def test_ip_banned_user(self):
"""middleware handles user that has been banned in meantime"""
ban_ip('127.0.0.1')
response = self.client.get(self.test_link)
self.assertEqual(response.status_code, 200)
response = self.client.get(self.api_link)
self.assertEqual(response.status_code, 200)
self.assertIsNone(response.json()['id'])
def test_ip_banned_user(self):
"""middleware handles user that has been banned in meantime"""
ban_ip('127.0.0.1')
response = self.client.get(self.test_link)
self.assertEqual(response.status_code, 200)
response = self.client.get(self.api_link)
self.assertEqual(response.status_code, 200)
self.assertIsNone(response.json()['id'])
def test_ip_banned_staff(self):
"""middleware handles staff user that has been banned in meantime"""
self.user.is_staff = True
self.user.save()
ban_ip('127.0.0.1')
response = self.client.get(self.test_link)
self.assertEqual(response.status_code, 200)
response = self.client.get(self.api_link)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()['id'], self.user.pk)
def test_ip_banned_staff(self):
"""middleware handles staff user that has been banned in meantime"""
self.user.is_staff = True
self.user.save()
ban_ip('127.0.0.1')
response = self.client.get(self.test_link)
self.assertEqual(response.status_code, 200)
response = self.client.get(self.api_link)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()['id'], self.user.pk)
def test_ban_ip(self):
"""ban_ip utility bans IP address"""
ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason')
self.assertEqual(ban.user_message, 'User reason')
self.assertEqual(ban.staff_message, 'Staff reason')
db_ban = get_ip_ban('127.0.0.1')
self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self):
"""ban_ip bans IP address"""
ban = ban_ip("127.0.0.1", "User reason", "Staff reason")
self.assertEqual(ban.user_message, "User reason")
self.assertEqual(ban.staff_message, "Staff reason")
db_ban = get_ip_ban("127.0.0.1")
self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self):
"""ban_ip bans IP address"""
ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason')
self.assertEqual(ban.user_message, 'User reason')
self.assertEqual(ban.staff_message, 'Staff reason')
db_ban = get_ip_ban('127.0.0.1')
self.assertEqual(ban.pk, db_ban.pk)
def create_endpoint(request):
if settings.account_activation == 'closed':
raise PermissionDenied(
_("New users registrations are currently closed."))
form = RegisterForm(request.data)
try:
captcha.test_request(request)
except forms.ValidationError as e:
form.add_error('captcha', e)
if not form.is_valid():
return Response(form.errors, status=status.HTTP_400_BAD_REQUEST)
try:
validate_new_registration(request.user_ip,
form.cleaned_data['username'],
form.cleaned_data['email'])
except PermissionDenied:
staff_message = _("This ban was automatically imposed on "
"%(date)s due to denied registration attempt.")
message_formats = {'date': date_format(timezone.now())}
staff_message = staff_message % message_formats
ban_ip(request.user_ip,
staff_message=staff_message,
length={'days': 14})
raise PermissionDenied(
_("Your IP address is banned from registering on this site."))
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {'requires_activation': ACTIVATION_REQUIRED_USER}
elif settings.account_activation == 'admin':
activation_kwargs = {'requires_activation': ACTIVATION_REQUIRED_ADMIN}
User = get_user_model()
new_user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs)
mail_subject = _("Welcome on %(forum_title)s forums!")
mail_subject = mail_subject % {'forum_title': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email, password=form.cleaned_data['password'])
login(request, authenticated_user)
mail_user(request, new_user, mail_subject,
'misago/emails/register/complete')
return Response({
'activation': 'active',
'username': new_user.username,
'email': new_user.email
})
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject, 'misago/emails/register/inactive',
{
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
})
if activation_by_admin:
activation_method = 'admin'
else:
activation_method = 'user'
return Response({
'activation': activation_method,
'username': new_user.username,
'email': new_user.email
})
def _create_user(request):
if settings.account_activation == 'closed':
raise PermissionDenied(
_("New users registrations are currently closed."))
form = RegisterForm(request.data)
try:
captcha.test_request(request)
except forms.ValidationError as e:
form.add_error('captcha', e)
if not form.is_valid():
return Response(form.errors,
status=status.HTTP_400_BAD_REQUEST)
captcha.reset_session(request.session)
try:
validate_new_registration(
request.user_ip,
form.cleaned_data['username'],
form.cleaned_data['email'])
except PermissionDenied:
staff_message = _("This ban was automatically imposed on "
"%(date)s due to denied register attempt.")
message_formats = {'date': date_format(timezone.now())}
staff_message = staff_message % message_formats
validation_ban = ban_ip(
request.user_ip,
staff_message=staff_message,
length={'days': 1}
)
raise PermissionDenied(
_("Your IP address is banned from performing this action."),
{'ban': validation_ban.get_serialized_message()})
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_USER
}
elif settings.account_activation == 'admin':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_ADMIN
}
User = get_user_model()
new_user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs)
mail_subject = _("Welcome on %(forum_title)s forums!")
mail_subject = mail_subject % {'forum_title': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=form.cleaned_data['password'])
login(request, authenticated_user)
mail_user(request, new_user, mail_subject,
'misago/emails/register/complete')
return Response({
'activation': 'active',
'username': new_user.username,
'email': new_user.email
})
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject,
'misago/emails/register/inactive',
{
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
})
if activation_by_admin:
activation_method = 'activation_by_admin'
else:
activation_method = 'activation_by_user'
return Response({
'activation': activation_method,
'username': new_user.username,
'email': new_user.email
})
def register(request):
SecuredForm = add_captcha_to_form(RegisterForm, request)
form = SecuredForm()
if request.method == 'POST':
form = SecuredForm(request.POST)
if form.is_valid():
try:
validate_new_registration(
request.user.ip,
form.cleaned_data['username'],
form.cleaned_data['email'])
except PermissionDenied as e:
staff_message = _("This ban was automatically imposed on "
"%(date)s due to denied register attempt.")
message_formats = {'date': date_format(timezone.now())}
staff_message = staff_message % message_formats
ban_ip(request.user.ip, staff_message=staff_message, length=1)
raise e
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_USER
}
elif settings.account_activation == 'admin':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_ADMIN
}
User = get_user_model()
new_user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
set_default_avatar=True,
**activation_kwargs)
mail_subject = _("Welcome on %(forum_title)s forums!")
mail_subject = mail_subject % {'forum_title': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=form.cleaned_data['password'])
login(request, authenticated_user)
welcome_message = _("Welcome aboard, %(user)s!")
welcome_message = welcome_message % {'user': new_user.username}
messages.success(request, welcome_message)
mail_user(request, new_user, mail_subject,
'misago/emails/register/complete')
return redirect(settings.LOGIN_REDIRECT_URL)
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject,
'misago/emails/register/inactive',
{
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
})
request.session['registered_user'] = new_user.pk
return redirect('misago:register_completed')
return render(request, 'misago/register/form.html', {'form': form})
def register(request):
SecuredForm = add_captcha_to_form(RegisterForm, request)
form = SecuredForm()
if request.method == 'POST':
form = SecuredForm(request.POST)
if form.is_valid():
try:
validate_new_registration(request.user.ip,
form.cleaned_data['username'],
form.cleaned_data['email'])
except PermissionDenied as e:
staff_message = _("This ban was automatically imposed on "
"%(date)s due to denied register attempt.")
message_formats = {'date': date_format(timezone.now())}
staff_message = staff_message % message_formats
ban_ip(request.user.ip,
staff_message=staff_message,
length={'days': 1})
raise e
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_USER
}
elif settings.account_activation == 'admin':
activation_kwargs = {
'requires_activation': ACTIVATION_REQUIRED_ADMIN
}
User = get_user_model()
new_user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'],
set_default_avatar=True,
**activation_kwargs)
mail_subject = _("Welcome on %(forum_title)s forums!")
mail_subject = mail_subject % {'forum_title': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=form.cleaned_data['password'])
login(request, authenticated_user)
welcome_message = _("Welcome aboard, %(user)s!")
welcome_message = welcome_message % {'user': new_user.username}
messages.success(request, welcome_message)
mail_user(request, new_user, mail_subject,
'misago/emails/register/complete')
return redirect(settings.LOGIN_REDIRECT_URL)
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject,
'misago/emails/register/inactive', {
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
})
request.session['registered_user'] = new_user.pk
return redirect('misago:register_completed')
return render(request, 'misago/register/form.html', {'form': form})