def _handle_duplicate_email_username(self, request, data):
# pylint: disable=no-member
# TODO Verify whether this check is needed here - it may be duplicated in user_api.
email = data.get('email')
username = data.get('username')
errors = {}
# TODO: remove the is_authn_mfe check and use the new error message as default after redesign
is_authn_mfe = data.get('is_authn_mfe', False)
error_code = 'duplicate'
if email is not None and email_exists_or_retired(email):
error_code += '-email'
error_message = accounts_settings.AUTHN_EMAIL_CONFLICT_MSG if is_authn_mfe else (
accounts_settings.EMAIL_CONFLICT_MSG.format(email_address=email)
)
errors['email'] = [{'user_message': error_message}]
if username is not None and username_exists_or_retired(username):
error_code += '-username'
error_message = accounts_settings.AUTHN_USERNAME_CONFLICT_MSG if is_authn_mfe else (
accounts_settings.USERNAME_CONFLICT_MSG.format(username=username)
)
errors['username'] = [{'user_message': error_message}]
errors['username_suggestions'] = generate_username_suggestions(username)
if errors:
return self._create_response(request, errors, status_code=409, error_code=error_code)
def _validate_email_change(user, data, field_errors):
# If user has requested to change email, we must call the multi-step process to handle this.
# It is not handled by the serializer (which considers email to be read-only).
if "email" not in data:
return
if not settings.FEATURES['ALLOW_EMAIL_ADDRESS_CHANGE']:
raise AccountUpdateError(
u"Email address changes have been disabled by the site operators.")
new_email = data["email"]
try:
student_views.validate_new_email(user, new_email)
except ValueError as err:
field_errors["email"] = {
"developer_message":
u"Error thrown from validate_new_email: '{}'".format(
text_type(err)),
"user_message":
text_type(err)
}
return
# Don't process with sending email to given new email, if it is already associated with
# an account. User must see same success message with no error.
# This is so that this endpoint cannot be used to determine if an email is valid or not.
if email_exists_or_retired(new_email):
del data["email"]
def _handle_duplicate_email_username(self, request, data):
# pylint: disable=no-member
# TODO Verify whether this check is needed here - it may be duplicated in user_api.
email = data.get('email')
username = data.get('username')
errors = {}
error_code = 'duplicate'
if email is not None and email_exists_or_retired(email):
error_code += '-email'
errors["email"] = [{
"user_message":
accounts_settings.EMAIL_CONFLICT_MSG.format(
email_address=email)
}]
if username is not None and username_exists_or_retired(username):
error_code += '-username'
errors["username"] = [{
"user_message":
accounts_settings.USERNAME_CONFLICT_MSG.format(
username=username)
}]
if errors:
return self._create_response(request,
errors,
status_code=409,
error_code=error_code)
def _validate_email_doesnt_exist(email):
"""Validate that the email is not associated with an existing user.
:param email: The proposed email (unicode).
:return: None
:raises: errors.AccountEmailAlreadyExists
"""
if email is not None and email_exists_or_retired(email):
raise errors.AccountEmailAlreadyExists(_(accounts.EMAIL_CONFLICT_MSG).format(email_address=email))
def check_edxapp_account_conflicts(email, username):
"""
Exposed function to check conflicts
"""
conflicts = []
if username and username_exists_or_retired(username):
conflicts.append("username")
if email and email_exists_or_retired(email):
conflicts.append("email")
return conflicts
def _validate_email_doesnt_exist(email, api_version='v1'):
"""Validate that the email is not associated with an existing user.
:param email: The proposed email (unicode).
:param api_version: Validation API version; it is used to determine the error message
:return: None
:raises: errors.AccountEmailAlreadyExists
"""
if api_version == 'v1':
error_message = accounts.EMAIL_CONFLICT_MSG.format(email_address=email)
else:
error_message = accounts.AUTHN_EMAIL_CONFLICT_MSG
if email is not None and email_exists_or_retired(email):
raise errors.AccountEmailAlreadyExists(_(error_message)) # lint-amnesty, pylint: disable=translation-of-non-string
def _validate_secondary_email(user, data, field_errors):
if "secondary_email" not in data:
return
secondary_email = data["secondary_email"]
try:
student_views.validate_secondary_email(user, secondary_email)
except ValueError as err:
field_errors["secondary_email"] = {
"developer_message": "Error thrown from validate_secondary_email: '{}'".format(str(err)),
"user_message": str(err)
}
else:
# Don't process with sending email to given new email, if it is already associated with
# an account. User must see same success message with no error.
# This is so that this endpoint cannot be used to determine if an email is valid or not.
if email_exists_or_retired(secondary_email):
del data["secondary_email"]
def clean_email(self):
""" Enforce email restrictions (if applicable) """
email = self.cleaned_data["email"]
if settings.REGISTRATION_EMAIL_PATTERNS_ALLOWED is not None:
# This Open edX instance has restrictions on what email addresses are allowed.
allowed_patterns = settings.REGISTRATION_EMAIL_PATTERNS_ALLOWED
# We append a '$' to the regexs to prevent the common mistake of using a
# pattern like '.*@edx\\.org' which would match '*****@*****.**'
if not any(re.match(pattern + "$", email) for pattern in allowed_patterns):
# This email is not on the whitelist of allowed emails. Check if
# they may have been manually invited by an instructor and if not,
# reject the registration.
if not CourseEnrollmentAllowed.objects.filter(email=email).exists():
raise ValidationError(_(u"Unauthorized email address."))
if email_exists_or_retired(email):
raise ValidationError(
_(
u"It looks like {email} belongs to an existing account. Try again with a different email address."
).format(email=email)
)
return email
def do_create_account(form, custom_form=None):
"""
Given cleaned post variables, create the User and UserProfile objects, as well as the
registration for this user.
Returns a tuple (User, UserProfile, Registration).
Note: this function is also used for creating test users.
"""
# Check if ALLOW_PUBLIC_ACCOUNT_CREATION flag turned off to restrict user account creation
if not configuration_helpers.get_value(
'ALLOW_PUBLIC_ACCOUNT_CREATION',
settings.FEATURES.get('ALLOW_PUBLIC_ACCOUNT_CREATION', True)):
raise PermissionDenied()
errors = {}
errors.update(form.errors)
if custom_form:
errors.update(custom_form.errors)
if errors:
raise ValidationError(errors)
proposed_username = form.cleaned_data["username"]
user = User(username=proposed_username,
email=form.cleaned_data["email"],
is_active=False)
password = normalize_password(form.cleaned_data["password"])
user.set_password(password)
registration = Registration()
# TODO: Rearrange so that if part of the process fails, the whole process fails.
# Right now, we can have e.g. no registration e-mail sent out and a zombie account
try:
with transaction.atomic():
user.save()
if custom_form:
custom_model = custom_form.save(commit=False)
custom_model.user = user
custom_model.save()
except IntegrityError:
# Figure out the cause of the integrity error
# TODO duplicate email is already handled by form.errors above as a ValidationError.
# The checks for duplicate email/username should occur in the same place with an
# AccountValidationError and a consistent user message returned (i.e. both should
# return "It looks like {username} belongs to an existing account. Try again with a
# different username.")
if username_exists_or_retired(user.username):
raise AccountValidationError(
USERNAME_EXISTS_MSG_FMT.format(username=proposed_username),
field="username")
elif email_exists_or_retired(user.email):
raise AccountValidationError(_(
"An account with the Email '{email}' already exists.").format(
email=user.email),
field="email")
else:
raise
registration.register(user)
profile_fields = [
"name", "level_of_education", "gender", "mailing_address", "city",
"country", "goals", "year_of_birth"
]
profile = UserProfile(
user=user,
**{key: form.cleaned_data.get(key)
for key in profile_fields})
extended_profile = form.cleaned_extended_profile
if extended_profile:
profile.meta = json.dumps(extended_profile)
try:
profile.save()
except Exception:
log.exception(
"UserProfile creation failed for user {id}.".format(id=user.id))
raise
return user, profile, registration
