def social_login(self, request, **kwargs): self.method_check(request, allowed=['post']) # new way try: data = self.get_clean_data(request) access_token = self.get_clean_token(data) except: return self.create_response(request, u'something wrong with args', HttpBadRequest) if 'phone_number' in data: phone_number = self.get_clean_number(data) number = self.find_number(phone_number) if number.validated and number.user: perform_login(request, number.user, None) user = number.user else: # social registration (legacy) try: data = self.get_clean_data(request) access_token = self.get_clean_token(data) (request, user) = self.social(request, access_token) except: logging.error(u'something went wrong with FB') return self.create_response(request, {u'something went wrong with FB'}, HttpBadRequest) ############### result = { u'api_key': user.api_key.key, u'userid': user.id, u'username': user.username } return self.create_response(request, result, HttpResponse)
def pre_social_login(self, request, sociallogin): User = get_user_model() # TODO: make sure that the partnership is still in good standing or valid or whatever if sociallogin.user.pk: set_country(sociallogin.user, request) logger.info("setting connection to {}".format( sociallogin.user.profile.country)) return try: # if user exists, connect the account to the existing account and login new_login_user = User.objects.get(email=sociallogin.user.email) except User.DoesNotExist: url = reverse('sociallogin_notamember', kwargs={ 'email': urlsafe_base64_encode(sociallogin.user.email) }) raise ImmediateHttpResponse(HttpResponseRedirect(url)) sociallogin.connect(request, new_login_user) set_country(new_login_user, request) perform_login(request, new_login_user, 'none', redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin})
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return if not user.email: raise ImmediateHttpResponse( response=HttpResponseRedirect(reverse('home'))) try: # if user exists, connect the account to the existing account and # login user = DplUser.objects.get(email=user.email) sociallogin.state['process'] = 'connect' next_url = request.GET.get('next') if not next_url: next_url = reverse('home') perform_login(request, user, 'none', redirect_url=next_url, signal_kwargs=None, signup=False) except DplUser.DoesNotExist: pass
def pre_social_login_(sender, request, sociallogin, **kwargs): ''' Resolve issue of existing email address. When signing up a social account with the existing email address it will logged the existing user. And for security hole issue the account will not successfully logged if their given email address are not verified. To verify ownership of email this function will automatically send a verification link to the given email and only legit user can access the said account. :param sender: :param request: :param sociallogin: :param kwargs: :return: ''' email = sociallogin.account.extra_data['email'] _user = get_user_model() users = _user.objects.filter(email=email) _s_emails = s_emails.objects.filter(email=email) e_existing = _s_emails.exists() u_existing = users.exists() if u_existing : if e_existing: if _s_emails[0].verified: perform_login(request, users[0], app_settings.EMAIL_VERIFICATION) raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL)) send_email_confirmation(request, users[0]) raise ImmediateHttpResponse(render(request, 'account/verification_sent.html', {}))
def pre_social_login(self, request, sociallogin): social_email = sociallogin.account.extra_data.get('email') try: customer = CustomUser.objects.get( email=social_email ) # if user exists, connect the account to the existing account and login sociallogin.state['process'] = 'connect' perform_login(request, customer, 'none') except CustomUser.DoesNotExist: pass try: customer = CustomUser.objects.get( email1=social_email ) # if user exists, connect the account to the existing account and login # sociallogin.state['process'] = 'connect' # perform_login(request, customer, 'none') if not sociallogin.is_existing: sociallogin.connect(request, customer) except CustomUser.DoesNotExist: pass try: customer = CustomUser.objects.get( email2=social_email ) # if user exists, connect the account to the existing account and login sociallogin.state['process'] = 'connect' perform_login(request, customer, 'none') except CustomUser.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user email = user.email if not email.split('@')[1] == 'iiitdmj.ac.in': messages.error(request, 'Use iiitdmj mail to sign in to this account !') raise ImmediateHttpResponse( render_to_response('account/exception.html')) else: if user.id: return try: # if user exists, connect the account to the existing account and login u = User.objects.get(email=email) sociallogin.state['process'] = 'connect' # authenticate(username=u.username, password=u.password) perform_login(request, u, 'none') return redirect('/') except User.DoesNotExist: exception_string = "Seems Like you don't \ have an account here! Contact CC admin for your account." messages.error(request, exception_string) raise ImmediateHttpResponse( render_to_response('account/exception_no_account.html'))
def link_to_local_user(sender, request, sociallogin, **kwargs): email_address = sociallogin.account.extra_data['email'] User = get_user_model() users = User.objects.filter(email=email_address) if users: perform_login(request, users[0], email_verification='optional') raise ImmediateHttpResponse( redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def pre_social_login(self, request, sociallogin): try: user = User.objects.get( email=sociallogin.account.extra_data['email']) perform_login(request, user, email_verification='optional') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL)) except User.DoesNotExist: pass
def _login_social_account(request, account): user = account.user perform_login(request, user) if not user.is_active: ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request)) else: ret = HttpResponseRedirect(get_login_redirect_url(request)) return ret
def link_to_local_user(sender, request, sociallogin, **kwargs): email_address = sociallogin.account.extra_data['email'] users = User.objects.filter(email=email_address) if users: perform_login(request, users[0], email_verification=settings.ACCOUNT_EMAIL_VERIFICATION) raise ImmediateHttpResponse(redirect('home'))
def pre_social_login(self, request, sociallogin): try: print '@---------------------------@' iUser = User.objects.get(email=sociallogin.account.user.email) if iUser != None: perform_login(request, iUser, email_verification='optional') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id))) except User.DoesNotExist: pass
def link_to_local_user(sender, request, sociallogin, **kwargs): email_address = sociallogin.account.extra_data["email"] users = User.objects.filter(email=email_address) if users: perform_login(request, users[0], email_verification=app_settings.EMAIL_VERIFICATION) raise ImmediateHttpResponse( redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def _login_social_account(request, account): user = account.user perform_login(request, user) if not user.is_active: ret = render_to_response('socialaccount/account_inactive.html', {}, context_instance=RequestContext(request)) else: ret = HttpResponseRedirect(get_login_redirect_url(request)) return ret
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return try: usuario = User.objects.get(email=user.email) # if user exists, connect the account to the existing account and login sociallogin.state['process'] = 'connect' perform_login(request, usuario, 'none') except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return try: user = User.objects.get(email=user.email) sociallogin.state['process'] = 'connect' perform_login(request, user, 'none') except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return try: existing_user = User.objects.get(username=user.username) sociallogin.state['process'] = 'connect' perform_login(request, existing_user, request.GET.get('next', '/')) except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id or not user.email: return try: user = User.objects.get(email=user.email) sociallogin.state['next'] = reverse('cyclist_dashboard') sociallogin.state['process'] = 'connect' perform_login(request, user, 'none') except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return try: customer = User.objects.get( email=user.email ) # if user exists, connect the account to the existing account and login sociallogin.state['process'] = 'connect' perform_login(request, customer, 'none') except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): try: email = sociallogin.account.extra_data['email'] user = User.objects.get(email=email) # diff between accounts if not user.socialaccount_set.filter().exists(): sociallogin.connect(request, user) perform_login(request, user, email_verification='none') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL)) except Exception as e: logger.error("PRE SOCIAL LOGIN FAIL " + str(request.user)) pass
def _login_social_account(request, account): user = account.user perform_login(request, user) engine.check_achievement(user=request.user, key="facebook_login") if not user.is_active: ret = render_to_response( 'socialaccount/account_inactive.html', {}, context_instance=RequestContext(request)) else: ret = HttpResponseRedirect(get_login_redirect_url(request)) return ret
def _login_social_account(request, account): user = account.user perform_login(request, user) if not user.is_active: ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request)) else: if request.is_ajax(): ret = HttpResponse( simplejson.dumps({"status": "ok", "redirect": get_login_redirect_url(request)}), mimetype="application/json", ) else: ret = HttpResponseRedirect(get_login_redirect_url(request)) return ret
def link_to_local_user(sender, request, sociallogin, **kwargs): email_address = sociallogin.account.extra_data['email'] users = CustomUser.objects.filter(email=email_address) # profile = Profile.objects.filter(user_id=users) # if profile: # login_if_exists(users, profile,sociallogin) if users: perform_login(request, users[0], email_verification=settings.ACCOUNT_EMAIL_VERIFICATION) # users.is_active = True # users.save() return sociallogin
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id or not user.email: return try: user = User.objects.get(email=user.email) sociallogin.state['next'] = reverse('cyclist_dashboard') sociallogin.state['process'] = 'connect' perform_login(request, user, 'none') except User.DoesNotExist: if 'user_role' not in request.session: sociallogin.state['next'] = reverse('signup_define_role') sociallogin.state['process'] = 'redirect'
def pre_social_login(self, request, sociallogin): """Add social account to an existing account (if registered with email and password).""" social_user = sociallogin.user if social_user.id: return # noinspection PyPep8Naming User = get_user_model() try: user = User.objects.get(email=social_user.email) sociallogin.state['process'] = 'connect' perform_login(request, user, 'none') except User.DoesNotExist: pass
def pre_social_login(self, request, sociallogin): user = sociallogin.user if user.id: return try: user = User.objects.get( email=user.email ) # if user exists, connect the account to the existing account and login sociallogin.state['process'] = 'connect' perform_login(request, user, email_verification='mandatory') except User.DoesNotExist: username = user.first_name username = slugify(username) + str( user.logentry_set.creation_counter) user.username = username
def get(self, request, *args, **kwargs): practice_group, created = Group.objects.get_or_create(name='practice') # Create practice user and save to the database lst = [ random.choice(string.ascii_letters + string.digits) for n in range(5) ] randomstr = "".join(lst) username = password = "******".format(randomstr) User = get_user_model() practice_user = User.objects.create_user( username, '{}@crazymail.com'.format(username), password) practice_group.user_set.add(practice_user) practice_group.save() credentials = {"username": username, "password": password} user = get_adapter(self.request).authenticate(self.request, **credentials) ret = perform_login(request, user, email_verification=False, redirect_url=reverse_lazy('core:home')) return ret
def link_to_local_user(sender, request, sociallogin, **kwargs): """ Login and redirect This is done in order to tackle the situation where user's email retrieved from one provider is different from already existing email in the database (e.g facebook and google both use same email-id). Specifically, this is done to tackle following issues: * https://github.com/pennersr/django-allauth/issues/215 """ email_address = sociallogin.account.extra_data['email'] existing_user = User.objects.filter(email=email_address).first() link_social_info_to_superuser(existing_user, sociallogin) if existing_user: perform_login(request, existing_user, email_verification='optional') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
def login_on_confirm(self, confirmation): """ Simply logging in the user may become a security issue. If you do not take proper care (e.g. don't purge used email confirmations), a malicious person that got hold of the link will be able to login over and over again and the user is unable to do anything about it. Even restoring his own mailbox security will not help, as the links will still work. For password reset this is different, this mechanism works only as long as the attacker has access to the mailbox. If he no longer has access he cannot issue a password request and intercept it. Furthermore, all places where the links are listed (log files, but even Google Analytics) all of a sudden need to be secured. Purging the email confirmation once confirmed changes the behavior -- users will not be able to repeatedly confirm (in case they forgot that they already clicked the mail). All in all, opted for storing the user that is in the process of signing up in the session to avoid all of the above. This may not 100% work in case the user closes the browser (and the session gets lost), but at least we're secure. """ user_pk = self.request.session.pop('account_user', None) user = confirmation.email_address.user if user_pk == user.pk and self.request.user.is_anonymous(): return perform_login(self.request, user, app_settings.EmailVerificationMethod.NONE)
def _process_signup(request, sociallogin): # If email is specified, check for duplicate and if so, no auto signup. auto_signup = app_settings.AUTO_SIGNUP email = sociallogin.account.user.email if auto_signup: # Let's check if auto_signup is really possible... if email: if account_settings.UNIQUE_EMAIL: try: user = User.objects.get(email__iexact=email) # Oops, another user already has this address. We # cannot simply connect this social account to the # existing user. Reason is that the email adress may # not be verified, meaning, the user may be a hacker # that has added your email address to his account in # the hope that you fall in his trap. To solve this, # we reset the password of the email account and connect # the user. user.set_password(md5.new('%s:%s ' % (email, time.time())).hexdigest()) user.save() context = create_password_reset_context(user) get_account_adapter().send_mail('account/email/link_facebook', email, context) sociallogin.account.user = user sociallogin.save() return perform_login(request, user, redirect_url=sociallogin.get_redirect_url(request)) except User.DoesNotExist: # No user exists with this email. Let's auto sign up the user. auto_signup = True elif account_settings.EMAIL_REQUIRED: # Nope, email is required and we don't have it yet... auto_signup = False if not auto_signup: request.session['socialaccount_sociallogin'] = sociallogin url = reverse('socialaccount_signup') ret = HttpResponseRedirect(url) else: # FIXME: This part contains a lot of duplication of logic # ("closed" rendering, create user, send email, in active # etc..) try: if not get_account_adapter().is_open_for_signup(request): return render(request, "account/signup_closed.html") except ImmediateHttpResponse, e: return e.response u = sociallogin.account.user u.username = generate_unique_username(u.username or email or 'user') u.last_name = (u.last_name or '') \ [0:User._meta.get_field('last_name').max_length] u.first_name = (u.first_name or '') \ [0:User._meta.get_field('first_name').max_length] u.email = email or '' u.set_unusable_password() sociallogin.save() send_email_confirmation(request, u) ret = complete_social_signup(request, sociallogin)
def link_to_local_user(sender, request, sociallogin, **kwargs): ''' Login and redirect This is done in order to tackle the situation where user's email retrieved from one provider is different from already existing email in the database (e.g facebook and google both use same email-id). Specifically, this is done to tackle following issues: * https://github.com/pennersr/django-allauth/issues/215 ''' email_address = sociallogin.account.extra_data['email'] User = get_user_model() users = User.objects.filter(email=email_address) if users: # allauth.account.app_settings.EmailVerificationMethod perform_login(request, users[0], email_verification='optional') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def _login_social_account(request, sociallogin): user = sociallogin.account.user if not user.is_active: ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request)) else: ret = perform_login(request, user, redirect_url=sociallogin.get_redirect_url()) return ret
def signup(request): request.session['inactive_user'] = False if request.user.is_authenticated(): return redirect('home') if request.method == 'POST': email = request.POST.get('email') first_name = request.POST.get('first_name') last_name = request.POST.get('last_name') password = request.POST.get('password1') terms_agree = request.POST.get('terms_agree') user = None if valid_email(email): user = User.objects.filter(email=email).first() if user: if not user.is_active: request.session['inactive_user'] = True if password and first_name and last_name and terms_agree: data = { 'password1': password, 'password2': password, } form = AllauthSetPasswordForm(user=user, data=data) if form.is_valid(): form.save() user.first_name = first_name user.last_name = last_name user.is_active = True user.save(update_fields=['is_active', 'first_name', 'last_name']) return perform_login(request, user, email_verification='mandatory') return allauth_signup(request)
def get(self, request, *args, **kwargs): redirect_url = request.query_params.get('redirect_url') token = request.query_params.get('token') if token is None: return Response({'detail': 'Missing token.'}, status=status.HTTP_400_BAD_REQUEST) data = {'token': token} try: token, user = self._process_request(data) except ValidationError as exc: msg = 'Unknown error. Contact an admin.' if 'token' in exc.detail: msg = str(exc.detail['token'][0]) else: # If it's not the standard token invalid error log as error to see on sentry etc logger.error(exc) return render(request, 'token_error.html', {'error_message': msg}) # Get an authenticated web session and do a redirect ret = perform_login( request, user, email_verification=settings.ACCOUNT_EMAIL_VERIFICATION, redirect_url=redirect_url) request.session.set_expiry(settings.SESSION_COOKIE_AGE) return ret
def pre_social_login(self, request, sociallogin: SocialLogin): """ The user is authenticated in some "social app". Consider the following scenarios: 1 - the user email is found in our DB among registered users' emails 1.1 - the user email is registered. We just "connect" the social account to the user "CS native" account or if these 2 accounts are already connected we proceed with logging in. 1.2 - the user email is not registered. We deny the request. 2 - the user email is not found in our DB among registered users' emails 2.1 - the user email is registered. We register an inactive user. 2.2 - the user email is not registered. We either allow or deny registration based on SOCIALACCOUNT_EMAIL_REQUIRED setting """ emails = [e for e in sociallogin.email_addresses if e.primary] if not emails: return email_adr, email_verified = emails[0].email, emails[0].verified from apps.users.app_vars import SOCIALACCOUNT_EMAIL_VERIFIED_ONLY if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified: msg = f'Email "{email_adr}" is not verified' logger.error(msg) raise PermissionDenied(msg) try: user = User.objects.get(email__iexact=email_adr) except User.DoesNotExist: return # we're here: 1 - the user email is found in our DB among registered users' emails if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified: # 1.2 - deny the request msg = f'Existing email "{email_adr}" is not verified' logger.error(msg) raise PermissionDenied(msg) try: if not sociallogin.is_existing: sociallogin.connect(request, user) else: sociallogin.state['process'] = 'login' perform_login(request, user, 'none') except Exception as e: logger.error(f'Error entering social account ({email_adr}): {e}') raise
def pre_social_login(self, request: HttpRequest, sociallogin: SocialLogin) -> None: user = sociallogin.user process = sociallogin.state.get('process') if not user.id: if sociallogin.account.provider not in self.trusted_providers: return # todo: we can additionally check if email from social is verified if provider grabs such info try: email_address = EmailAddress.objects.get(email=user.email) except EmailAddress.DoesNotExist: pass else: existing_user = email_address.user sociallogin.state['process'] = AuthProcess.CONNECT perform_login(request, existing_user, account_settings.EmailVerificationMethod.NONE) elif (process == AuthProcess.LOGIN and sociallogin.is_existing and request.user.is_authenticated and sociallogin.user != request.user): raise self.authentication_error( request, sociallogin.account.provider, error=AuthError.DENIED, exception=Exception( 'The social account is already connected to a different account.' )) if process == AuthProcess.CONNECT: return referer_url = sociallogin.state.get('next') if referer_url: request.session['socialaccount_original_next'] = ( referer_url, sociallogin.account.provider, ) assert user.is_authenticated token = get_login_token_with_auth_info( user, AuthAction.LOGIN if user.id else AuthAction.REGISTRATION, AuthProvider.SOCIAL, sociallogin.account.provider) sociallogin.state['next'] = urljoin( referer_url, '?' + self.token_param_name + '=' + token)
def login(self, request, redirect_url=None): ret = perform_login(request, self.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=redirect_url) #pylint: disable=no-member remember = app_settings.SESSION_REMEMBER #pylint: disable=no-member if remember is None: remember = self.cleaned_data['remember'] if remember: remember_user(ret, self.user) return ret
def sign_user_in(sender, **kwargs): """Automatically signs the user in after a successful password reset. Implemented via signals because of django-allauth#735. """ request = kwargs['request'] user = kwargs['user'] return perform_login(request, user, settings.ACCOUNT_EMAIL_VERIFICATION)
def _login_social_account(request, sociallogin): return perform_login( request, sociallogin.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin}, )
def form_valid(self, form): super().form_valid(form) return utils.perform_login( self.request, self.reset_user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=reverse("edit_profile"), )
def login_with_profile(request, user, verification=None): if verification is None: verification = allauth_settings.EMAIL_VERIFICATION response = perform_login(request, user, verification, redirect_url=None) token = handle_login_response(response, user, allow_disabled=True) profile = getattr(getattr(token, 'user', None), 'profile', None) return token, profile
def _login_social_account(request, sociallogin): sociallogin.token.expires_at = timezone.now() + timedelta(hours=2) sociallogin.token.save() print("updated token {} {}".format(sociallogin.token, sociallogin.token.expires_at)) return perform_login(request, sociallogin.account.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin})
def pre_social_login(self, request, sociallogin): """ Login and redirect This is done in order to tackle the situation where user's email retrieved from one provider is different from already existing email in the database (e.g facebook and google both use same email-id). Specifically, this is done to tackle following issues: * https://github.com/pennersr/django-allauth/issues/215 """ email_address = sociallogin.account.extra_data.get('email', None) if not email_address: return try: user = get_user_model().objects.get(email=email_address) perform_login(request, user, email_verification=app_settings.EMAIL_VERIFICATION) if not sociallogin.is_existing: sociallogin.connect(request, user) raise ImmediateHttpResponse(redirect(get_login_redirect_url(request))) except get_user_model().DoesNotExist: pass
def _login_social_account(request, sociallogin): user = sociallogin.account.user if not user.is_active: ret = render_to_response( 'socialaccount/account_inactive.html', {}, context_instance=RequestContext(request)) else: ret = perform_login(request, user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=sociallogin.get_redirect_url(request)) return ret
def login(self, request, redirect_url=None): ret = perform_login(request, self.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=redirect_url) remember = app_settings.SESSION_REMEMBER if remember is None: remember = self.cleaned_data['remember'] if remember: request.session.set_expiry(app_settings.SESSION_COOKIE_AGE) else: request.session.set_expiry(0) return ret
def pre_social_login(self, request, sociallogin): # TODO: make sure that the partnership is still in good standing or valid or whatever if sociallogin.user.pk: set_country(sociallogin.user, request) logger.info("setting connection to {}".format(sociallogin.user.profile.country)) return try: # if user exists, connect the account to the existing account and login new_login_user = User.objects.get(email=sociallogin.user.email) except User.DoesNotExist: url = reverse('sociallogin_notamember', kwargs={'email': urlsafe_base64_encode(sociallogin.user.email)}) raise ImmediateHttpResponse(HttpResponseRedirect(url)) sociallogin.connect(request, new_login_user) set_country(new_login_user, request) perform_login( request, new_login_user, 'none', redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin} )
def log_user_in(request, user): if not request.user.is_authenticated(): logged_in = False def check_logged_in(sender, **kwargs): nonlocal logged_in if kwargs.get('user') == user: logged_in = True user_logged_in.connect(check_logged_in) response = perform_login(request, user, email_verification=settings.ACCOUNT_EMAIL_VERIFICATION) user_logged_in.disconnect(check_logged_in) if logged_in is False: return response
def _login_social_account(request, sociallogin): log.debug('socialaccount.helpers._login_social_account') user = sociallogin.account.user if app_settings.INVITE_MODE and not user.is_active: # Check for the case where a user has previously social-signed in without an invite code, # and subsequently clicked on a valid invitation code log.debug("Checking whether this user had an invitation code") if request.session.get('invitation_key', False): log.debug("Invited - activating user") user.is_active = True user.save() if not user.is_active: ret = render_to_response( 'socialaccount/account_inactive.html', {}, context_instance=RequestContext(request)) else: ret = perform_login(request, user, redirect_url=sociallogin.get_redirect_url()) return ret
def _handleCreateBookmark(request, subject_class, subject_form_class, *subject_field_ids): form = subject_form_class(request.POST) if form.is_valid(): email = form.cleaned_data["email"] try: user = User.objects.create_user(username=email, email=email) except IntegrityError: user = User.objects.get(username=email) user = authenticate(key=user.profile.key) kwargs = {"user": user} for field in subject_field_ids: kwargs[field] = form.cleaned_data[field] # An unverified account can only create unapproved bookmarks. # When an account is verified, all its bookmarks are # approved. Whenever someone tries to add a bookmark for # someone else's email address (or they're not logged in), # that email address is marked as unverified again. In this # way we can allow people who remain logged in to add several # alerts without having to reconfirm by email. emailaddress = EmailAddress.objects.filter(user=user) if user == request.user: kwargs["approved"] = emailaddress.filter(verified=True).exists() else: kwargs["approved"] = False emailaddress.update(verified=False) subject_class.objects.get_or_create(**kwargs) if hasattr(request, "user"): # Log the user out. We don't use Django's built-in logout # mechanism because that clears the entire session, too, # and we want to know if someone's logged in previously in # this session. request.user = AnonymousUser() for k in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY]: if k in request.session: del (request.session[k]) return perform_login(request, user, app_settings.EmailVerificationMethod.MANDATORY, signup=True) return form
def _login_social_account(request, sociallogin): return perform_login(request, sociallogin.account.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin})
def link_to_local_user(sender, request, sociallogin, **kwargs): email_address = sociallogin.account.extra_data['email'] users = User.objects.filter(email=email_address) if users: perform_login(request, users[0], email_verification='optional') raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))