def login(request, mobile=False):
"""Try to log the user in."""
form = handle_login(request)
next = clean_next_url(request)
if mobile:
next_url = next or reverse('mobile.home')
if request.user.is_authenticated():
profile = request.user.profile
if not profile.login_mobile:
profile.login_mobile = True
profile.save()
profile.trigger_multisparker_badge()
return HttpResponseRedirect(next_url)
return jingo.render(request, 'users/mobile/login.html',
{'form': form, 'next_url': next_url})
else: # ajax login
if request.method == 'POST' and request.is_ajax():
if not form.is_valid():
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
else:
profile = request.user.profile
if not profile.login_desktop:
profile.login_desktop = True
profile.save()
profile.trigger_multisparker_badge()
return {'status': 'success',
'next': next or reverse('desktop.home')}
return HttpResponseBadRequest()
def boost2_confirm(request):
""" Boost your Spark step 2/2 confirmation.
This view saves the parent-child relationship in the user tree.
"""
profile = request.user.profile
ajax = request.is_ajax()
if profile.boost2_completed:
return HttpResponseRedirect(reverse('mobile.home'))
username = request.POST.get('parent')
no_parent = request.POST.get('no_parent')
if username or no_parent:
error = False
if not no_parent:
try:
parent = User.objects.get(username=username)
created = create_relationship(parent, request.user)
if created:
profile.no_parent = False
profile.save()
# Update 'longest chain' stat of all ancestors if necessary
profile.update_ancestors_longest_chain()
# Add a share for the parent
SharingHistory.add_share(parent.profile)
# Add a share between cities of this user and the parent user
CitySharingHistory.add_share_from_profiles(parent.profile, profile)
# Trigger challenge completion for the parent
update_completed_challenges.delay(parent.id)
else:
error = True
except User.DoesNotExist:
error = True
if not error:
profile = request.user.profile
profile.parent_username = username
profile.boost2_completed = True
profile.save()
# Don't use a celery task here so that "+{n} new" notification
# has the correct value in the mobile menu on the next page.
# This requires to award badges synchronously for this particular step.
update_completed_challenges(profile.user.id)
if ajax:
return {'status': 'success', 'url': reverse('desktop.parent_info')}
else:
return HttpResponseRedirect(reverse('mobile.home'))
else:
if ajax:
return {'status': 'error'}
return jingo.render(request, 'spark/handlers/mobile/400.html', status=400)
def test_login(self):
'''Test a valid login.'''
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': '******'})
eq_(302, response.status_code)
eq_('http://testserver' +
reverse('desktop.home', locale=settings.LANGUAGE_CODE),
response['location'])
def test_login(self):
'''Test a valid login.'''
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': '******'
})
eq_(302, response.status_code)
eq_(
'http://testserver' +
reverse('desktop.home', locale=settings.LANGUAGE_CODE),
response['location'])
def register(request, mobile=False):
"""Register a new user."""
form = handle_register(request)
valid = form.is_valid()
if valid:
# User is logged-in automatically after registration
new_user = auth.authenticate(username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
auth.login(request, new_user)
# Register for newletters
data = form.cleaned_data
optins = []
if data['newsletter']:
optins.append(settings.MOZILLA_CAMPAIGN)
if data['spark_newsletter']:
optins.append(settings.SPARK_CAMPAIGN)
if len(optins) > 0:
# This will be async if Celery is enabled
status= responsys.subscribe(optins,
data['email'],
'html',
responsys.make_source_url(request),
request.locale)
# Set a flag for mobile menu notifications
profile = User.objects.get(username=form.cleaned_data['username']).profile
profile.new_challenges = True
# Set desktop or mobile login flag
if mobile:
profile.login_mobile = True
else:
profile.login_desktop = True
profile.save()
if mobile:
if valid:
return HttpResponseRedirect(reverse('mobile.boost'))
else:
return jingo.render(request, 'users/mobile/register.html',
{'form': form})
else: # ajax desktop registration
if valid:
return {'status': 'success',
'next': reverse('desktop.home')}
else:
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
def forgot_password(request, mobile=False):
"""Password reset form. This view sends an email with a reset link.
"""
if request.method == "POST":
form = PasswordResetForm(request.POST)
valid = form.is_valid()
if valid:
form.save(use_https=request.is_secure(),
token_generator=default_token_generator,
email_template_name='users/email/pw_reset.ltxt')
if mobile:
if valid:
return HttpResponseRedirect(
reverse('users.mobile_pw_reset_sent'))
else:
if not valid:
return {
'status': 'error',
'errors': dict(form.errors.iteritems())
}
else:
return {'status': 'success'}
else:
form = PasswordResetForm()
if mobile:
return jingo.render(request, 'users/mobile/pw_reset_form.html',
{'form': form})
def visualization(request):
from spark.models import City
from stats.tasks import get_ordered_cities
from stats.tasks import get_aggregate_history, get_final_history
import json
cities_by_name = City.objects.order_by('city_name').all()
positions = get_ordered_cities()
cities_by_longitude = City.objects.order_by('longitude')
citylist = json.dumps([get_city_fullname(c.city_name, c.country_code, request.locale) for c in cities_by_longitude])
data = {'cities': [(positions[c.id], get_city_fullname(c.city_name, c.country_code, request.locale)) for c in cities_by_name],
'citylist': citylist,
'share_history': get_aggregate_history(-1),
'final_history': get_final_history(-1),
'starting_date': _timestamp(settings.CAMPAIGN_STARTING_DATE)}
if request.user.is_authenticated():
data.update({'logged_in': True,
'user_history': get_aggregate_history(request.user.id),
'user_final_history': get_final_history(request.user.id) })
else:
data.update({'login_next_url': reverse('desktop.visualization')})
return jingo.render(request, 'desktop/visualization.html', data)
def redirect_to(request, url, permanent=True, **kwargs):
"""Like Django's redirect_to except that 'url' is passed to reverse."""
dest = reverse(url, kwargs=kwargs)
if permanent:
return HttpResponsePermanentRedirect(dest)
return HttpResponseRedirect(dest)
def test_no_match_passwords(self):
response = self.client.post(reverse('users.mobile_register', locale='en-US'),
{'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'barfoobaz'}, follow=True)
self.assertContains(response, 'do not match')
def test_duplicate_username(self):
response = self.client.post(reverse('users.mobile_register', locale='en-US'),
{'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'foobarbaz'}, follow=True)
self.assertContains(response, "not right")
def redirect_to(request, url, permanent=True, **kwargs):
"""Like Django's redirect_to except that 'url' is passed to reverse."""
dest = reverse(url, kwargs=kwargs)
if permanent:
return HttpResponsePermanentRedirect(dest)
return HttpResponseRedirect(dest)
def password_reset_confirm(request, uidb36=None, token=None, mobile=False):
"""View that checks the hash in a password reset link and presents a
form for entering a new password.
Based on django.contrib.auth.views.
"""
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
context = {}
if default_token_generator.check_token(user, token):
context['validlink'] = True
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
if mobile:
return HttpResponseRedirect(reverse('users.mobile_pw_reset_complete'))
else:
return {'pw_reset_complete': True}
else:
form = SetPasswordForm(None)
else:
context['validlink'] = False
form = None
context['form'] = form
return jingo.render(request, 'users/mobile/pw_reset_confirm.html', context)
def register(request):
"""Register a new user."""
form = handle_register(request)
if form.is_valid():
return HttpResponseRedirect(reverse('mobile.home'))
return jingo.render(request, 'users/mobile/register.html',
{'form': form})
def sharebadge(request):
badge_id = request.GET.get('id')
try:
# Verify that this badge exists
badge = Challenge.objects.get(pk=badge_id)
# Verify also that this user has earned this badge
profile = request.user.profile
has_badge = profile.has_badge(badge_id)
if has_badge:
data = {'badge_name': get_badge_name(badge.id),
'twitter_url': urlquote(profile.twitter_sharing_url),
'twitter_badge_msg': TWITTER_BADGE_MSG,
'facebook_url': profile.facebook_sharing_url,
'facebook_redirect': absolute_url(django_reverse('mobile.home')),
'facebook_title': urlquote(unicode(FACEBOOK_SPARK_TITLE)),
'facebook_badge_msg': FACEBOOK_BADGE_MSG,
'facebook_img': absolute_url(settings.MEDIA_URL+'img/badges/fb/'+badge.id.replace('_','-')+'.png'),
'facebook_desc': urlquote(badge.badge_description),
'FB_APP_ID': settings.FB_APP_ID}
return jingo.render(request, 'mobile/sharebadge.html', data)
except Challenge.DoesNotExist:
# Ignore invalid badges
pass
# Return to earned badges page if the querystring contains an invalid badge id
# or if the user tried to share a badge he/she has not earned yet.
return HttpResponseRedirect(reverse('mobile.badges'))
def boost2(request):
""" Boost your Spark step 2/2 :
Allows a Spark user to find a parent user by username or email address."""
profile = request.user.profile
ajax = request.is_ajax()
if profile.boost2_completed:
return HttpResponseRedirect(reverse('mobile.home'))
if request.method == 'POST':
form = BoostStep2Form(request.user, request.POST)
if form.is_valid():
data = {}
if form.parent_username:
data.update({'parent': form.parent_username})
else: # User just checked the 'I started a new Spark on my own' box
data.update({'no_parent': True})
if ajax:
return {'status': 'success', 'data': data}
else:
return jingo.render(request, 'mobile/boost_step2_found.html', data)
else:
if ajax:
return {'status': 'error',
'errors': dict([(k, [unicode(e) for e in v]) for k,v in form.errors.items()])}
else:
form = BoostStep2Form(request.user)
return jingo.render(request, 'mobile/boost_step2.html', {'form': form})
def boost1(request):
data = {}
if request.method == 'POST':
if('next' in request.POST):
return HttpResponseRedirect(reverse('mobile.boost2'))
data.update({'geolocation': 'success'})
return jingo.render(request, 'mobile/boost_step1.html', data)
def boost(request):
profile = request.user.profile
# 'Boost your Spark' is not available once both steps have been completed
if profile.boost2_completed and profile.boost1_completed:
return HttpResponseRedirect(reverse('mobile.home'))
return jingo.render(request, 'mobile/boost.html')
def test_no_parent_confirm(self):
self.client.login(username='******', password='******')
response = self.client.post(self.url, {'no_parent': True})
assert isinstance(response, HttpResponseRedirect)
eq_('http://testserver/en-US%s' % reverse('mobile.home'), response['location'])
profile = User.objects.get(username='******').profile
eq_(True, profile.boost2_completed)
def register(request, mobile=False):
"""Register a new user."""
form = handle_register(request)
valid = form.is_valid()
if valid:
# User is logged-in automatically after registration
new_user = auth.authenticate(username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
auth.login(request, new_user)
# Register for newletters
data = form.cleaned_data
optins = []
if data['newsletter']:
optins.append(settings.MOZILLA_CAMPAIGN)
if data['spark_newsletter']:
optins.append(settings.SPARK_CAMPAIGN)
if len(optins) > 0:
# This will be async if Celery is enabled
status = responsys.subscribe(optins, data['email'], 'html',
responsys.make_source_url(request),
request.locale)
# Set a flag for mobile menu notifications
profile = User.objects.get(
username=form.cleaned_data['username']).profile
profile.new_challenges = True
# Set desktop or mobile login flag
if mobile:
profile.login_mobile = True
else:
profile.login_desktop = True
profile.save()
if mobile:
if valid:
return HttpResponseRedirect(reverse('mobile.boost'))
else:
return jingo.render(request, 'users/mobile/register.html',
{'form': form})
else: # ajax desktop registration
if valid:
return {'status': 'success', 'next': reverse('desktop.home')}
else:
return {'status': 'error', 'errors': dict(form.errors.iteritems())}
def test_duplicate_email(self):
User.objects.create(username='******', email='*****@*****.**').save()
response = self.client.post(reverse('users.mobile_register', locale='en-US'),
{'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'foobarbaz'}, follow=True)
self.assertContains(response, "not right")
def setUp(self):
self.client = LocalizingClient()
self.url = reverse('mobile.boost1')
self.fake_geo_data = {'lat': 48.8,
'long': 2.3,
'city': 'Paris',
'country': 'France',
'country_code': 'FR'}
def test_new_user(self, get_current):
get_current.return_value.domain = 'su.mo.com'
response = self.client.post(reverse('users.mobile_register', locale='en-US'),
{'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'foobarbaz'})
eq_(302, response.status_code)
u = User.objects.get(username='******')
assert u.password.startswith('sha256')
# Now try to log in
u.save()
response = self.client.post(reverse('users.mobile_login', locale='en-US'),
{'username': '******',
'password': '******'}, follow=True)
eq_(200, response.status_code)
eq_('http://testserver/en-US/m/home', response.redirect_chain[0][0])
def boost2_confirm(request):
""" Boost your Spark step 2/2 completion. """
username = request.POST.get('parent')
if username:
parent_user = User.objects.filter(username=username)
if parent_user:
return HttpResponseRedirect(reverse('mobile.home'))
return jingo.render(request, 'spark/handlers/mobile/400.html', status=400)
def test_no_parent_confirm(self):
self.client.login(username='******', password='******')
response = self.client.post(self.url, {'no_parent': True})
assert isinstance(response, HttpResponseRedirect)
eq_('http://testserver/en-US%s' % reverse('mobile.home'),
response['location'])
profile = User.objects.get(username='******').profile
eq_(True, profile.boost2_completed)
def test_success(self, get_current):
get_current.return_value.domain = 'testserver.com'
r = self.client.post(reverse('users.mobile_forgot_password'),
{'email': self.user.email})
eq_(302, r.status_code)
eq_('http://testserver/en-US/m/pwresetsent', r['location'])
eq_(1, len(mail.outbox))
assert mail.outbox[0].subject.find('Password reset') == 0
assert mail.outbox[0].body.find('pwreset/%s' % self.uidb36) > 0
def test_bad_reset_url(self):
r = self.client.get('/m/pwreset/junk/', follow=True)
eq_(r.status_code, 404)
r = self.client.get(
reverse('users.pw_reset_confirm', args=[self.uidb36, '12-345']))
eq_(200, r.status_code)
doc = pq(r.content)
eq_('Password reset unsuccessful', doc('#header h1').text())
def test_bad_reset_url(self):
r = self.client.get('/m/pwreset/junk/', follow=True)
eq_(r.status_code, 404)
r = self.client.get(reverse('users.pw_reset_confirm',
args=[self.uidb36, '12-345']))
eq_(200, r.status_code)
doc = pq(r.content)
eq_('Password reset unsuccessful', doc('#header h1').text())
def test_login_next_parameter(self):
'''Test with a valid ?next=url parameter.'''
next = '/kb/new'
# Verify that next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': '******',
'next': next})
eq_(302, response.status_code)
eq_('http://testserver' + next, response['location'])
def test_success(self, get_current):
get_current.return_value.domain = 'testserver.com'
r = self.client.post(reverse('users.mobile_forgot_password'),
{'email': self.user.email})
eq_(302, r.status_code)
eq_('http://testserver/en-US/m/pwresetsent', r['location'])
eq_(1, len(mail.outbox))
assert mail.outbox[0].subject.find('Password reset') == 0
assert mail.outbox[0].body.find('pwreset/%s' % self.uidb36) > 0
def setUp(self):
self.client = LocalizingClient()
self.url = reverse('mobile.boost1')
self.fake_geo_data = {
'lat': 48.8,
'long': 2.3,
'city': 'Paris',
'country': 'France',
'country_code': 'FR'
}
def test_relationship_created(self):
self.client.login(username='******', password='******')
response = self.client.post(self.url, {'parent': 'john'})
assert isinstance(response, HttpResponseRedirect)
eq_('http://testserver/en-US%s' % reverse('mobile.home'), response['location'])
bob = User.objects.get(username='******')
john = User.objects.get(username='******')
eq_(bob.node.parent, john.node)
eq_(True, bob.profile.boost2_completed)
def test_login_next_parameter(self):
'''Test with a valid ?next=url parameter.'''
next = '/kb/new'
# Verify that next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': '******',
'next': next
})
eq_(302, response.status_code)
eq_('http://testserver' + next, response['location'])
def test_relationship_created(self):
self.client.login(username='******', password='******')
response = self.client.post(self.url, {'parent': 'john'})
assert isinstance(response, HttpResponseRedirect)
eq_('http://testserver/en-US%s' % reverse('mobile.home'),
response['location'])
bob = User.objects.get(username='******')
john = User.objects.get(username='******')
eq_(bob.node.parent, john.node)
eq_(True, bob.profile.boost2_completed)
def test_unicode_password(self, get_current):
u_str = u'\xe5\xe5\xee\xe9\xf8\xe7\u6709\u52b9'
get_current.return_value.domain = 'su.mo.com'
response = self.client.post(reverse('users.mobile_register', locale='en-US'),#locale='ja'),
{'username': '******',
'email': '*****@*****.**',
'password': u_str,
'password2': u_str}, follow=True)
eq_(200, response.status_code)
u = User.objects.get(username='******')
u.save()
assert u.password.startswith('sha256')
# make sure you can login now
response = self.client.post(reverse('users.mobile_login', locale='en-US'),#locale='ja'),
{'username': '******',
'password': u_str}, follow=True)
eq_(200, response.status_code)
#eq_('http://testserver/ja/home', response.redirect_chain[0][0])
eq_('http://testserver/en-US/m/home', response.redirect_chain[0][0])
def test_login_invalid_next_parameter(self, get_current):
'''Test with an invalid ?next=http://example.com parameter.'''
get_current.return_value.domain = 'testserver.com'
invalid_next = 'http://foobar.com/evil/'
valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE)
# Verify that _valid_ next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=invalid_next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(valid_next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': '******',
'next': invalid_next})
eq_(302, response.status_code)
eq_('http://testserver' + valid_next, response['location'])
def login(request, mobile=False):
"""Try to log the user in."""
form = handle_login(request)
next = clean_next_url(request)
if mobile:
next_url = next or reverse('mobile.home')
if request.user.is_authenticated():
profile = request.user.profile
if not profile.login_mobile:
profile.login_mobile = True
profile.save()
profile.trigger_multisparker_badge()
return HttpResponseRedirect(next_url)
return jingo.render(request, 'users/mobile/login.html', {
'form': form,
'next_url': next_url
})
else: # ajax login
if request.method == 'POST' and request.is_ajax():
if not form.is_valid():
return {
'status': 'error',
'errors': dict(form.errors.iteritems())
}
else:
profile = request.user.profile
if not profile.login_desktop:
profile.login_desktop = True
profile.save()
profile.trigger_multisparker_badge()
return {
'status': 'success',
'next': next or reverse('desktop.home')
}
return HttpResponseBadRequest()
def test_login_invalid_next_parameter(self, get_current):
'''Test with an invalid ?next=http://example.com parameter.'''
get_current.return_value.domain = 'testserver.com'
invalid_next = 'http://foobar.com/evil/'
valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE)
# Verify that _valid_ next parameter is set in form hidden field.
response = self.client.get(
urlparams(reverse('users.login'), next=invalid_next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(valid_next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': '******',
'next': invalid_next
})
eq_(302, response.status_code)
eq_('http://testserver' + valid_next, response['location'])
def password_reset_confirm(request, uidb36=None, token=None):
"""View that checks the hash in a password reset link and presents a
form for entering a new password.
It's used on both desktop (ajax) and mobile websites.
"""
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
context = {}
# Display mobile or desktop version by sniffing user-agent
mobile = is_mobile(request)
if default_token_generator.check_token(user, token):
context['validlink'] = True
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
if mobile:
return HttpResponseRedirect(
reverse('users.mobile_pw_reset_complete'))
else:
return {'status': 'success'}
elif not mobile:
return {
'status': 'error',
'errors': dict(form.errors.iteritems())
}
else:
form = SetPasswordForm(None)
else:
context['validlink'] = False
form = None
context['form'] = form
if mobile:
return jingo.render(request, 'users/mobile/pw_reset_confirm.html',
context)
else:
context.update({
'uidb36': uidb36,
'token': token,
'is_pwreset': True,
'is_homepage': True,
'stats': get_global_stats()
})
return jingo.render(request, 'desktop/home.html', context)
def test_login_legacy_password(self):
'''Test logging in with a legacy md5 password.'''
legacypw = 'legacypass'
# Set the user's password to an md5
user = User.objects.get(username='******')
user.password = hashlib.md5(legacypw).hexdigest()
user.save()
# Log in and verify that it's updated to a SHA-256
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': legacypw})
eq_(302, response.status_code)
user = User.objects.get(username='******')
assert user.password.startswith('sha256$')
# Try to log in again.
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': legacypw})
eq_(302, response.status_code)
def login(request, mobile=False):
"""Try to log the user in."""
form = handle_login(request)
if mobile:
next_url = _clean_next_url(request) or reverse('mobile.home')
if request.user.is_authenticated():
return HttpResponseRedirect(next_url)
return jingo.render(request, 'users/mobile/login.html',
{'form': form, 'next_url': next_url})
else: # ajax login
if request.method == 'POST' and request.is_ajax():
if not form.is_valid():
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
else:
return {'status': 'success',
'next': reverse('desktop.dashboard')}
return HttpResponseBadRequest()
def boost1(request):
""" Boost your Spark step 1/2 :
Allows a Spark user to be geolocated by the application."""
profile = request.user.profile
ajax = request.is_ajax()
if profile.boost1_completed:
return HttpResponseRedirect(reverse('mobile.boost2'))
data = {}
invalid = False
if request.method == 'POST':
form = BoostStep1Form(request.POST)
if form.is_valid():
data = form.cleaned_data
invalid = data['city'] == '' or data['country_code'] == ''
if not invalid:
data.update({'lat': str(data['lat']),
'long': str(data['long']),
'city_id': 0,
'geo_result': get_city_fullname(data['city'], data['country_code'], request.locale)})
if invalid:
from decimal import *
city = get_nearest_city(Decimal(data['lat']), Decimal(data['long']), 1000)
if city:
data.update({
'geo_fallback': True,
'lat': city.latitude,
'long': city.longitude,
'city_id': city.id,
'city': city.city_name,
'country_code': city.country_code,
'us_state': '',
'geo_result': get_city_fullname(city.city_name, city.country_code, request.locale)
})
elif not ajax:
data.update({'geolocation': 'error'})
return jingo.render(request, 'mobile/boost_step1.html', data)
if ajax:
data.update({'lon': data['long']}) # JS compression bug fix
return {'status': 'success',
'data': data}
else:
return jingo.render(request, 'mobile/boost_step1_found.html', data)
else:
data.update({'geolocation': 'error'})
return jingo.render(request, 'mobile/boost_step1.html', data)
def boost2(request):
""" Boost your Spark step 2/2 :
Allows a Spark user to link his account to a parent user."""
if request.method == 'POST':
form = BoostStep2Form(request.user, request.POST)
if form.is_valid():
if form.parent_username:
return jingo.render(request, 'mobile/boost_step2_found.html',
{'parent': form.parent_username})
else: # User just checked the checkbox
return HttpResponseRedirect(reverse('mobile.home'))
else:
form = BoostStep2Form(request.user)
return jingo.render(request, 'mobile/boost_step2.html', {'form': form})
def boost1_confirm(request):
ajax = request.is_ajax()
profile = request.user.profile
form = BoostStep1ConfirmForm(request.POST)
if form.is_valid():
data = form.cleaned_data
profile.latitude = data['lat']
profile.longitude = data['long']
if data['city_id'] != '0':
try:
city = City.objects.get(pk=data['city_id'])
profile.major_city = city
except City.DoesNotExist:
# Wrong city in the POST data, redirect to manual geolocation page
return HttpResponseRedirect(reverse('mobile.yourlocation'))
profile.city_name = data['city']
profile.country_code = data['country_code']
if data['country_code'] == 'US':
profile.us_state = data['us_state']
profile.boost1_completed = True
profile.save()
if not profile.major_city:
approximate_major_city(profile, 1000)
CountrySparked.add_country(data['country_code'])
update_completed_challenges(profile.user.id)
profile.add_city_shares_for_children()
if ajax:
return {'status': 'success', 'url': reverse('desktop.location_info')}
else:
return HttpResponseRedirect(reverse('mobile.boost2'))
def test_login_legacy_password(self):
'''Test logging in with a legacy md5 password.'''
legacypw = 'legacypass'
# Set the user's password to an md5
user = User.objects.get(username='******')
user.password = hashlib.md5(legacypw).hexdigest()
user.save()
# Log in and verify that it's updated to a SHA-256
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': legacypw
})
eq_(302, response.status_code)
user = User.objects.get(username='******')
assert user.password.startswith('sha256$')
# Try to log in again.
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': legacypw
})
eq_(302, response.status_code)
def password_reset_confirm(request, uidb36=None, token=None):
"""View that checks the hash in a password reset link and presents a
form for entering a new password.
It's used on both desktop (ajax) and mobile websites.
"""
try:
uid_int = base36_to_int(uidb36)
except ValueError:
raise Http404
user = get_object_or_404(User, id=uid_int)
context = {}
# Display mobile or desktop version by sniffing user-agent
mobile = is_mobile(request)
if default_token_generator.check_token(user, token):
context['validlink'] = True
if request.method == 'POST':
form = SetPasswordForm(user, request.POST)
if form.is_valid():
form.save()
if mobile:
return HttpResponseRedirect(reverse('users.mobile_pw_reset_complete'))
else:
return {'status': 'success'}
elif not mobile:
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
else:
form = SetPasswordForm(None)
else:
context['validlink'] = False
form = None
context['form'] = form
if mobile:
return jingo.render(request, 'users/mobile/pw_reset_confirm.html', context)
else:
context.update({'uidb36': uidb36,
'token': token,
'is_pwreset': True,
'is_homepage': True,
'stats': get_global_stats() })
return jingo.render(request, 'desktop/home.html', context)
def delete_account(request):
"""Delete account ajax view."""
form = PasswordConfirmationForm(user=request.user, data=request.POST)
if not form.is_valid():
return {'status': 'error', 'errors': dict(form.errors.iteritems())}
else:
# Anonymize user instead of actually deleting it.
# We need to keep user metadata in Profile and UserNode
# so that the game keeps working as intended.
# If we used user.delete() these would get deleted too.
request.user.username = None
request.user.password = None
request.user.email = None
request.user.is_active = False
request.user.save()
auth.logout(request)
return {'status': 'success', 'next': reverse('desktop.home')}
def delete_account(request):
"""Delete account ajax view."""
form = PasswordConfirmationForm(user=request.user, data=request.POST)
if not form.is_valid():
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
else:
# Anonymize user instead of actually deleting it.
# We need to keep user metadata in Profile and UserNode
# so that the game keeps working as intended.
# If we used user.delete() these would get deleted too.
request.user.username = None
request.user.password = None
request.user.email = None
request.user.is_active = False
request.user.save()
auth.logout(request)
return {'status': 'success',
'next': reverse('desktop.home')}
def geolocation_fallback(request):
ajax = request.is_ajax()
profile = request.user.profile
if not profile.boost1_completed:
if request.method == 'POST':
city_id = request.POST.get('city')
try:
city = City.objects.get(pk=city_id)
data = {
'lat': city.latitude,
'long': city.longitude,
'city_id': city_id,
'city': city.city_name,
'country_code': city.country_code,
'us_state': '',
'geo_result': get_city_fullname(city.city_name, city.country_code, request.locale)
}
if ajax:
data.update({'lon': data['long']}) # JS compression bug fix
return {'status': 'success',
'data': data}
else:
return jingo.render(request, 'mobile/boost_step1_found.html', data)
except City.DoesNotExist:
# Wrong city in the POST data
if ajax:
return {'status': 'error',
'errors': {'citylist': [_(u'Select your location manually')]}}
cities = City.objects.order_by('city_name')
citylist = [(city.id, get_city_fullname(city.city_name, city.country_code, request.locale)) for city in cities]
return jingo.render(request, 'mobile/citylist.html', {'cities': citylist})
# Ignore chosen city and redirect if user has already completed Boost step 1.
return HttpResponseRedirect(reverse('mobile.boost2'))
def forgot_password(request, mobile=False):
"""Password reset form. This view sends an email with a reset link.
"""
if request.method == "POST":
form = PasswordResetForm(request.POST)
valid = form.is_valid()
if valid:
form.save(use_https=request.is_secure(),
token_generator=default_token_generator,
email_template_name='users/email/pw_reset.ltxt')
if mobile:
if valid:
return HttpResponseRedirect(reverse('users.mobile_pw_reset_sent'))
else:
if not valid:
return {'status': 'error',
'errors': dict(form.errors.iteritems())}
else:
return {'status': 'success'}
else:
form = PasswordResetForm()
if mobile:
return jingo.render(request, 'users/mobile/pw_reset_form.html', {'form': form})
def password_reset(request, mobile=False):
"""Password reset form.
Based on django.contrib.auth.views. This view sends the email.
"""
if request.method == "POST":
form = PasswordResetForm(request.POST)
if form.is_valid():
form.save(use_https=request.is_secure(),
token_generator=default_token_generator,
email_template_name='users/email/pw_reset.ltxt')
# Don't leak existence of email addresses
# (No error if wrong email address)
if mobile:
return HttpResponseRedirect(reverse('users.mobile_pw_reset_sent'))
else:
return {'pw_reset_sent': True}
else:
form = PasswordResetForm()
if mobile:
return jingo.render(request, 'users/mobile/pw_reset_form.html', {'form': form})
def setUp(self):
super(EmailChangeTests, self).setUp()
self.url = reverse('users.change_email')
self.user = User.objects.get(username='******')
self.client.login(username='******', password='******')
def setUp(self):
super(PasswordChangeTests, self).setUp()
self.user = User.objects.get(username='******')
self.url = reverse('users.pw_change')
self.new_pw = 'fjdka387fvstrongpassword!'
self.client.login(username='******', password='******')
