def go(request, user_id, secret, url): if request.user.is_authenticated(): if request.user.id != int(user_id): messages.add_message(request, messages.INFO, _('You are logged in with a different user account. Please logout first before using this link.')) else: user = get_object_or_404(auth.models.User, pk=int(user_id)) if not user.is_active: messages.add_message(request, messages.ERROR, _('Your account is not active.')) raise Http404 account_manager = AccountManager(user) if account_manager.check_autologin_secret(secret): login_user(request, user) return HttpResponseRedirect(url)
def test_confirmation_process(self): user, password = AccountManager.create_user(first_name="Stefan", last_name="Wehrmeyer", user_email="*****@*****.**", private=True) AccountManager(user).send_confirmation_mail(password=password) self.assertEqual(len(mail.outbox), 1) message = mail.outbox[0] match = re.search('/%d/(\w+)/' % user.pk, message.body) response = self.client.get(reverse('account-confirm', kwargs={'user_id': user.pk, 'secret': match.group(1)})) self.assertEqual(response.status_code, 302) self.assertNotEqual(response['Location'], reverse('account-login'))
def confirm(request, user_id, secret, request_id=None): if request.user.is_authenticated(): messages.add_message(request, messages.ERROR, _('You are logged in and cannot use a confirmation link.')) return HttpResponseRedirect(reverse('account-show')) user = get_object_or_404(auth.models.User, pk=int(user_id)) if user.is_active: raise Http404 account_manager = AccountManager(user) if account_manager.confirm_account(secret, request_id): messages.add_message(request, messages.WARNING, _('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.')) login_user(request, user) if request_id is not None: foirequest = FoiRequest.confirmed_request(user, request_id) if foirequest: messages.add_message(request, messages.SUCCESS, _('Your request "%s" has now been sent') % foirequest.title) return HttpResponseRedirect(reverse('account-show') + "?new#change-password-now") else: messages.add_message(request, messages.ERROR, _('You can only use the confirmation link once, please login with your password.')) return HttpResponseRedirect(reverse('account-login'))
def signup(request): if request.user.is_authenticated(): messages.add_message(request, messages.ERROR, _('You are currently logged in, you cannot signup.')) return HttpResponseRedirect("/") form = UserLoginForm() signup_form = NewUserForm(request.POST) if signup_form.is_valid(): user, password = AccountManager.create_user(**signup_form.cleaned_data) AccountManager(user).send_confirmation_mail(password=password) messages.add_message(request, messages.SUCCESS, _('Please check your emails for a mail from us with a confirmation link.')) return HttpResponseRedirect("/") return render(request, 'account/login.html', {"form": form, "signup_form": signup_form, "custom_base": "base.html", "simple": False}, status=400)
def test_confirmation_process(self): self.client.logout() user, password = AccountManager.create_user(first_name=u"Stefan", last_name=u"Wehrmeyer", user_email="*****@*****.**", address=u"SomeRandomAddress\n11234 Bern", private=True) AccountManager(user).send_confirmation_mail(password=password) self.assertEqual(len(mail.outbox), 1) message = mail.outbox[0] match = re.search('/%d/(\w+)/' % user.pk, message.body) response = self.client.get(reverse('account-confirm', kwargs={'user_id': user.pk, 'secret': match.group(1)})) self.assertEqual(response.status_code, 302) self.assertIn(reverse('account-show'), response['Location']) response = self.client.get(response['Location']) self.assertEqual(response.status_code, 200) response = self.client.get(reverse('account-show')) self.assertEqual(response.status_code, 200) response = self.client.get(reverse('account-confirm', kwargs={'user_id': user.pk, 'secret': 'a' * 32})) self.assertEqual(response.status_code, 302) self.client.logout() response = self.client.get(reverse('account-confirm', kwargs={'user_id': user.pk, 'secret': match.group(1)})) # user is already active, link does not exist self.assertEqual(response.status_code, 404) # deactivate user user = User.objects.get(pk=user.pk) user.is_active = False # set last_login back artificially so it's not the same # as in secret link user.last_login = user.last_login - datetime.timedelta(seconds=1) user.save() response = self.client.get(reverse('account-confirm', kwargs={'user_id': user.pk, 'secret': match.group(1)})) # user is inactive, but link was already used self.assertEqual(response.status_code, 302) self.assertIn(reverse('account-login'), response['Location'])
def submit_request(request, public_body=None): error = False foilaw = None if public_body is not None: public_body = get_object_or_404(PublicBody, slug=public_body) all_laws = FoiLaw.objects.filter(jurisdiction=public_body.jurisdiction) else: all_laws = FoiLaw.objects.all() context = {"public_body": public_body} request_form = RequestForm(all_laws, FoiLaw.get_default_law(public_body), True, request.POST) context['request_form'] = request_form context['public_body_form'] = PublicBodyForm() if public_body is None and \ request.POST.get('public_body') == "new": pb_form = PublicBodyForm(request.POST) context["public_body_form"] = pb_form if pb_form.is_valid(): data = pb_form.cleaned_data data['confirmed'] = False public_body = PublicBody(**data) else: error = True if not request_form.is_valid(): error = True else: if public_body is None and \ request_form.cleaned_data['public_body'] != '' and \ request_form.cleaned_data['public_body'] != 'new': public_body = request_form.public_body_object context['user_form'] = None user = None if not request.user.is_authenticated(): user_form = NewUserForm(request.POST) context['user_form'] = user_form if not user_form.is_valid(): error = True else: user = request.user if not error: password = None if user is None: user, password = AccountManager.create_user(**user_form.cleaned_data) sent_to_pb = 1 if public_body is not None and public_body.pk is None: public_body._created_by = user public_body.save() sent_to_pb = 2 elif public_body is None: sent_to_pb = 0 if foilaw is None: foilaw = request_form.foi_law foi_request = FoiRequest.from_request_form(user, public_body, foilaw, form_data=request_form.cleaned_data, post_data=request.POST) if user.is_active: if sent_to_pb == 0: messages.add_message(request, messages.INFO, _('Others can now suggest the Public Bodies for your request.')) elif sent_to_pb == 2: messages.add_message(request, messages.INFO, _('Your request will be sent as soon as the newly created Public Body was confirmed by an administrator.')) else: messages.add_message(request, messages.INFO, _('Your request has been sent.')) return HttpResponseRedirect(foi_request.get_absolute_url()) else: AccountManager(user).send_confirmation_mail(request_id=foi_request.pk, password=password) messages.add_message(request, messages.INFO, _('Please check your inbox for mail from us to confirm your mail address.')) # user cannot access the request yet! return HttpResponseRedirect("/") messages.add_message(request, messages.ERROR, _('There were errors in your form submission. Please review and submit again.')) return render(request, 'foirequest/request.html', context, status=400)