def register(request, template_name="registration/register.html"):
    redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
    initial = {"email": request.GET["email"]} if "email" in request.GET else None
    user_form = RegistrationForm(initial=initial, data=(request.POST or None))
    profile_form = RegistrationProfileForm(request.POST or None)

    if user_form.is_valid() and profile_form.is_valid():
        new_user = user_form.save()
        if hasattr(profile_form, 'location'):
            profile = new_user.get_profile()
            profile.location = profile_form.location
            profile.save()
        user = auth.authenticate(username=new_user.email, password=user_form.cleaned_data["password1"])
        logged_in.send(sender=None, request=request, user=user, is_new_user=True)
        auth.login(request, user)
        save_queued_POST(request)
        # Light security check -- make sure redirect_to isn't garbage.
        if not redirect_to or ' ' in redirect_to:
            redirect_to = settings.LOGIN_REDIRECT_URL

        # Heavier security check -- redirects to http://example.com should 
        # not be allowed, but things like /view/?param=http://example.com 
        # should be allowed. This regex checks if there is a '//' *before* a
        # question mark.
        elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
            redirect_to = settings.LOGIN_REDIRECT_URL

        return HttpResponseRedirect(redirect_to)
    return render_to_response(template_name, {
        'form': user_form,
        'profile_form': profile_form,
        REDIRECT_FIELD_NAME: redirect_to,
    }, context_instance=RequestContext(request))
Exemple #2
0
def login(request,
          template_name='registration/login.html',
          redirect_field_name=REDIRECT_FIELD_NAME,
          authentication_form=AuthenticationForm):
    """Displays the login form and handles the login action."""

    redirect_to = request.REQUEST.get(redirect_field_name, '')

    if request.method == "POST":
        form = authentication_form(data=request.POST)
        if form.is_valid():
            # Light security check -- make sure redirect_to isn't garbage.
            if not redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL

            # Heavier security check -- redirects to http://example.com should
            # not be allowed, but things like /view/?param=http://example.com
            # should be allowed. This regex checks if there is a '//' *before* a
            # question mark.
            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
                redirect_to = settings.LOGIN_REDIRECT_URL

            # Okay, security checks complete. Log the user in.
            user = form.get_user()
            logged_in.send(sender=None,
                           request=request,
                           user=user,
                           is_new_user=False)
            auth.login(request, user)
            save_queued_POST(request)
            messages.add_message(request, GA_TRACK_PAGEVIEW, '/login/success')

            if request.session.test_cookie_worked():
                request.session.delete_test_cookie()

            return HttpResponseRedirect(redirect_to)

    else:
        form = authentication_form(request)

    request.session.set_test_cookie()

    if Site._meta.installed:
        current_site = Site.objects.get_current()
    else:
        current_site = RequestSite(request)

    return render_to_response(template_name, {
        'login_form': form,
        'register_form': RegistrationForm(),
        redirect_field_name: redirect_to,
        'site': current_site,
        'site_name': current_site.name,
    },
                              context_instance=RequestContext(request))
Exemple #3
0
def login(request, template_name='registration/login.html',
          redirect_field_name=REDIRECT_FIELD_NAME,
          authentication_form=AuthenticationForm):
    """Displays the login form and handles the login action."""
    nav_selected = "users"

    redirect_to = request.REQUEST.get(redirect_field_name, '')

    if request.method == "POST":
        form = authentication_form(data=request.POST)
        if form.is_valid():
            # Light security check -- make sure redirect_to isn't garbage.
            if not redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL

            # Heavier security check -- redirects to http://example.com should 
            # not be allowed, but things like /view/?param=http://example.com 
            # should be allowed. This regex checks if there is a '//' *before* a
            # question mark.
            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
                redirect_to = settings.LOGIN_REDIRECT_URL

            # Okay, security checks complete. Log the user in.
            user = form.get_user()
            logged_in.send(sender=None, request=request, user=user, is_new_user=False)
            auth.login(request, user)
            save_queued_POST(request)
            messages.add_message(request, GA_TRACK_PAGEVIEW, '/login/success')

            if request.session.test_cookie_worked():
                request.session.delete_test_cookie()

            return HttpResponseRedirect(redirect_to)

    else:
        form = authentication_form(request)

    request.session.set_test_cookie()

    if Site._meta.installed:
        current_site = Site.objects.get_current()
    else:
        current_site = RequestSite(request)

    return render_to_response(template_name, {
        'login_form': form,
        'register_form': RegistrationForm(),
        redirect_field_name: redirect_to,
        'site': current_site,
        'site_name': current_site.name,
        'nav_selected': nav_selected,
    }, context_instance=RequestContext(request))
Exemple #4
0
def register(request, template_name="registration/register.html"):
    redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
    initial = {
        "email": request.GET["email"]
    } if "email" in request.GET else None
    user_form = RegistrationForm(initial=initial, data=(request.POST or None))
    profile_form = RegistrationProfileForm(request.POST or None)

    if user_form.is_valid() and profile_form.is_valid():
        new_user = user_form.save()
        if hasattr(profile_form, 'location'):
            profile = new_user.get_profile()
            profile.location = profile_form.location
            profile.save()
        user = auth.authenticate(username=new_user.email,
                                 password=user_form.cleaned_data["password1"])
        logged_in.send(sender=None,
                       request=request,
                       user=user,
                       is_new_user=True)
        auth.login(request, user)
        save_queued_POST(request)
        # Light security check -- make sure redirect_to isn't garbage.
        if not redirect_to or ' ' in redirect_to:
            redirect_to = settings.LOGIN_REDIRECT_URL

        # Heavier security check -- redirects to http://example.com should
        # not be allowed, but things like /view/?param=http://example.com
        # should be allowed. This regex checks if there is a '//' *before* a
        # question mark.
        elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
            redirect_to = settings.LOGIN_REDIRECT_URL

        return HttpResponseRedirect(redirect_to)
    return render_to_response(template_name, {
        'form': user_form,
        'profile_form': profile_form,
        REDIRECT_FIELD_NAME: redirect_to,
    },
                              context_instance=RequestContext(request))