Esempio n. 1
0
 def set_password(self, raw_password):
     """
     Sets the password to the hashed and salted version defined in settings.
     """
     if raw_password is None:
         self.set_unusable_password()
     else:
         self.password = password_hash(raw_password)
Esempio n. 2
0
 def authenticate(self, **kwargs):
     """
     Log in with a loginphrase.
     """
     loginphrase = kwargs["password"]
     try:
         # Finds Users by the hash of their loginphrase only,
         # no username required.
         hashed = password_hash(loginphrase)
         user = User.objects.get(password=hashed)
         if user.check_password(loginphrase):
             return user
     except ObjectDoesNotExist:
         return None
Esempio n. 3
0
def generate_new_loginphrase():
    """
    Returns a (unused) password/loginphrase
    """
    try:
        password = User.objects.make_random_password(
            length = settings.LOGINPHRASE_LENGTH,
            allowed_chars=settings.ALPHABET
        )
        User.objects.get (password = password_hash(password))
        # If we get to here, the password already exists.
        # generate another one...
        return generate_new_loginphrase()
    except ObjectDoesNotExist:
        return password
Esempio n. 4
0
def new_user(request, should_validate):
    """new user"""
    template_vars = {}
    email = request.POST.get('email',"")
    allow_email = request.POST.get('allow_email', False)

    # This test will only work for users that registered in the pre-encrypted
    # time and have not logged in yet. The other users will have their emails
    # encrypted and we can not test anymore if their email is registered or not.
    if is_inactive_user(email):
        if should_validate:
            failed_field, _, message = \
                validate_registration(request)
            if failed_field:
                template_vars['error_message'] = \
                    __('There was an error with field: ') \
                    + failed_field + ' -- ' + message
                template_path = 'registration/register.html'
                set_register_vars(request, template_vars)
                return (template_path, template_vars, None)

        # VALIDATION PASSED
        # at this point we know we are going to register a user, unless the
        # passphrase miraculously is the same as the one given to somebody
        # else.
        uid = generate_unused_dbkey()
        username = uid
        template_path = 'registration/register_submit.html'

        loginphrase = request.session.get("loginphrase","")
        password = get_password_from_loginphrase (loginphrase)
        if not password:
            raise Http404
        # Do not let people have the same passphrase!
        try:
            User.objects.get(password = password_hash(password))
            # If we get to here, the password already exists.
            # Abort the registration.
            raise Http404
        except ObjectDoesNotExist:
            pass

        overwrite_inactive_user = False
        # True In case the email was registered before, but not activated.
        try:
            test_user = User.objects.get(email=email)
            if not test_user.is_active:
                # The email has been registered before, but has not been
                # activated - thus it can be registered again.
                overwrite_inactive_user = True
                raise ObjectDoesNotExist
        except ObjectDoesNotExist:
            if overwrite_inactive_user:
                user = User.objects.get(email=email)
                old_profile = user.get_profile()
                old_profile.delete()
                user.delete()
                # note that the token used to register that email cannot
                # be used again.

            user = User.objects.create_user(username, uid+"@fo.wl", password) 
            user.is_active = True
            user.save()

            # Need to translate the id to an integer due to django restrictions.
            # For example A A 1234 -> 65 65 1234
            id_int = integer_id(uid)

            # Now let's get our hands dirty with some direct SQL querying...
            cursor = connection.cursor()
            cursor.execute(
                "UPDATE auth_user SET id = %(id)s WHERE username = "******"'%(username)s'" % { "id":id_int, "username":username }
            )
            # Removing the timestamps..
            cursor.execute(
                "UPDATE auth_user SET last_login = '******' WHERE username = "******"'%(username)s'" % { "username":username }
            )
            cursor.execute(
                "UPDATE auth_user SET date_joined = '" \
                + settings.MISC_LAST_LOGIN + "' WHERE username = "******"'%(username)s'" % { "username":username })
            # Data modifying operation - commit required
            transaction.commit_unless_managed()

            # Reload the user object
            user = User.objects.get(username=username)

             # Now make sure that if the profile creation fails, we don't have
             # dead users in our database. try->except
            try:
                lang_0 = request.POST['lang_0']
                lang_1 = request.POST['lang_1']
                lang_2 = request.POST['lang_2']
                lang_3 = request.POST['lang_3']
                lang_4 = request.POST['lang_4']
                lang_5 = request.POST['lang_5']
                languages = [lang_0, lang_1, lang_2, lang_3, lang_4, lang_5]

                longitude = as_float(request.POST['longitude'])
                latitude = as_float(request.POST['latitude'])

                fudged_latitude, fudged_longitude = \
                    randomize_location(latitude, longitude)
                about_me = request.POST['about_me'].strip()
                contact_info = request.POST['contact_info'].strip()
                display_language = get_language()

                user_profile = Profile()
                user_profile.init(
                    user, email, fudged_longitude, fudged_latitude,
                    languages, about_me, contact_info, display_language,
                    allow_email, passphrase=password)

                template_vars['user'] = user
                template_vars['profile'] = user_profile
                template_vars['title'] = __('Thanks for joining')
                template_vars['useremail'] = email
                template_vars['forceLoginLink'] = True
                template_vars['domain'] = settings.DOMAIN
                # no reason to return Profile actually, it's never used.
                return (template_path, template_vars, user_profile)

            except Exception:
                user = User.objects.get(username=username)
                user.delete()
                raise

    else:
        # do not tell user that the email is already registered
        template_path = 'registration/register_submit.html'
        template_vars['title'] = __('Thanks for joining')
        template_vars['useremail'] = email
        template_vars['forceLoginLink'] = True
        template_vars['domain'] = settings.DOMAIN

        return (template_path, template_vars, None)