def test_FullSignUp(self): #Registering a new user url_to_signup = '/sso/registration/' url_to_verify_key = '/sso/account-confirm-email/' data = { 'username': "******", 'password1': 'optica2020', 'password2': 'optica2020', 'email': '*****@*****.**', 'clave_ciudadano': '123abc' } response = self.client.post(url_to_signup, data) #verifying the user email exist_keyclassgenerator = EmailConfirmationHMAC( EmailAddress.objects.get(email='*****@*****.**')) key = {'key': exist_keyclassgenerator.key} self.assertEqual(type(key['key']), type('str')) try: exist_keyclassgenerator2 = EmailConfirmationHMAC( EmailAddress.objects.get(email='*****@*****.**')) key = {'key': exist_keyclassgenerator2.key} self.assertEqual(type(key['key']), type('str')) except: self.assertEqual('correo no existe', 'correo no existe') response1 = self.client.post(url_to_verify_key, key) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual( UserCustom.objects.get(id=1).username, data['username']) self.assertEqual(response1.status_code, status.HTTP_200_OK) self.assertEqual(response1.data, {'detail': 'ok'})
def validate(self, attrs): token = attrs['token'] payload = self._check_payload(token=token) username = jwt_get_username_from_payload(payload) if username: user = self._check_user(username) new_token = get_login_token_with_auth_info(user, AuthAction.LOGIN, AuthProvider.EMAIL) self.instance = dict(token=new_token, user=user) return self.instance if payload['provider'] == AuthProvider.SOCIAL.value: email = self._check_email(payload['email'], False) try: email_address = EmailAddress.objects.get(email=email) except EmailAddress.DoesNotExist: raise serializers.ValidationError(_("User doesn't exist.")) ret = EmailConfirmationHMAC(email_address) ret.confirm(self._request) user = email_address.user new_token = get_login_token_with_auth_info(user, AuthAction.REGISTRATION, AuthProvider.SOCIAL, payload.get('social')) self.instance = dict(token=new_token, user=user) return self.instance email = self._check_email(payload['email'], True) return dict(email=email)
def test_email_confirmation_hmac_timeout(self): user = self._create_user() email = EmailAddress.objects.create( user=user, email="*****@*****.**", verified=False, primary=True ) confirmation = EmailConfirmationHMAC(email) confirmation.send() self.assertEqual(len(mail.outbox), 1) self.client.post(reverse("account_confirm_email", args=[confirmation.key])) email = EmailAddress.objects.get(pk=email.pk) self.assertFalse(email.verified)
def test_email_confirmation_hmac_timeout(self): user = self._create_user() email = EmailAddress.objects.create( user=user, email='*****@*****.**', verified=False, primary=True) confirmation = EmailConfirmationHMAC(email) confirmation.send() self.assertEqual(len(mail.outbox), 1) self.client.post( reverse('account_confirm_email', args=[confirmation.key])) email = EmailAddress.objects.get(pk=email.pk) self.assertFalse(email.verified)
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) if not EmailAddress.objects.filter(user=self.request.user, verified=True).exists(): user_email_address = EmailAddress.objects.get( user=self.request.user) user_email_confirmation = EmailConfirmationHMAC( email_address=user_email_address) user_email_confirmation.send(self.request, False) context["verified"] = EmailAddress.objects.filter( user=self.request.user, verified=True).exists() return context
def test_login_on_confirm(self): user = self._create_user() email = EmailAddress.objects.create( user=user, email='*****@*****.**', verified=False, primary=True) key = EmailConfirmationHMAC(email).key receiver_mock = Mock() # we've logged if signal was called user_logged_in.connect(receiver_mock) # fake post-signup account_user stash session = self.client.session session['account_user'] = user_pk_to_url_str(user) session.save() resp = self.client.post( reverse('account_confirm_email', args=[key])) email = EmailAddress.objects.get(pk=email.pk) self.assertTrue(email.verified) receiver_mock.assert_called_once_with( sender=get_user_model(), request=resp.wsgi_request, response=resp, user=get_user_model().objects.get(username='******'), signal=user_logged_in, ) user_logged_in.disconnect(receiver_mock)
def _get_email_confirmation(self, key): email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: # noinspection PyTypeChecker queryset = ConfirmEmailView.get_queryset(self=None) email_confirmation = queryset.get(key=key.lower()) return email_confirmation
def get_email_confirmation_redirect_url(self, request, badgr_app=None): """ The URL to return to after successful e-mail confirmation. """ if badgr_app is None: badgr_app = BadgrApp.objects.get_current(request) if not badgr_app: logger = logging.getLogger(self.__class__.__name__) logger.warning("Could not determine authorized badgr app") return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request) try: resolverMatch = resolve(request.path) confirmation = EmailConfirmationHMAC.from_key(resolverMatch.kwargs.get('confirm_id')) # publish changes to cache email_address = CachedEmailAddress.objects.get(pk=confirmation.email_address.pk) email_address.save() redirect_url = urlparse.urljoin( badgr_app.email_confirmation_redirect.rstrip('/') + '/', urllib.quote(email_address.user.first_name.encode('utf8')) ) redirect_url = set_url_query_params(redirect_url, email=email_address.email.encode('utf8')) return redirect_url except Resolver404, EmailConfirmation.DoesNotExist: return badgr_app.email_confirmation_redirect
def get(self, request, **kwargs): """ Confirm an email address """ badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key( kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get( pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) redirect_url = badgrapp.ui_login_redirect return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def test_full_user_registration_process(self): outbox = mail.outbox self.assertEqual(len(outbox), 0) url = '/rest-auth/registration/' payload = { "email": "*****@*****.**", "password1": "ILoveTacos", "password2": "ILoveTacos", "time_zone": "US/Eastern", "phone_number": "5556798786" } resp = self.client.post(url, payload) self.assertEqual(resp.status_code, 201) self.assertEqual(len(outbox), 1) conf_email = outbox[0] self.assertEqual(conf_email.to[0], '*****@*****.**') self.assertEqual(conf_email.subject, '[example.com] Activate your Sports Warning Account') url = '/rest-auth/login/' payload = {"email": "*****@*****.**", "password": "******"} resp = self.client.post(url, payload) self.assertEqual(resp.status_code, 400) self.assertEqual(resp.json()['non_field_errors'][0], 'E-mail is not verified.') email = EmailAddress.objects.get(email='*****@*****.**') key = EmailConfirmationHMAC(email).key url = '/rest-auth/registration/verify-email/' payload = {"key": key} resp = self.client.post(url, payload) self.assertEqual(resp.status_code, 200) url = '/rest-auth/login/' payload = {"email": "*****@*****.**", "password": "******"} resp = self.client.post(url, payload) self.assertEqual(resp.status_code, 200)
def get_confirmkey_data(request): """ Get data for an email confirmation key """ response = {} key = request.POST['key'] confirmation = EmailConfirmationHMAC.from_key(key) if not confirmation: qs = EmailConfirmation.objects.all_valid() qs = qs.select_related("email_address__user") confirmation = qs.filter(key=key.lower()).first() if confirmation: status = 200 response['username'] = confirmation.email_address.user.username response['email'] = confirmation.email_address.email if request.user: if request.user != confirmation.email_address.user: response['logout'] = True logout(request) # We check if the user has another verified email already. If yes, # we don't need to display the terms and test server warning again. if confirmation.email_address.user.emailaddress_set.filter( verified=True ).first(): response['verified'] = True else: response['verified'] = False else: status = 404 return JsonResponse( response, status=status )
def get_email_confirmation_redirect_url(self, request, badgr_app=None): """ The URL to return to after successful e-mail confirmation. """ if badgr_app is None: badgr_app = BadgrApp.objects.get_current(request) if not badgr_app: logger = logging.getLogger(self.__class__.__name__) logger.warning("Could not determine authorized badgr app") return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request) try: resolverMatch = resolve(request.path) confirmation = EmailConfirmationHMAC.from_key( resolverMatch.kwargs.get('confirm_id')) # publish changes to cache email_address = CachedEmailAddress.objects.get( pk=confirmation.email_address.pk) email_address.save() redirect_url = urlparse.urljoin( badgr_app.email_confirmation_redirect.rstrip('/') + '/', urllib.quote(email_address.user.first_name.encode('utf8'))) redirect_url = set_url_query_params( redirect_url, email=email_address.email.encode('utf8')) return redirect_url except Resolver404, EmailConfirmation.DoesNotExist: return badgr_app.email_confirmation_redirect
def step_impl(context): email = EmailAddress.objects.get(user=context.user) confirmation = EmailConfirmationHMAC(email) context.get_browser().visit( context.base_url + '/accounts/confirm-email/{}/'.format(confirmation.key) )
def get(self, request, **kwargs): """ Confirm an email address with a token provided in an email --- parameters: - name: token type: string paramType: form description: The token received in the recovery email required: true """ token = request.query_params.get('token') badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: return Response(status=HTTP_404_NOT_FOUND) uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): return Response(status=HTTP_404_NOT_FOUND) user = self._get_user(uidb36) if user is None or not default_token_generator.check_token(user, key): return Response(status=HTTP_404_NOT_FOUND) if email_address.user != user: return Response(status=HTTP_404_NOT_FOUND) old_primary = CachedEmailAddress.objects.get_primary(user) if old_primary is None: email_address.primary = True email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) # get badgr_app url redirect redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp) redirect_url = set_url_query_params(redirect_url, authToken=user.auth_token) return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def get_confirmation_object(key, queryset=None): email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = EmailConfirmation.objects.all_valid() queryset = queryset.select_related("email_address__user") email_confirmation = get_object_or_404(queryset, key=key.lower()) return email_confirmation
def perform_create(self, serializer): user = serializer.save(self.request) if getattr(settings, "REST_USE_JWT", False): self.token = jwt_encode(user) email = EmailAddress.objects.get(user=user, email=user.email) confirmation = EmailConfirmationHMAC(email) tasks.send_confirmation_email.delay(user.username, user.email, confirmation.key) return user
def post(self, request, *args, **kwargs): email = request.data.get("email", None) email_address = get_object_or_404(EmailAddress, email=email) confirmation = EmailConfirmationHMAC(email_address) tasks.send_confirmation_email.delay( email_address.user.username, email_address.email, confirmation.key ) return Response({"detail": _("Email Confirmation Sent.")})
def get_object(self, queryset=None): key = self.kwargs['key'] if allauth_settings.EMAIL_CONFIRMATION_HMAC: emailconfirmation = EmailConfirmationHMAC.from_key(key) else: emailconfirmation = EmailConfirmation.objects.filter(key=key)[0] return emailconfirmation
def setUp(self): self.user = User.objects.create_user(username="******", email="*****@*****.**", password="******") self.email_address = EmailAddress.objects.create(user=self.user, email=self.user.email, verified=True, primary=True) self.confirm_key = EmailConfirmationHMAC(self.email_address).key
def perform_create(self, serializer): user = serializer.save(self.request) if getattr(settings, 'REST_USE_JWT', False): self.token = jwt_encode(user) email = EmailAddress.objects.get(user=user, email=user.email) confirmation = EmailConfirmationHMAC(email) print("key ->>>", confirmation.key) # TODO send email confirmation here return user
def get(self, request, key, format=None): confirmation = EmailConfirmationHMAC.from_key(key) if not confirmation: return Response({"detail": "wrong confirm key or expired"}, status=status.HTTP_400_BAD_REQUEST) email = confirmation.confirm(self.request) if email is None: return Response({"detail": "this email already confirmed."}, status=status.HTTP_400_BAD_REQUEST) else: return Response({"email": email.email})
def form_valid(self, form): org = form.save() # by default, make the user creating the org the admin admin = Membership(member=self.request.user, organization=org,) admin.save() email_content = ( "Dear Representable Team, " + self.request.user.email + " signed up to create an organization called " + org.name + ", in the state(s) of " + str(org.states) + " Their organization description: " + org.description + "." ) send_mail( "[Action Required] New Organization Sign-up", email_content, "*****@*****.**", ["*****@*****.**"], # ["*****@*****.**"], fail_silently=False, ) self.success_url = reverse_lazy( "main:thanks_org", kwargs=org.get_url_kwargs() ) if not EmailAddress.objects.filter( user=self.request.user, verified=True ).exists(): user_email_address = EmailAddress.objects.get( user=self.request.user ) user_email_confirmation = EmailConfirmationHMAC( email_address=user_email_address ) user_email_confirmation.send(self.request, False) return super().form_valid(form)
def get_object(self, key): confirmation = EmailConfirmationHMAC.from_key(key) if confirmation is None: try: qs = EmailConfirmation.objects.all_valid() confirmation = qs.select_related('email_address__user').get( key=key.lower()) except ObjectDoesNotExist: raise return confirmation
def test_on_boarding_workflow(self): # main page has registration link self.assertContains(self.client.get("", follow=True), reverse("account_signup")) # user fills out registration form self.assertContains(self.client.get(reverse("account_signup")), "Vorname") response = self.client.post( reverse("account_signup"), { "first_name": "Bob", "last_name": "Jones", "email": "*****@*****.**", "password1": "the password open sesame", "password2": "the password open sesame", }, ) self.assertRedirects(response, reverse("account_email_verification_sent")) user = User.objects.get(first_name="Bob") self.assertEqual(user.last_name, "Jones") self.assertEqual(user.email, "*****@*****.**") self.assertEqual(user.access.count(), 0) # user clicks on link in their email verification link confirmation = EmailConfirmationHMAC(user.emailaddress_set.get()) self.client.post( reverse("account_confirm_email", args=[confirmation.key])) response = self.client.post( reverse("account_login"), { "login": "******", "password": "******" }, follow=True, ) self.assertRedirects(response, reverse("companies")) self.assertContains(response, reverse("company.create")) self.assertContains(self.client.get(reverse("company.create")), "Subdomain") response = self.client.post( reverse("company.create"), { "name": "Widgets LLC", "schema": "widgets", "timezone": "Europe/Berlin" }, follow=True, HTTP_HOST="widgets.systori.localhost", ) self.assertRedirects(response, "http://widgets.systori.localhost") self.assertContains(response, "Widgets LLC")
def update(self, instance, validated_data): profile_data = validated_data.pop('profile', {}) phone_number = profile_data.pop('phone_number', None) profile_picture = profile_data.get('profile_picture', None) about = profile_data.get('about', None) address = profile_data.get('address', None) birth_date = profile_data.get('birth_date', None) transportation = profile_data.get('transportation', None) gender = profile_data.get('gender', None) id_number = profile_data.get('id_number', None) id_images = profile_data.get('id_images', []) is_tasker = profile_data.get('is_tasker', None) new_email = validated_data.pop('email', None) user = super(UserSerializer, self).update(instance, validated_data) if new_email: if EmailAddress.objects.filter(user=user, email=new_email, verified=False).exists(): raise exceptions.ValidationError( _("Email confirmation has been sent")) if not EmailAddress.objects.filter( user=user, email=new_email, verified=False).exists(): email_address = EmailAddress.objects.add_email( self.context.get('request'), user, new_email) confirmation = EmailConfirmationHMAC(email_address) print("confirmation key ->", confirmation.key) # TODO send mail to confirmation profile = user.profile if profile_data: if phone_number: profile.phone_number = phone_number if profile_picture: profile.profile_picture = profile_picture if about: profile.about = about if address: profile.address = address if birth_date: profile.birth_date = birth_date if transportation: profile.transportation = transportation if gender: profile.gender = gender if id_number: profile.id_number = id_number if id_images: profile.id_images = id_images if is_tasker: profile.is_tasker = is_tasker profile.save() return instance
def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) has_drive = False organization_name = "" drive_name = "" if kwargs["drive"]: has_drive = True drive_slug = self.kwargs["drive"] drive = Drive.objects.get(slug=drive_slug) drive_name = drive.name organization = drive.organization organization_name = organization.name if EmailAddress.objects.filter( user=self.request.user, verified=True ).exists(): context["verified"] = True else: user_email_address = EmailAddress.objects.get( user=self.request.user ) user_email_confirmation = EmailConfirmationHMAC( email_address=user_email_address ) # default_adapter = adapter.get_adapter() # default_adapter.send_confirmation_mail(self.request, user_email_confirmation, False) # user_email_address.send_confirmation(None, False) user_email_confirmation.send(self.request, False) context["verified"] = False context["map_url"] = self.kwargs["map_id"] context["drive"] = self.kwargs["drive"] context["has_drive"] = has_drive context["organization_name"] = organization_name context["drive_name"] = drive_name return context
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: return Response(status.HTTP_406_NOT_ACCEPTABLE) return email_confirmation
def get_object(self, queryset=None): key = get_adapter().email_confirmation_key(self.request) emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: if queryset is None: queryset = self.get_queryset() try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: pass return emailconfirmation
def ConfirmEmail(request, key): emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: qs = EmailConfirmation.objects.all_valid() queryset = qs.select_related("email_address__user") try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: return render(request, 'confirm_email.html', {'error': True}) emailconfirmation.confirm(request) return render(request, 'confirm_email.html', {'error': False})
def get_object(self, queryset=None): key = self.kwargs['key'] emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: if queryset is None: queryset = self.get_queryset() try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: raise EmailConfirmation.DoesNotExist return emailconfirmation
def patch(self, request, key=None): try: confirmation = EmailConfirmationHMAC.from_key(key) confirmation.confirm(self.request) serializer = PressPassEmailAddressSerializer( confirmation.email_address) return Response(serializer.data) except EmailConfirmation.DoesNotExist: return Response("Please specify a valid key", status=status.HTTP_400_BAD_REQUEST)
def account_confirm_email(request, key): emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: queryset = EmailConfirmation.objects.all_valid() queryset = queryset.select_related("email_address__user") try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: raise Http404() emailconfirmation.confirm(request) return Response("Test")
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: # A React Router Route will handle the failure scenario return HttpResponseRedirect('/login/failure') return email_confirmation
def test_welcome_mail_for_unverified_email(self): Switch.objects.get_or_create(name='welcome_email', active=True) testuser = user(username='******', email='*****@*****.**', password='******', save=True) email_address = EmailAddress.objects.create(user=testuser, email='*****@*****.**', verified=False) request = self.rf.get('/') request.LANGUAGE_CODE = 'en-US' # emulate the phase in which the request for email confirmation is # sent as the user's email address is not verified confirmation = EmailConfirmationHMAC(email_address) confirmation.send() # only one email, the confirmation email is sent self.assertEqual(len(mail.outbox), 1) confirm_email = mail.outbox[0] expected_to = [email_address.email] self.assertEqual(expected_to, confirm_email.to) self.assertTrue('Confirm' in confirm_email.subject) # Click on a similar confirm link (HMAC has timestamp, changes) link = reverse('account_confirm_email', locale='en-US', args=[confirmation.key]) resp = self.client.get(link) assert resp.status_code == 200 resp = self.client.post(link, follow=True) assert resp.status_code == 200 # a second email, the welcome email, is sent self.assertEqual(len(mail.outbox), 2) welcome_email = mail.outbox[1] expected_to = [email_address.email] self.assertEqual(expected_to, welcome_email.to) self.assertTrue('utm_campaign=welcome' in welcome_email.body) # now add second unverified email address to the user # and check if the usual confirmation email is sent out email_address2 = EmailAddress.objects.create(user=testuser, email='*****@*****.**', verified=False) confirmation2 = EmailConfirmationHMAC(email_address2) confirmation2.send() self.assertEqual(len(mail.outbox), 3) confirm_email2 = mail.outbox[2] expected_to = [email_address2.email] self.assertEqual(expected_to, confirm_email2.to) self.assertTrue('Confirm' in confirm_email2.subject) # Confirm the second email address link2 = reverse('account_confirm_email', locale='en-US', args=[confirmation2.key]) resp = self.client.get(link2) assert resp.status_code == 200 resp = self.client.post(link2, follow=True) assert resp.status_code == 200 # no increase in number of emails (no 2nd welcome email) self.assertEqual(len(mail.outbox), 3) self.assertTrue('Confirm' in mail.outbox[2].subject)
def get(self, request, **kwargs): """ Confirm an email address with a token provided in an email --- parameters: - name: token type: string paramType: form description: The token received in the recovery email required: true """ token = request.query_params.get('token') badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: return Response(status=HTTP_404_NOT_FOUND) uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): return Response(status=HTTP_404_NOT_FOUND) user = self._get_user(uidb36) if user is None or not default_token_generator.check_token(user, key): return Response(status=HTTP_404_NOT_FOUND) if email_address.user != user: return Response(status=HTTP_404_NOT_FOUND) old_primary = CachedEmailAddress.objects.get_primary(user) if old_primary is None: email_address.primary = True email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) # get badgr_app url redirect redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp) # generate an AccessToken for the user accesstoken = BadgrAccessToken.objects.generate_new_token_for_user( user, application=badgrapp.oauth_application if badgrapp.oauth_application_id else None, scope='rw:backpack rw:profile rw:issuer') if badgrapp.use_auth_code_exchange: authcode = authcode_for_accesstoken(accesstoken) redirect_url = set_url_query_params(redirect_url, authCode=authcode) else: redirect_url = set_url_query_params(redirect_url, authToken=accesstoken.token) return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})