def donate(request): message = None if request.method == 'POST': donation_form = DonationForm(request.POST) stub_account = False if request.user.is_anonymous(): # Either this is a new account, a stubbed one, or a user that's simply not logged into their account try: stub_account = User.objects.filter(profile__stub_account=True). \ get(email__iexact=request.POST.get('email')) except User.DoesNotExist: pass if not stub_account: user_form = UserForm(request.POST) profile_form = ProfileForm(request.POST) else: # We use the stub account and anonymous users even are allowed to update it. This is OK, because we # don't care too much about the accuracy of this data. Later if/when this becomes a real account, # anonymous users won't be able to update this information -- that's what matters. user_form = UserForm(request.POST, instance=stub_account) profile_form = ProfileForm(request.POST, instance=stub_account.profile) else: user_form = UserForm(request.POST, instance=request.user) profile_form = ProfileForm(request.POST, instance=request.user.profile) if all([ donation_form.is_valid(), user_form.is_valid(), profile_form.is_valid() ]): # Process the data in form.cleaned_data cd_donation_form = donation_form.cleaned_data cd_user_form = user_form.cleaned_data cd_profile_form = profile_form.cleaned_data stripe_token = request.POST.get('stripeToken') # Route the payment to a payment provider response = route_and_process_donation(cd_donation_form, cd_profile_form, cd_user_form, stripe_token) logger.info("Payment routed with response: %s" % response) if response['status'] == 0: d = donation_form.save(commit=False) d.status = response['status'] d.payment_id = response['payment_id'] d.transaction_id = response.get( 'transaction_id') # Will onlyl work for Paypal. d.save() if request.user.is_anonymous() and not stub_account: # Create a stub account with an unusable password new_user = User.objects.create_user( cd_user_form['email'] [:30], # Username can only be 30 chars long cd_user_form['email'], ) new_user.first_name = cd_user_form['first_name'] new_user.last_name = cd_user_form['last_name'] new_user.save() profile = UserProfile( user=new_user, stub_account=True, address1=cd_profile_form['address1'], address2=cd_profile_form.get('address2'), city=cd_profile_form['city'], state=cd_profile_form['state'], zip_code=cd_profile_form['zip_code'], wants_newsletter=cd_profile_form['wants_newsletter']) profile.save() else: # Logged in user or an existing stub account. user = user_form.save() profile = profile_form.save() # Associate the donation with the profile profile.donation.add(d) profile.save() return HttpResponseRedirect(response['redirect']) else: logger.critical( "Got back status of %s when making initial request of API. Message was:\n%s" % (response['status'], response['message'])) message = response['message'] else: try: donation_form = DonationForm( initial={'referrer': request.GET.get('referrer')}) user_form = UserForm( initial={ 'first_name': request.user.first_name, 'last_name': request.user.last_name, 'email': request.user.email, }) up = request.user.profile profile_form = ProfileForm( initial={ 'address1': up.address1, 'address2': up.address2, 'city': up.city, 'state': up.state, 'zip_code': up.zip_code, 'wants_newsletter': up.wants_newsletter }) except AttributeError: # for anonymous users, who lack profile info user_form = UserForm() profile_form = ProfileForm() return render_to_response( 'donate/donate.html', { 'donation_form': donation_form, 'user_form': user_form, 'profile_form': profile_form, 'private': False, 'message': message, 'stripe_public_key': settings.STRIPE_PUBLIC_KEY }, RequestContext(request))
def register(request): """allow only an anonymous user to register""" redirect_to = request.REQUEST.get('next', '') if 'sign-in' in redirect_to: # thus, we don't redirect people back to the sign-in form redirect_to = '' # security checks: # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL # Heavier security check -- redirects to http://example.com should # not be allowed, but things like /view/?param=http://example.com # should be allowed. This regex checks if there is a '//' *before* a # question mark. elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): redirect_to = settings.LOGIN_REDIRECT_URL if request.user.is_anonymous(): if request.method == 'POST': try: stub_account = User.objects.filter(profile__stub_account=True).\ get(email__iexact=request.POST.get('email')) except User.DoesNotExist: stub_account = False if not stub_account: form = UserCreationFormExtended(request.POST) else: form = UserCreationFormExtended(request.POST, instance=stub_account) if form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed their email address user = User.objects.create_user(cd['username'], cd['email'], cd['password1']) up = UserProfile(user=user) else: user = stub_account user.set_password(cd['password1']) up = stub_account.profile up.stub_account = False if cd['first_name']: user.first_name = cd['first_name'] if cd['last_name']: user.last_name = cd['last_name'] user.save() # Build and assign the activation key salt = hashlib.sha1(str(random.random())).hexdigest()[:5] up.activation_key = hashlib.sha1(salt + user.username).hexdigest() up.key_expires = now() + timedelta(days=5) up.save() # Send an email with the confirmation link to the new user email_subject = 'Confirm your account on CourtListener.com' email_body = ( "Hello, %s, and thanks for signing up for an account!\n\n" "To send you emails, we need you to activate your account with CourtListener. To " "activate your account, click this link within five days:\n\n" "https://www.courtlistener.com/email/confirm/%s\n\n" "Thanks for using our site,\n\n" "The CourtListener Team\n\n" "-------------------\n" "For questions or comments, please see our contact page, " "https://www.courtlistener.com/contact/." % (user.username, up.activation_key)) send_mail(email_subject, email_body, 'CourtListener <*****@*****.**>', [user.email]) # Send an email letting the admins know there's somebody to say hi to email_subject = 'New user confirmed on CourtListener: %s' % up.user.username email_body = ( "A new user has signed up on CourtListener and they'll be automatically welcomed soon!\n\n" " Their name is: %s\n" " Their email address is: %s\n\n" "Sincerely,\n\n" "The CourtListener Bots" % (up.user.get_full_name() or "Not provided", up.user.email)) send_mail(email_subject, email_body, 'CourtListener <*****@*****.**>', [a[1] for a in settings.ADMINS]) tally_stat('user.created') return HttpResponseRedirect('/register/success/?next=%s' % redirect_to) else: form = UserCreationFormExtended() return render_to_response("profile/register.html", { 'form': form, 'private': False }, RequestContext(request)) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect('/profile/settings/')
def register(request): """allow only an anonymous user to register""" redirect_to = request.REQUEST.get('next', '') if 'sign-in' in redirect_to: # thus, we don't redirect people back to the sign-in form redirect_to = '' # security checks: # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL # Heavier security check -- redirects to http://example.com should # not be allowed, but things like /view/?param=http://example.com # should be allowed. This regex checks if there is a '//' *before* a # question mark. elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): redirect_to = settings.LOGIN_REDIRECT_URL if request.user.is_anonymous(): if request.method == 'POST': try: stub_account = User.objects.filter(profile__stub_account=True).\ get(email__iexact=request.POST.get('email')) except User.DoesNotExist: stub_account = False if not stub_account: form = UserCreationFormExtended(request.POST) else: form = UserCreationFormExtended(request.POST, instance=stub_account) if form.is_valid(): cd = form.cleaned_data if not stub_account: # make a new user that is active, but has not confirmed their email address user = User.objects.create_user(cd['username'], cd['email'], cd['password1']) up = UserProfile(user=user) else: user = stub_account user.set_password(cd['password1']) up = stub_account.profile up.stub_account = False if cd['first_name']: user.first_name = cd['first_name'] if cd['last_name']: user.last_name = cd['last_name'] user.save() # Build and assign the activation key salt = hashlib.sha1(str(random.random())).hexdigest()[:5] up.activation_key = hashlib.sha1(salt + user.username).hexdigest() up.key_expires = now() + timedelta(days=5) up.save() # Send an email with the confirmation link to the new user email_subject = 'Confirm your account on CourtListener.com' email_body = ("Hello, %s, and thanks for signing up for an account!\n\n" "To send you emails, we need you to activate your account with CourtListener. To " "activate your account, click this link within five days:\n\n" "https://www.courtlistener.com/email/confirm/%s\n\n" "Thanks for using our site,\n\n" "The CourtListener Team\n\n" "-------------------\n" "For questions or comments, please see our contact page, " "https://www.courtlistener.com/contact/." % (user.username, up.activation_key)) send_mail( email_subject, email_body, 'CourtListener <*****@*****.**>', [user.email] ) # Send an email letting the admins know there's somebody to say hi to email_subject = 'New user confirmed on CourtListener: %s' % up.user.username email_body = ("A new user has signed up on CourtListener and they'll be automatically welcomed soon!\n\n" " Their name is: %s\n" " Their email address is: %s\n\n" "Sincerely,\n\n" "The CourtListener Bots" % (up.user.get_full_name() or "Not provided", up.user.email)) send_mail(email_subject, email_body, 'CourtListener <*****@*****.**>', [a[1] for a in settings.ADMINS]) tally_stat('user.created') return HttpResponseRedirect('/register/success/?next=%s' % redirect_to) else: form = UserCreationFormExtended() return render_to_response("profile/register.html", {'form': form, 'private': False}, RequestContext(request)) else: # The user is already logged in. Direct them to their settings page as # a logical fallback return HttpResponseRedirect('/profile/settings/')
def donate(request): message = None if request.method == 'POST': donation_form = DonationForm(request.POST) stub_account = False if request.user.is_anonymous(): # Either this is a new account, a stubbed one, or a user that's simply not logged into their account try: stub_account = User.objects.filter(profile__stub_account=True). \ get(email__iexact=request.POST.get('email')) except User.DoesNotExist: pass if not stub_account: user_form = UserForm(request.POST) profile_form = ProfileForm(request.POST) else: # We use the stub account and anonymous users even are allowed to update it. This is OK, because we # don't care too much about the accuracy of this data. Later if/when this becomes a real account, # anonymous users won't be able to update this information -- that's what matters. user_form = UserForm(request.POST, instance=stub_account) profile_form = ProfileForm(request.POST, instance=stub_account.profile) else: user_form = UserForm(request.POST, instance=request.user) profile_form = ProfileForm(request.POST, instance=request.user.profile) if all([donation_form.is_valid(), user_form.is_valid(), profile_form.is_valid()]): # Process the data in form.cleaned_data cd_donation_form = donation_form.cleaned_data cd_user_form = user_form.cleaned_data cd_profile_form = profile_form.cleaned_data stripe_token = request.POST.get('stripeToken') # Route the payment to a payment provider response = route_and_process_donation(cd_donation_form, cd_profile_form, cd_user_form, stripe_token) logger.info("Payment routed with response: %s" % response) if response['status'] == 0: d = donation_form.save(commit=False) d.status = response['status'] d.payment_id = response['payment_id'] d.transaction_id = response.get('transaction_id') # Will onlyl work for Paypal. d.save() if request.user.is_anonymous() and not stub_account: # Create a stub account with an unusable password new_user = User.objects.create_user( cd_user_form['email'][:30], # Username can only be 30 chars long cd_user_form['email'], ) new_user.first_name = cd_user_form['first_name'] new_user.last_name = cd_user_form['last_name'] new_user.save() profile = UserProfile( user=new_user, stub_account=True, address1=cd_profile_form['address1'], address2=cd_profile_form.get('address2'), city=cd_profile_form['city'], state=cd_profile_form['state'], zip_code=cd_profile_form['zip_code'], wants_newsletter=cd_profile_form['wants_newsletter'] ) profile.save() else: # Logged in user or an existing stub account. user = user_form.save() profile = profile_form.save() # Associate the donation with the profile profile.donation.add(d) profile.save() return HttpResponseRedirect(response['redirect']) else: logger.critical("Got back status of %s when making initial request of API. Message was:\n%s" % (response['status'], response['message'])) message = response['message'] else: try: donation_form = DonationForm( initial={ 'referrer': request.GET.get('referrer') } ) user_form = UserForm( initial={ 'first_name': request.user.first_name, 'last_name': request.user.last_name, 'email': request.user.email, } ) up = request.user.profile profile_form = ProfileForm( initial={ 'address1': up.address1, 'address2': up.address2, 'city': up.city, 'state': up.state, 'zip_code': up.zip_code, 'wants_newsletter': up.wants_newsletter } ) except AttributeError: # for anonymous users, who lack profile info user_form = UserForm() profile_form = ProfileForm() return render_to_response( 'donate/donate.html', { 'donation_form': donation_form, 'user_form': user_form, 'profile_form': profile_form, 'private': False, 'message': message, 'stripe_public_key': settings.STRIPE_PUBLIC_KEY }, RequestContext(request) )
def donate(request): """Load the donate page or process a submitted donation. This page has several branches. The logic is as follows: if GET: --> Load the page elif POST: if user is anonymous: if email address on record as a stub account: --> Use it. elif new email address or a non-stub account: --> We cannot allow anonymous people to update real accounts, or this is a new email address, so create a new stub account. elif user is logged in: --> associate with account. We now have an account. Process the payment and associate it. """ message = None if request.method == 'POST': donation_form = DonationForm(request.POST) if request.user.is_anonymous(): # Either this is a new account, a stubbed one, or a user that's # simply not logged into their account try: stub_account = User.objects.filter( profile__stub_account=True).get( email__iexact=request.POST.get('email') ) except User.DoesNotExist: stub_account = False if stub_account: # We use the stub account and anonymous users even are allowed # to update it. This is OK, because we don't care too much # about the accuracy of this data. Later if/when this becomes # a real account, anonymous users won't be able to update this # information -- that's what matters. user_form = UserForm( request.POST, instance=stub_account ) profile_form = ProfileForm( request.POST, instance=stub_account.profile ) else: # Either a regular account or an email address we've never # seen before. Create a new user from the POST data. user_form = UserForm(request.POST) profile_form = ProfileForm(request.POST) else: user_form = UserForm( request.POST, instance=request.user ) profile_form = ProfileForm( request.POST, instance=request.user.profile ) if all([donation_form.is_valid(), user_form.is_valid(), profile_form.is_valid()]): # Process the data in form.cleaned_data cd_donation_form = donation_form.cleaned_data cd_user_form = user_form.cleaned_data cd_profile_form = profile_form.cleaned_data stripe_token = request.POST.get('stripeToken') # Route the payment to a payment provider response = route_and_process_donation( cd_donation_form, cd_profile_form, cd_user_form, stripe_token ) logger.info("Payment routed with response: %s" % response) if response['status'] == 0: d = donation_form.save(commit=False) d.status = response['status'] d.payment_id = response['payment_id'] d.transaction_id = response.get('transaction_id') # Will only work for Paypal. d.save() if request.user.is_anonymous() and not stub_account: # Create a stub account with an unusable password new_user = User.objects.create_user( # Username can only be 30 chars long. Use a hash of the # email address to reduce the odds of somebody # wanting to create an account that already exists. # We'll change this to good values later, when the stub # account is upgraded to a real account with a real # username. hashlib.md5(request.POST.get('email')).hexdigest()[:30], cd_user_form['email'], ) new_user.first_name = cd_user_form['first_name'] new_user.last_name = cd_user_form['last_name'] new_user.save() profile = UserProfile( user=new_user, stub_account=True, address1=cd_profile_form['address1'], address2=cd_profile_form.get('address2'), city=cd_profile_form['city'], state=cd_profile_form['state'], zip_code=cd_profile_form['zip_code'], wants_newsletter=cd_profile_form['wants_newsletter'] ) profile.save() else: # Logged in user or an existing stub account. user = user_form.save() profile = profile_form.save() # Associate the donation with the profile profile.donation.add(d) profile.save() return HttpResponseRedirect(response['redirect']) else: logger.critical("Got back status of %s when making initial " "request of API. Message was:\n%s" % (response['status'], response['message'])) message = response['message'] else: try: donation_form = DonationForm( initial={ 'referrer': request.GET.get('referrer') } ) user_form = UserForm( initial={ 'first_name': request.user.first_name, 'last_name': request.user.last_name, 'email': request.user.email, } ) up = request.user.profile profile_form = ProfileForm( initial={ 'address1': up.address1, 'address2': up.address2, 'city': up.city, 'state': up.state, 'zip_code': up.zip_code, 'wants_newsletter': up.wants_newsletter } ) except AttributeError: # for anonymous users, who lack profile info user_form = UserForm() profile_form = ProfileForm() return render_to_response( 'donate/donate.html', { 'donation_form': donation_form, 'user_form': user_form, 'profile_form': profile_form, 'private': False, 'message': message, 'stripe_public_key': settings.STRIPE_PUBLIC_KEY }, RequestContext(request) )
def donate(request): """Load the donate page or process a submitted donation. This page has several branches. The logic is as follows: if GET: --> Load the page elif POST: if user is anonymous: if email address on record as a stub account: --> Use it. elif new email address or a non-stub account: --> We cannot allow anonymous people to update real accounts, or this is a new email address, so create a new stub account. elif user is logged in: --> associate with account. We now have an account. Process the payment and associate it. """ message = None if request.method == 'POST': donation_form = DonationForm(request.POST) if request.user.is_anonymous(): # Either this is a new account, a stubbed one, or a user that's # simply not logged into their account try: stub_account = User.objects.filter( profile__stub_account=True).get( email__iexact=request.POST.get('email')) except User.DoesNotExist: stub_account = False if stub_account: # We use the stub account and anonymous users even are allowed # to update it. This is OK, because we don't care too much # about the accuracy of this data. Later if/when this becomes # a real account, anonymous users won't be able to update this # information -- that's what matters. user_form = UserForm(request.POST, instance=stub_account) profile_form = ProfileForm(request.POST, instance=stub_account.profile) else: # Either a regular account or an email address we've never # seen before. Create a new user from the POST data. user_form = UserForm(request.POST) profile_form = ProfileForm(request.POST) else: user_form = UserForm(request.POST, instance=request.user) profile_form = ProfileForm(request.POST, instance=request.user.profile) if all([ donation_form.is_valid(), user_form.is_valid(), profile_form.is_valid() ]): # Process the data in form.cleaned_data cd_donation_form = donation_form.cleaned_data cd_user_form = user_form.cleaned_data cd_profile_form = profile_form.cleaned_data stripe_token = request.POST.get('stripeToken') # Route the payment to a payment provider response = route_and_process_donation(cd_donation_form, cd_profile_form, cd_user_form, stripe_token) logger.info("Payment routed with response: %s" % response) if response['status'] == 0: d = donation_form.save(commit=False) d.status = response['status'] d.payment_id = response['payment_id'] d.transaction_id = response.get( 'transaction_id') # Will only work for Paypal. d.save() if request.user.is_anonymous() and not stub_account: # Create a stub account with an unusable password new_user = User.objects.create_user( # Username can only be 30 chars long. Use a hash of the # email address to reduce the odds of somebody # wanting to create an account that already exists. # We'll change this to good values later, when the stub # account is upgraded to a real account with a real # username. hashlib.md5(request.POST.get('email')).hexdigest() [:30], cd_user_form['email'], ) new_user.first_name = cd_user_form['first_name'] new_user.last_name = cd_user_form['last_name'] new_user.save() profile = UserProfile( user=new_user, stub_account=True, address1=cd_profile_form['address1'], address2=cd_profile_form.get('address2'), city=cd_profile_form['city'], state=cd_profile_form['state'], zip_code=cd_profile_form['zip_code'], wants_newsletter=cd_profile_form['wants_newsletter']) profile.save() else: # Logged in user or an existing stub account. user = user_form.save() profile = profile_form.save() # Associate the donation with the profile profile.donation.add(d) profile.save() return HttpResponseRedirect(response['redirect']) else: logger.critical("Got back status of %s when making initial " "request of API. Message was:\n%s" % (response['status'], response['message'])) message = response['message'] else: try: donation_form = DonationForm( initial={'referrer': request.GET.get('referrer')}) user_form = UserForm( initial={ 'first_name': request.user.first_name, 'last_name': request.user.last_name, 'email': request.user.email, }) up = request.user.profile profile_form = ProfileForm( initial={ 'address1': up.address1, 'address2': up.address2, 'city': up.city, 'state': up.state, 'zip_code': up.zip_code, 'wants_newsletter': up.wants_newsletter }) except AttributeError: # for anonymous users, who lack profile info user_form = UserForm() profile_form = ProfileForm() return render_to_response( 'donate/donate.html', { 'donation_form': donation_form, 'user_form': user_form, 'profile_form': profile_form, 'private': False, 'message': message, 'stripe_public_key': settings.STRIPE_PUBLIC_KEY }, RequestContext(request))