def register(request): """allow only an anonymous user to register""" redirect_to = sanitize_redirection(request) if request.user.is_anonymous: if request.method == 'POST': try: stub_account = User.objects.filter( profile__stub_account=True, ).get( email__iexact=request.POST.get('email'), ) except User.DoesNotExist: stub_account = False if stub_account: form = UserCreationFormExtended( request.POST, instance=stub_account ) else: form = UserCreationFormExtended(request.POST) consent_form = OptInConsentForm(request.POST) if form.is_valid() and consent_form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed # their email address user = User.objects.create_user( cd['username'], cd['email'], cd['password1'] ) up = UserProfile(user=user) else: # Upgrade the stub account to make it a regular account. user = stub_account user.set_password(cd['password1']) user.username = cd['username'] up = stub_account.profile up.stub_account = False if cd['first_name']: user.first_name = cd['first_name'] if cd['last_name']: user.last_name = cd['last_name'] user.save() # Build and assign the activation key up.activation_key = sha1_activation_key(user.username) up.key_expires = now() + timedelta(days=5) up.save() email = emails['confirm_your_new_account'] send_mail( email['subject'], email['body'] % (user.username, up.activation_key), email['from'], [user.email] ) email = emails['new_account_created'] send_mail( email['subject'] % up.user.username, email['body'] % ( up.user.get_full_name() or "Not provided", up.user.email ), email['from'], email['to'], ) tally_stat('user.created') get_str = '?next=%s&email=%s' % (urlencode(redirect_to), urlencode(user.email)) return HttpResponseRedirect(reverse('register_success') + get_str) else: form = UserCreationFormExtended() consent_form = OptInConsentForm() return render(request, "register/register.html", { 'form': form, 'consent_form': consent_form, 'private': False }) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect(reverse('view_settings'))
def register(request): """allow only an anonymous user to register""" redirect_to = request.GET.get('next', '') if 'sign-in' in redirect_to: # thus, we don't redirect people back to the sign-in form redirect_to = '' # security checks: # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL # Heavier security check -- redirects to http://example.com should # not be allowed, but things like /view/?param=http://example.com # should be allowed. This regex checks if there is a '//' *before* a # question mark. elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): redirect_to = settings.LOGIN_REDIRECT_URL if request.user.is_anonymous(): if request.method == 'POST': try: stub_account = User.objects.filter( profile__stub_account=True, ).get( email__iexact=request.POST.get('email'), ) except User.DoesNotExist: stub_account = False if stub_account: form = UserCreationFormExtended( request.POST, instance=stub_account ) else: form = UserCreationFormExtended(request.POST) consent_form = OptInConsentForm(request.POST) if form.is_valid() and consent_form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed # their email address user = User.objects.create_user( cd['username'], cd['email'], cd['password1'] ) up = UserProfile(user=user) else: # Upgrade the stub account to make it a regular account. user = stub_account user.set_password(cd['password1']) user.username = cd['username'] up = stub_account.profile up.stub_account = False if cd['first_name']: user.first_name = cd['first_name'] if cd['last_name']: user.last_name = cd['last_name'] user.save() # Build and assign the activation key salt = hashlib.sha1(str(random.random())).hexdigest()[:5] up.activation_key = hashlib.sha1( salt + user.username).hexdigest() up.key_expires = now() + timedelta(days=5) up.save() email = emails['confirm_your_new_account'] send_mail( email['subject'], email['body'] % (user.username, up.activation_key), email['from'], [user.email] ) email = emails['new_account_created'] send_mail( email['subject'] % up.user.username, email['body'] % ( up.user.get_full_name() or "Not provided", up.user.email ), email['from'], email['to'], ) tally_stat('user.created') get_str = '?next=%s&email=%s' % (urlencode(redirect_to), urlencode(user.email)) return HttpResponseRedirect(reverse('register_success') + get_str) else: form = UserCreationFormExtended() consent_form = OptInConsentForm() return render(request, "register/register.html", { 'form': form, 'consent_form': consent_form, 'private': False }) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect(reverse('view_settings'))
def register(request: HttpRequest) -> HttpResponse: """allow only an anonymous user to register""" redirect_to = get_redirect_or_login_url(request, "next") if request.user.is_anonymous: if request.method == "POST": try: stub_account = User.objects.filter( profile__stub_account=True, ).get( email__iexact=request.POST.get("email")) except User.DoesNotExist: stub_account = False if stub_account: form = UserCreationFormExtended(request.POST, instance=stub_account) else: form = UserCreationFormExtended(request.POST) consent_form = OptInConsentForm(request.POST) if form.is_valid() and consent_form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed # their email address user = User.objects.create_user(cd["username"], cd["email"], cd["password1"]) up = UserProfile(user=user) else: # Upgrade the stub account to make it a regular account. user = stub_account user.set_password(cd["password1"]) user.username = cd["username"] up = stub_account.profile up.stub_account = False if cd["first_name"]: user.first_name = cd["first_name"] if cd["last_name"]: user.last_name = cd["last_name"] user.save() # Build and assign the activation key up.activation_key = sha1_activation_key(user.username) up.key_expires = now() + timedelta(days=5) up.save() email: EmailType = emails["confirm_your_new_account"] send_mail( email["subject"], email["body"] % (user.username, up.activation_key), email["from_email"], [user.email], ) email: EmailType = emails["new_account_created"] send_mail( email["subject"] % up.user.username, email["body"] % ( up.user.get_full_name() or "Not provided", up.user.email, ), email["from_email"], email["to"], ) tally_stat("user.created") get_str = "?next=%s&email=%s" % ( urlencode(redirect_to), urlencode(user.email), ) return HttpResponseRedirect( reverse("register_success") + get_str) else: form = UserCreationFormExtended() consent_form = OptInConsentForm() return render( request, "register/register.html", { "form": form, "consent_form": consent_form, "private": False }, ) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect(reverse("view_settings"))
def register(request): """allow only an anonymous user to register""" redirect_to = request.GET.get('next', '') if 'sign-in' in redirect_to: # thus, we don't redirect people back to the sign-in form redirect_to = '' # security checks: # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL # Heavier security check -- redirects to http://example.com should # not be allowed, but things like /view/?param=http://example.com # should be allowed. This regex checks if there is a '//' *before* a # question mark. elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): redirect_to = settings.LOGIN_REDIRECT_URL if request.user.is_anonymous: if request.method == 'POST': try: stub_account = User.objects.filter( profile__stub_account=True, ).get( email__iexact=request.POST.get('email'), ) except User.DoesNotExist: stub_account = False if stub_account: form = UserCreationFormExtended( request.POST, instance=stub_account ) else: form = UserCreationFormExtended(request.POST) consent_form = OptInConsentForm(request.POST) if form.is_valid() and consent_form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed # their email address user = User.objects.create_user( cd['username'], cd['email'], cd['password1'] ) up = UserProfile(user=user) else: # Upgrade the stub account to make it a regular account. user = stub_account user.set_password(cd['password1']) user.username = cd['username'] up = stub_account.profile up.stub_account = False if cd['first_name']: user.first_name = cd['first_name'] if cd['last_name']: user.last_name = cd['last_name'] user.save() # Build and assign the activation key salt = hashlib.sha1(str(random.random())).hexdigest()[:5] up.activation_key = hashlib.sha1( salt + user.username).hexdigest() up.key_expires = now() + timedelta(days=5) up.save() email = emails['confirm_your_new_account'] send_mail( email['subject'], email['body'] % (user.username, up.activation_key), email['from'], [user.email] ) email = emails['new_account_created'] send_mail( email['subject'] % up.user.username, email['body'] % ( up.user.get_full_name() or "Not provided", up.user.email ), email['from'], email['to'], ) tally_stat('user.created') get_str = '?next=%s&email=%s' % (urlencode(redirect_to), urlencode(user.email)) return HttpResponseRedirect(reverse('register_success') + get_str) else: form = UserCreationFormExtended() consent_form = OptInConsentForm() return render(request, "register/register.html", { 'form': form, 'consent_form': consent_form, 'private': False }) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect(reverse('view_settings'))