def make_order(request, category):
form = DonationGiftForm(data=request.POST,
category=category,
request=request)
if form.is_valid():
form.save(request)
return get_redirect(request)
messages.add_message(request, messages.ERROR, 'Form-Fehler!')
return get_redirect(request, next=request.META.get('HTTP_REFERER', '/'))
def make_request(request):
ident = request.GET.get('ident')
if not ident:
messages.add_message(request, messages.ERROR, 'Fehlerhafter Link')
return redirect('food-index')
try:
provider, _ = ident.split(':')
if provider not in venue_providers:
raise ValueError
except ValueError:
messages.add_message(request, messages.ERROR, 'Fehlerhafter Link')
return redirect('food-index')
place = venue_providers[provider].get_place(ident)
if place is None:
return redirect('food-index')
return get_redirect(request,
default='food-index',
params={
'query': place['name'],
'latlng': '{},{}'.format(place['lat'],
place['lng']),
'ident': ident
})
def confirm(request, user_id, secret, request_id=None):
if request.user.is_authenticated:
if request.user.id != user_id:
messages.add_message(request, messages.ERROR,
_('You are logged in and cannot use a confirmation link.'))
return redirect('account-show')
user = get_object_or_404(auth.get_user_model(), pk=int(user_id))
if user.is_active or (not user.is_active and user.email is None):
return redirect('account-login')
account_service = AccountService(user)
result = account_service.confirm_account(secret, request_id)
if not result:
messages.add_message(request, messages.ERROR,
_('You can only use the confirmation link once, '
'please login with your password.'))
return redirect('account-login')
auth.login(request, user)
params = {}
if request.GET.get('ref'):
params['ref'] = request.GET['ref']
if request_id is not None:
req_service = ActivatePendingRequestService({
'request_id': request_id
})
foirequest = req_service.process(request=request)
if foirequest:
params['request'] = str(foirequest.pk).encode('utf-8')
default_url = '%s?%s' % (reverse('account-confirmed'), urlencode(params))
return get_redirect(request, default=default_url, params=params)
def confirm(request, user_id, secret, request_id=None):
if request.user.is_authenticated:
if request.user.id != user_id:
messages.add_message(
request, messages.ERROR,
_('You are logged in and cannot use a confirmation link.'))
return redirect('account-show')
user = get_object_or_404(auth.get_user_model(), pk=int(user_id))
if user.is_active or (not user.is_active and user.email is None):
return redirect('account-login')
account_service = AccountService(user)
result = account_service.confirm_account(secret, request_id)
if not result:
messages.add_message(
request, messages.ERROR,
_('You can only use the confirmation link once, '
'please login with your password.'))
return redirect('account-login')
auth.login(request, user)
params = {}
if request.GET.get('ref'):
params['ref'] = request.GET['ref']
if request_id is not None:
req_service = ActivatePendingRequestService({'request_id': request_id})
foirequest = req_service.process(request=request)
if foirequest:
params['request'] = str(foirequest.pk).encode('utf-8')
default_url = '%s?%s' % (reverse('account-confirmed'), urlencode(params))
return get_redirect(request, default=default_url, params=params)
def go(request, user_id, secret, url):
if request.user.is_authenticated:
if request.user.id != int(user_id):
messages.add_message(
request, messages.INFO,
_('You are logged in with a different user account. Please logout first before using this link.'
))
return redirect(url)
user = get_object_or_404(auth.get_user_model(), pk=int(user_id))
account_manager = AccountService(user)
if account_manager.check_autologin_secret(secret):
if user.is_superuser:
# Don't allow autologin for superusers
return redirect(url)
if user.is_deleted or user.is_blocked:
# This will fail, but that's OK here
return redirect(url)
if not user.is_active:
# Confirm user account (link came from email)
user.date_deactivated = None
user.is_active = True
user.save()
account_activated.send_robust(sender=user)
auth.login(request, user)
return redirect(url)
# If login-link fails, prompt login with redirect
return get_redirect(request, default='account-login', params={'next': url})
def old_make_request(request, place, ident):
try:
pb = get_hygiene_publicbody(place['lat'], place['lng'])
except ValueError as e:
messages.add_message(request, messages.ERROR, str(e))
return redirect('food-index')
url = make_request_url(place, pb)
stopper = False
request_count = 0
if request.user.is_authenticated:
request_count = get_request_count(request, pb)
if request_count >= MAX_REQUEST_COUNT:
stopper = True
if stopper or request.GET.get('stopper') is not None:
return get_redirect(request,
default='food-index',
params={
'query':
place['name'],
'latlng':
'{},{}'.format(place['lat'], place['lng']),
'ident':
ident
})
return redirect(url)
def contact(request):
if request.method == 'POST':
form = ContactForm(data=request.POST)
if form.is_valid():
form.send_mail()
messages.add_message(request, messages.SUCCESS,
'Wir haben Ihre Nachricht erhalten.')
return get_redirect(request)
def newsletter_subscribe_request(request, newsletter_slug=None):
newsletter = get_object_or_404(Newsletter,
slug=newsletter_slug
or settings.DEFAULT_NEWSLETTER)
if request.method == 'POST':
form = NewsletterForm(
data=request.POST,
request=request,
)
if form.is_valid():
email = form.cleaned_data['email']
result = subscribe(newsletter, email, user=request.user)
if request.is_ajax():
# No-CSRF ajax request
# are allowed to access current user
if result == SubscriptionResult.ALREADY_SUBSCRIBED:
return HttpResponse(
content='''<div class="alert alert-info" role="alert">
Sie haben unseren Newsletter schon abonniert!
</div>'''.encode('utf-8'))
elif result == SubscriptionResult.SUBSCRIBED:
return HttpResponse(
content='''<div class="alert alert-primary" role="alert">
Sie haben unseren Newsletter erfolgreich abonniert!
</div>'''.encode('utf-8'))
elif result == SubscriptionResult.CONFIRM:
return HttpResponse(
content='''<div class="alert alert-primary" role="alert">
Sie haben eine E-Mail erhalten, um Ihr Abonnement zu bestätigen.
</div>'''.encode('utf-8'))
return HttpResponse('/')
if result == SubscriptionResult.CONFIRM:
messages.add_message(
request, messages.INFO,
'Sie haben eine E-Mail erhalten, um Ihr Abonnement zu bestätigen.'
)
return get_redirect(request, default='/')
else:
messages.add_message(request, messages.WARNING,
'Bitte überprüfen Sie Ihre Eingabe.')
else:
form = NewsletterForm(request=request,
initial={'email': request.GET.get('email', '')})
if request.is_ajax():
url = '{}?{}'.format(
reverse('fds_newsletter_subscribe_request',
kwargs={'newsletter_slug': newsletter.slug}),
urlencode({'email': form.data.get('email', '')}))
return HttpResponse(url)
return render(request, "fds_newsletter/subscribe.html", {
'newsletter': newsletter,
'form': form
})
def delete_request(request, foirequest):
if foirequest.status != 'awaiting_user_confirmation':
return render_400(request)
if foirequest.user != request.user:
return render_400(request)
foirequest.delete()
return get_redirect(request)
def delete_request(request, foirequest):
if foirequest.status != 'awaiting_user_confirmation':
return render_400(request)
if foirequest.user != request.user:
return render_400(request)
foirequest.delete()
return get_redirect(request)
def contact(request):
if request.method == 'POST':
form = ContactForm(data=request.POST)
if form.is_valid():
form.send_mail()
messages.add_message(
request, messages.SUCCESS,
'Wir haben Ihre Nachricht erhalten.'
)
return get_redirect(request)
def subscribe_newsletter(request):
if not request.user.is_authenticated:
return render_403(request)
messages.add_message(request, messages.SUCCESS,
_('You successfully subscribed to our newsletter!'))
user = request.user
user.newsletter = True
user.save()
return get_redirect(request)
def login(request,
base="account/base.html",
context=None,
template='account/login.html',
status=200):
simple = False
initial = None
if not context:
context = {}
if "reset_form" not in context:
context['reset_form'] = PasswordResetForm(prefix='pwreset')
if "signup_form" not in context:
context['signup_form'] = NewUserForm()
if request.GET.get("simple") is not None:
base = "simple_base.html"
simple = True
if request.GET.get('email'):
initial = {'email': request.GET.get('email')}
else:
if request.user.is_authenticated:
return redirect('account-show')
if request.method == "POST" and status == 200:
status = 400 # if ok, we are going to redirect anyways
form = UserLoginForm(request.POST)
if form.is_valid():
user = auth.authenticate(username=form.cleaned_data['email'],
password=form.cleaned_data['password'])
if user is not None:
if user.is_active:
auth.login(request, user)
messages.add_message(request, messages.INFO,
_('You are now logged in.'))
if simple:
return redirect(reverse('account-login') + "?simple")
else:
return get_redirect(request, default='account-show')
else:
messages.add_message(
request, messages.ERROR,
_('Please activate your mail address before logging in.'
))
else:
messages.add_message(request, messages.ERROR,
_('E-mail and password do not match.'))
else:
form = UserLoginForm(initial=initial)
context.update({
"form": form,
"custom_base": base,
"simple": simple,
'next': request.GET.get('next')
})
return render(request, template, context, status=status)
def reset_token(request):
if not request.user.is_authenticated:
return render_403(request)
form = ResetTokenForm(data=request.POST, user=request.user)
if form.is_valid():
message = form.save()
messages.add_message(request, messages.SUCCESS, message)
else:
messages.add_message(request, messages.ERROR, _('Failed to reset token.'))
return get_redirect(request)
def reset_token(request):
if not request.user.is_authenticated:
return render_403(request)
form = ResetTokenForm(data=request.POST, user=request.user)
if form.is_valid():
message = form.save()
messages.add_message(request, messages.SUCCESS, message)
else:
messages.add_message(request, messages.ERROR,
_('Failed to reset token.'))
return get_redirect(request)
def new_terms(request):
next = request.GET.get('next')
if not request.user.is_authenticated:
return get_redirect(request, default=next)
if request.user.terms:
return get_redirect(request, default=next)
form = TermsForm()
if request.POST:
form = TermsForm(request.POST)
if form.is_valid():
form.save(request.user)
messages.add_message(request, messages.SUCCESS,
_('Thank you for accepting our new terms!'))
return get_redirect(request, default=next)
else:
messages.add_message(request, messages.ERROR,
_('You need to accept our new terms to continue.'))
return render(request, 'account/new_terms.html', {
'terms_form': form,
'next': next
})
def new_terms(request):
next = request.GET.get('next')
if not request.user.is_authenticated:
return get_redirect(request, default=next)
if request.user.terms:
return get_redirect(request, default=next)
form = TermsForm()
if request.POST:
form = TermsForm(request.POST)
if form.is_valid():
form.save(request.user)
messages.add_message(request, messages.SUCCESS,
_('Thank you for accepting our new terms!'))
return get_redirect(request, default=next)
else:
messages.add_message(
request, messages.ERROR,
_('You need to accept our new terms to continue.'))
return render(request, 'account/new_terms.html', {
'terms_form': form,
'next': next
})
def change_password(request):
if not request.user.is_authenticated:
messages.add_message(
request, messages.ERROR,
_('You are not currently logged in, you cannot change your password.'
))
return render_403(request)
form = request.user.get_password_change_form(request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS,
_('Your password has been changed.'))
return get_redirect(request, default=reverse('account-show'))
return account_settings(request,
context={"password_change_form": form},
status=400)
def change_password(request):
if not request.user.is_authenticated:
messages.add_message(request, messages.ERROR,
_('You are not currently logged in, you cannot change your password.'))
return render_403(request)
form = request.user.get_password_change_form(request.POST)
if form.is_valid():
form.save()
auth.update_session_auth_hash(request, form.user)
messages.add_message(request, messages.SUCCESS,
_('Your password has been changed.'))
return get_redirect(request, default=reverse('account-show'))
else:
messages.add_message(request, messages.ERROR,
_('Your password was NOT changed. Please fix the errors.'))
return account_settings(
request,
context={"password_change_form": form},
status=400
)
def login(request, context=None, template='account/login.html', status=200):
if request.user.is_authenticated:
return redirect('account-show')
if not context:
context = {}
if "reset_form" not in context:
context['reset_form'] = PasswordResetForm(prefix='pwreset')
if "signup_form" not in context:
context['signup_form'] = NewUserForm()
if request.method == "POST" and status == 200:
status = 400 # if ok, we are going to redirect anyways
form = UserLoginForm(request.POST)
if form.is_valid():
user = auth.authenticate(
request,
username=form.cleaned_data['email'],
password=form.cleaned_data['password']
)
if user is not None:
if user.is_active:
auth.login(request, user)
messages.add_message(request, messages.INFO,
_('You are now logged in.'))
return get_redirect(request, default='account-show')
else:
messages.add_message(request, messages.ERROR,
_('Please activate your mail address before logging in.'))
else:
messages.add_message(request, messages.ERROR,
_('E-mail and password do not match.'))
else:
form = UserLoginForm(initial=None)
context.update({
"form": form,
'next': request.GET.get('next')
})
return render(request, template, context, status=status)
def go(request, user_id, secret, url):
if request.user.is_authenticated:
if request.user.id != int(user_id):
messages.add_message(request, messages.INFO,
_('You are logged in with a different user account. Please logout first before using this link.'))
return redirect(url)
user = get_object_or_404(auth.get_user_model(), pk=int(user_id))
account_manager = AccountService(user)
if account_manager.check_autologin_secret(secret):
if user.is_deleted or user.is_blocked:
# This will fail, but that's OK here
return redirect(url)
if not user.is_active:
# Confirm user account (link came from email)
user.date_deactivated = None
user.is_active = True
user.save()
account_activated.send_robust(sender=user)
auth.login(request, user)
return redirect(url)
# If login-link fails, prompt login with redirect
return get_redirect(request, default='account-login', params={'next': url})
