal/2FA_redirect.html', {
'form': AuthenticationForm(),
'username': request.user.username,
'password': login_form.cleaned_data['password'],
})
else:
link = reverse('two_factor:profile')
messages.info(request, (
"You are not currently set up with two-factor authentication. "
+
"Use your phone or tablet to enhance your account's security. "
+ "Click <a href='" + link +
"'>here</a> to find out more and " +
"set it up or go to your account page at any time."),
extra_tags='safe')
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('teacher_home'))
else:
login_form = OutputLoginForm(request.POST, prefix='login')
invalid_form = True
if 'signup' in request.POST:
signup_form = TeacherSignupForm(request.POST, prefix='signup')
if signup_form.is_valid():
data = signup_form.cleaned_data
teacher = Teacher.objects.factory(
title=data['title'],
first_name=data['first_name'],
last_name=data['last_name'],
email=data['email'],
password=data['password'])
send_verification_email(request, teacher.user)
return render(request, 'portal/email_verification_needed.html',
{'userprofile': teacher.user})
logged_in_as_teacher = hasattr(request.user, 'userprofile') and \
hasattr(request.user.userprofile, 'teacher') and \
(request.user.is_verified() or not using_two_factor(request.user))
res = render(
request, 'portal/teach.html', {
'login_form': login_form,
'signup_form': signup_form,
'logged_in_as_teacher': logged_in_as_teacher,
})
res.count = invalid_form
return res
def play(request):
invalid_form = False
limits = getattr(request, 'limits', {'ip': [0], 'name': [0]})
ip_captcha_limit = 30
name_captcha_limit = 5
using_captcha = (limits['ip'][0] > ip_captcha_limit
or limits['name'][0] >= name_captcha_limit)
should_use_captcha = (limits['ip'][0] >= ip_captcha_limit
or limits['name'][0] >= name_captcha_limit)
StudentLoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(StudentLoginForm,
recaptcha_client), request)
InputStudentLoginForm = StudentLoginFormWithCaptcha if using_captcha else StudentLoginForm
OutputStudentLoginForm = StudentLoginFormWithCaptcha if should_use_captcha else StudentLoginForm
IndependentStudentLoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(IndependentStudentLoginForm,
recaptcha_client), request)
InputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if using_captcha else IndependentStudentLoginForm
OutputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if should_use_captcha else IndependentStudentLoginForm
school_login_form = OutputStudentLoginForm(prefix='login')
independent_student_login_form = IndependentStudentLoginForm(
prefix='independent_student')
signup_form = StudentSignupForm(prefix='signup')
independent_student_view = False
signup_view = False
if request.method == 'POST':
if 'school_login' in request.POST:
school_login_form = InputStudentLoginForm(request.POST,
prefix='login')
if school_login_form.is_valid():
login(request, school_login_form.user)
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
school_login_form = OutputStudentLoginForm(request.POST,
prefix='login')
invalid_form = True
elif 'independent_student_login' in request.POST:
independent_student_login_form = InputIndependentStudentLoginForm(
request.POST, prefix='independent_student')
if independent_student_login_form.is_valid():
userProfile = independent_student_login_form.user.userprofile
if userProfile.awaiting_email_verification:
send_verification_email(request, userProfile)
return render(request,
'portal/email_verification_needed.html',
{'userprofile': userProfile})
login(request, independent_student_login_form.user)
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
independent_student_view = True
independent_student_login_form = OutputIndependentStudentLoginForm(
request.POST, prefix='independent_student')
school_login_form = StudentLoginForm(prefix='login')
invalid_form = True
elif 'signup' in request.POST:
signup_form = StudentSignupForm(request.POST, prefix='signup')
if signup_form.is_valid():
data = signup_form.cleaned_data
student = Student.objects.independentStudentFactory(
username=data['username'],
name=data['name'],
email=data['email'],
password=data['password'])
email_supplied = (data['email'] != '')
if (email_supplied):
send_verification_email(request, student.user)
return render(request,
'portal/email_verification_needed.html',
{'userprofile': student.user})
else:
auth_user = authenticate(username=data['username'],
password=data['password'])
login(request, auth_user)
return render(request, 'portal/play/student_details.html')
else:
signup_view = True
res = render(
request, 'portal/play.html', {
'school_login_form': school_login_form,
'independent_student_login_form': independent_student_login_form,
'signup_form': signup_form,
'independent_student_view': independent_student_view,
'signup_view': signup_view,
})
res.count = invalid_form
return res
def teach(request):
invalid_form = False
limits = getattr(request, 'limits', {'ip': [0], 'email': [0]})
captcha_limit = 5
using_captcha = (limits['ip'][0] > captcha_limit or limits['email'][0] > captcha_limit)
should_use_captcha = (limits['ip'][0] >= captcha_limit or limits['email'][0] >= captcha_limit)
LoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(TeacherLoginForm, recaptcha_client), request)
InputLoginForm = LoginFormWithCaptcha if using_captcha else TeacherLoginForm
OutputLoginForm = LoginFormWithCaptcha if should_use_captcha else TeacherLoginForm
login_form = OutputLoginForm(prefix='login')
signup_form = TeacherSignupForm(prefix='signup')
if request.method == 'POST':
if 'login' in request.POST:
login_form = InputLoginForm(request.POST, prefix='login')
if login_form.is_valid():
userProfile = login_form.user.userprofile
if userProfile.awaiting_email_verification:
send_verification_email(request, userProfile)
return render(request, 'portal/email_verification_needed.html',
{'userprofile': userProfile})
login(request, login_form.user)
if default_device(request.user):
return render(request, 'portal/2FA_redirect.html', {
'form': AuthenticationForm(),
'username': request.user.username,
'password': login_form.cleaned_data['password'],
})
else:
link = reverse('two_factor:profile')
messages.info(
request, ("You are not currently set up with two-factor authentication. "
+ "Use your phone or tablet to enhance your account's security. "
+ "Click <a href='" + link + "'>here</a> to find out more and "
+ "set it up or go to your account page at any time."),
extra_tags='safe')
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('teacher_home'))
else:
login_form = OutputLoginForm(request.POST, prefix='login')
invalid_form = True
if 'signup' in request.POST:
signup_form = TeacherSignupForm(request.POST, prefix='signup')
if signup_form.is_valid():
data = signup_form.cleaned_data
teacher = Teacher.objects.factory(
title=data['title'],
first_name=data['first_name'],
last_name=data['last_name'],
email=data['email'],
password=data['password'])
send_verification_email(request, teacher.user)
return render(request, 'portal/email_verification_needed.html',
{'userprofile': teacher.user})
logged_in_as_teacher = hasattr(request.user, 'userprofile') and \
hasattr(request.user.userprofile, 'teacher') and \
(request.user.is_verified() or not default_device(request.user))
res = render(request, 'portal/teach.html', {
'login_form': login_form,
'signup_form': signup_form,
'logged_in_as_teacher': logged_in_as_teacher,
})
res.count = invalid_form
return res
def play(request):
invalid_form = False
limits = getattr(request, 'limits', {'ip': [0], 'name': [0]})
ip_captcha_limit = 30
name_captcha_limit = 5
using_captcha = (limits['ip'][0] > ip_captcha_limit or limits['name'][0] >= name_captcha_limit)
should_use_captcha = (limits['ip'][0] >= ip_captcha_limit or limits['name'][0] >= name_captcha_limit)
StudentLoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(StudentLoginForm, recaptcha_client), request)
InputStudentLoginForm = StudentLoginFormWithCaptcha if using_captcha else StudentLoginForm
OutputStudentLoginForm = StudentLoginFormWithCaptcha if should_use_captcha else StudentLoginForm
IndependentStudentLoginFormWithCaptcha = partial(
create_form_subclass_with_recaptcha(IndependentStudentLoginForm, recaptcha_client), request)
InputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if using_captcha else IndependentStudentLoginForm
OutputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if should_use_captcha else IndependentStudentLoginForm
school_login_form = OutputStudentLoginForm(prefix='login')
independent_student_login_form = IndependentStudentLoginForm(prefix='independent_student')
signup_form = StudentSignupForm(prefix='signup')
independent_student_view = False
signup_view = False
if request.method == 'POST':
if 'school_login' in request.POST:
school_login_form = InputStudentLoginForm(request.POST, prefix='login')
if school_login_form.is_valid():
login(request, school_login_form.user)
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
school_login_form = OutputStudentLoginForm(request.POST, prefix='login')
invalid_form = True
elif 'independent_student_login' in request.POST:
independent_student_login_form = InputIndependentStudentLoginForm(request.POST, prefix='independent_student')
if independent_student_login_form.is_valid():
userProfile = independent_student_login_form.user.userprofile
if userProfile.awaiting_email_verification:
send_verification_email(request, userProfile)
return render(request, 'portal/email_verification_needed.html',
{'userprofile': userProfile})
login(request, independent_student_login_form.user)
next_url = request.GET.get('next', None)
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy('student_details'))
else:
independent_student_view = True
independent_student_login_form = OutputIndependentStudentLoginForm(request.POST, prefix='independent_student')
school_login_form = StudentLoginForm(prefix='login')
invalid_form = True
elif 'signup' in request.POST:
signup_form = StudentSignupForm(request.POST, prefix='signup')
if signup_form.is_valid():
data = signup_form.cleaned_data
student = Student.objects.independentStudentFactory(
username=data['username'],
name=data['name'],
email=data['email'],
password=data['password'])
email_supplied = (data['email'] != '')
if (email_supplied):
send_verification_email(request, student.user)
return render(request, 'portal/email_verification_needed.html',
{'userprofile': student.user})
else:
auth_user = authenticate(username=data['username'], password=data['password'])
login(request, auth_user)
return render(request, 'portal/play/student_details.html')
else:
signup_view = True
res = render(request, 'portal/play.html', {
'school_login_form': school_login_form,
'independent_student_login_form': independent_student_login_form,
'signup_form': signup_form,
'independent_student_view': independent_student_view,
'signup_view': signup_view,
})
res.count = invalid_form
return res
def teacher_edit_account(request):
teacher = request.user.userprofile.teacher
backup_tokens = 0
# For teachers using 2FA, find out how many backup tokens they have
if using_two_factor(request.user):
try:
backup_tokens = request.user.staticdevice_set.all(
)[0].token_set.count()
except Exception:
backup_tokens = 0
if request.method == 'POST':
form = TeacherEditAccountForm(request.user, request.POST)
if form.is_valid():
data = form.cleaned_data
changing_email = False
# check not default value for CharField
if (data['password'] != ''):
teacher.user.user.set_password(data['password'])
teacher.user.user.save()
update_session_auth_hash(request, form.user)
teacher.title = data['title']
teacher.user.user.first_name = data['first_name']
teacher.user.user.last_name = data['last_name']
new_email = data['email']
if new_email != '' and new_email != teacher.user.user.email:
# new email to set and verify
changing_email = True
send_verification_email(request, teacher.user, new_email)
teacher.save()
teacher.user.user.save()
if changing_email:
logout(request)
messages.success(
request,
'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.'
)
return render(request, 'portal/email_verification_needed.html',
{
'userprofile': teacher.user,
'email': new_email
})
messages.success(
request,
'Your account details have been successfully changed.')
return HttpResponseRedirect(reverse_lazy('teacher_home'))
else:
form = TeacherEditAccountForm(request.user,
initial={
'title': teacher.title,
'first_name':
teacher.user.user.first_name,
'last_name':
teacher.user.user.last_name,
'school': teacher.school,
})
return render(request, 'portal/teach/teacher_edit_account.html', {
'form': form,
'backup_tokens': backup_tokens
})
def teacher_dismiss_students(request, access_code):
klass = get_object_or_404(Class, access_code=access_code)
# check user is authorised to deal with class
if request.user.userprofile.teacher != klass.teacher:
raise Http404
# get student objects for students to be deleted, confirming they are in the class
student_ids = json.loads(request.POST.get('transfer_students', '[]'))
students = [
get_object_or_404(Student, id=i, class_field=klass)
for i in student_ids
]
TeacherDismissStudentsFormSet = formset_factory(
wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)),
extra=0,
formset=BaseTeacherDismissStudentsFormSet)
if request.method == 'POST' and 'submit_dismiss' in request.POST:
formset = TeacherDismissStudentsFormSet(request.POST)
if formset.is_valid():
for data in formset.cleaned_data:
student = get_object_or_404(
Student,
class_field=klass,
user__user__first_name__iexact=data['orig_name'])
student.class_field = None
student.user.awaiting_email_verification = True
student.user.user.first_name = data['name']
student.user.user.username = data['name']
student.user.user.email = data['email']
student.save()
student.user.save()
student.user.user.save()
send_verification_email(request, student.user)
messages.success(
request,
'The students have been removed successfully from the class.')
return HttpResponseRedirect(
reverse_lazy('teacher_class',
kwargs={'access_code': access_code}))
else:
initial_data = [{
'orig_name':
student.user.user.first_name,
'name':
generate_new_student_name(student.user.user.first_name),
'email':
'',
} for student in students]
formset = TeacherDismissStudentsFormSet(initial=initial_data)
return render(request, 'portal/teach/teacher_dismiss_students.html', {
'formset': formset,
'class': klass,
'students': students,
})
