Esempio n. 1
0
def go(request, user_id, secret, url):
    if request.user.is_authenticated():
        if request.user.id != int(user_id):
            messages.add_message(request, messages.INFO,
                _('You are logged in with a different user account. Please logout first before using this link.'))
    else:
        user = get_object_or_404(auth.models.User, pk=int(user_id))
        if not user.is_active:
            messages.add_message(request, messages.ERROR,
                _('Your account is not active.'))
            raise Http404
        account_manager = AccountManager(user)
        if account_manager.check_autologin_secret(secret):
            login_user(request, user)
    return HttpResponseRedirect(url)
Esempio n. 2
0
 def test_confirmation_process(self):
     user, password = AccountManager.create_user(first_name="Stefan",
             last_name="Wehrmeyer", user_email="*****@*****.**", private=True)
     AccountManager(user).send_confirmation_mail(password=password)
     self.assertEqual(len(mail.outbox), 1)
     message = mail.outbox[0]
     match = re.search('/%d/(\w+)/' % user.pk, message.body)
     response = self.client.get(reverse('account-confirm',
             kwargs={'user_id': user.pk,
             'secret': match.group(1)}))
     self.assertEqual(response.status_code, 302)
     self.assertNotEqual(response['Location'], reverse('account-login'))
Esempio n. 3
0
def confirm(request, user_id, secret, request_id=None):
    if request.user.is_authenticated():
        messages.add_message(request, messages.ERROR,
                _('You are logged in and cannot use a confirmation link.'))
        return HttpResponseRedirect(reverse('account-show'))
    user = get_object_or_404(auth.models.User, pk=int(user_id))
    if user.is_active:
        raise Http404
    account_manager = AccountManager(user)
    if account_manager.confirm_account(secret, request_id):
        messages.add_message(request, messages.WARNING,
                _('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.'))
        login_user(request, user)
        if request_id is not None:
            foirequest = FoiRequest.confirmed_request(user, request_id)
            if foirequest:
                messages.add_message(request, messages.SUCCESS,
                    _('Your request "%s" has now been sent') % foirequest.title)
        return HttpResponseRedirect(reverse('account-show') + "?new#change-password-now")
    else:
        messages.add_message(request, messages.ERROR,
                _('You can only use the confirmation link once, please login with your password.'))
    return HttpResponseRedirect(reverse('account-login'))
Esempio n. 4
0
def signup(request):
    if request.user.is_authenticated():
        messages.add_message(request, messages.ERROR,
                _('You are currently logged in, you cannot signup.'))
        return HttpResponseRedirect("/")
    form = UserLoginForm()
    signup_form = NewUserForm(request.POST)
    if signup_form.is_valid():
        user, password = AccountManager.create_user(**signup_form.cleaned_data)
        AccountManager(user).send_confirmation_mail(password=password)
        messages.add_message(request, messages.SUCCESS,
                _('Please check your emails for a mail from us with a confirmation link.'))
        return HttpResponseRedirect("/")
    return render(request, 'account/login.html',
            {"form": form,
            "signup_form": signup_form,
            "custom_base": "base.html",
            "simple": False}, status=400)
Esempio n. 5
0
 def test_confirmation_process(self):
     self.client.logout()
     user, password = AccountManager.create_user(first_name=u"Stefan",
             last_name=u"Wehrmeyer", user_email="*****@*****.**",
             address=u"SomeRandomAddress\n11234 Bern", private=True)
     AccountManager(user).send_confirmation_mail(password=password)
     self.assertEqual(len(mail.outbox), 1)
     message = mail.outbox[0]
     match = re.search('/%d/(\w+)/' % user.pk, message.body)
     response = self.client.get(reverse('account-confirm',
             kwargs={'user_id': user.pk,
             'secret': match.group(1)}))
     self.assertEqual(response.status_code, 302)
     self.assertIn(reverse('account-show'), response['Location'])
     response = self.client.get(response['Location'])
     self.assertEqual(response.status_code, 200)
     response = self.client.get(reverse('account-show'))
     self.assertEqual(response.status_code, 200)
     response = self.client.get(reverse('account-confirm',
             kwargs={'user_id': user.pk,
             'secret': 'a' * 32}))
     self.assertEqual(response.status_code, 302)
     self.client.logout()
     response = self.client.get(reverse('account-confirm',
             kwargs={'user_id': user.pk,
             'secret': match.group(1)}))
     # user is already active, link does not exist
     self.assertEqual(response.status_code, 404)
     # deactivate user
     user = User.objects.get(pk=user.pk)
     user.is_active = False
     # set last_login back artificially so it's not the same
     # as in secret link
     user.last_login = user.last_login - datetime.timedelta(seconds=1)
     user.save()
     response = self.client.get(reverse('account-confirm',
             kwargs={'user_id': user.pk,
             'secret': match.group(1)}))
     # user is inactive, but link was already used
     self.assertEqual(response.status_code, 302)
     self.assertIn(reverse('account-login'), response['Location'])
Esempio n. 6
0
def submit_request(request, public_body=None):
    error = False
    foilaw = None
    if public_body is not None:
        public_body = get_object_or_404(PublicBody,
                slug=public_body)
        all_laws = FoiLaw.objects.filter(jurisdiction=public_body.jurisdiction)
    else:
        all_laws = FoiLaw.objects.all()
    context = {"public_body": public_body}

    request_form = RequestForm(all_laws, FoiLaw.get_default_law(public_body),
            True, request.POST)
    context['request_form'] = request_form
    context['public_body_form'] = PublicBodyForm()
    if public_body is None and \
                request.POST.get('public_body') == "new":
            pb_form = PublicBodyForm(request.POST)
            context["public_body_form"] = pb_form
            if pb_form.is_valid():
                data = pb_form.cleaned_data
                data['confirmed'] = False
                public_body = PublicBody(**data)
            else:
                error = True

    if not request_form.is_valid():
        error = True
    else:
        if public_body is None and \
                request_form.cleaned_data['public_body'] != '' and \
                request_form.cleaned_data['public_body'] != 'new':
            public_body = request_form.public_body_object

    context['user_form'] = None
    user = None
    if not request.user.is_authenticated():
        user_form = NewUserForm(request.POST)
        context['user_form'] = user_form
        if not user_form.is_valid():
            error = True
    else:
        user = request.user

    if not error:
        password = None
        if user is None:
            user, password = AccountManager.create_user(**user_form.cleaned_data)
        sent_to_pb = 1
        if public_body is not None and public_body.pk is None:
            public_body._created_by = user
            public_body.save()
            sent_to_pb = 2
        elif public_body is None:
            sent_to_pb = 0

        if foilaw is None:
            foilaw = request_form.foi_law

        foi_request = FoiRequest.from_request_form(user, public_body,
                foilaw, form_data=request_form.cleaned_data, post_data=request.POST)
        if user.is_active:
            if sent_to_pb == 0:
                messages.add_message(request, messages.INFO,
                    _('Others can now suggest the Public Bodies for your request.'))
            elif sent_to_pb == 2:
                messages.add_message(request, messages.INFO,
                    _('Your request will be sent as soon as the newly created Public Body was confirmed by an administrator.'))

            else:
                messages.add_message(request, messages.INFO,
                    _('Your request has been sent.'))
            return HttpResponseRedirect(foi_request.get_absolute_url())
        else:
            AccountManager(user).send_confirmation_mail(request_id=foi_request.pk,
                    password=password)
            messages.add_message(request, messages.INFO,
                    _('Please check your inbox for mail from us to confirm your mail address.'))
            # user cannot access the request yet!
            return HttpResponseRedirect("/")
    messages.add_message(request, messages.ERROR,
        _('There were errors in your form submission. Please review and submit again.'))
    return render(request, 'foirequest/request.html', context, status=400)