def get_email_confirmation_redirect_url(self, request, badgr_app=None): """ The URL to return to after successful e-mail confirmation. """ if badgr_app is None: badgr_app = BadgrApp.objects.get_current(request) if not badgr_app: logger = logging.getLogger(self.__class__.__name__) logger.warning("Could not determine authorized badgr app") return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request) try: resolverMatch = resolve(request.path) confirmation = EmailConfirmationHMAC.from_key(resolverMatch.kwargs.get('confirm_id')) # publish changes to cache email_address = CachedEmailAddress.objects.get(pk=confirmation.email_address.pk) email_address.save() redirect_url = urlparse.urljoin( badgr_app.email_confirmation_redirect.rstrip('/') + '/', urllib.quote(email_address.user.first_name.encode('utf8')) ) redirect_url = set_url_query_params(redirect_url, email=email_address.email.encode('utf8')) return redirect_url except Resolver404, EmailConfirmation.DoesNotExist: return badgr_app.email_confirmation_redirect
def get_email_confirmation_redirect_url(self, request, badgr_app=None): """ The URL to return to after successful e-mail confirmation. """ if badgr_app is None: badgr_app = BadgrApp.objects.get_current(request) if not badgr_app: logger = logging.getLogger(self.__class__.__name__) logger.warning("Could not determine authorized badgr app") return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request) try: resolverMatch = resolve(request.path) confirmation = EmailConfirmationHMAC.from_key( resolverMatch.kwargs.get('confirm_id')) # publish changes to cache email_address = CachedEmailAddress.objects.get( pk=confirmation.email_address.pk) email_address.save() redirect_url = urlparse.urljoin( badgr_app.email_confirmation_redirect.rstrip('/') + '/', urllib.quote(email_address.user.first_name.encode('utf8'))) redirect_url = set_url_query_params( redirect_url, email=email_address.email.encode('utf8')) return redirect_url except Resolver404, EmailConfirmation.DoesNotExist: return badgr_app.email_confirmation_redirect
def get_confirmkey_data(request): """ Get data for an email confirmation key """ response = {} key = request.POST['key'] confirmation = EmailConfirmationHMAC.from_key(key) if not confirmation: qs = EmailConfirmation.objects.all_valid() qs = qs.select_related("email_address__user") confirmation = qs.filter(key=key.lower()).first() if confirmation: status = 200 response['username'] = confirmation.email_address.user.username response['email'] = confirmation.email_address.email if request.user: if request.user != confirmation.email_address.user: response['logout'] = True logout(request) # We check if the user has another verified email already. If yes, # we don't need to display the terms and test server warning again. if confirmation.email_address.user.emailaddress_set.filter( verified=True ).first(): response['verified'] = True else: response['verified'] = False else: status = 404 return JsonResponse( response, status=status )
def get(self, request, **kwargs): """ Confirm an email address """ badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key( kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get( pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) redirect_url = badgrapp.ui_login_redirect return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def _get_email_confirmation(self, key): email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: # noinspection PyTypeChecker queryset = ConfirmEmailView.get_queryset(self=None) email_confirmation = queryset.get(key=key.lower()) return email_confirmation
def get(self, request, **kwargs): """ Confirm an email address with a token provided in an email --- parameters: - name: token type: string paramType: form description: The token received in the recovery email required: true """ token = request.query_params.get('token') badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: return Response(status=HTTP_404_NOT_FOUND) uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): return Response(status=HTTP_404_NOT_FOUND) user = self._get_user(uidb36) if user is None or not default_token_generator.check_token(user, key): return Response(status=HTTP_404_NOT_FOUND) if email_address.user != user: return Response(status=HTTP_404_NOT_FOUND) old_primary = CachedEmailAddress.objects.get_primary(user) if old_primary is None: email_address.primary = True email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) # get badgr_app url redirect redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp) redirect_url = set_url_query_params(redirect_url, authToken=user.auth_token) return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def get_confirmation_object(key, queryset=None): email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = EmailConfirmation.objects.all_valid() queryset = queryset.select_related("email_address__user") email_confirmation = get_object_or_404(queryset, key=key.lower()) return email_confirmation
def get_object(self, queryset=None): key = self.kwargs['key'] if allauth_settings.EMAIL_CONFIRMATION_HMAC: emailconfirmation = EmailConfirmationHMAC.from_key(key) else: emailconfirmation = EmailConfirmation.objects.filter(key=key)[0] return emailconfirmation
def get(self, request, key, format=None): confirmation = EmailConfirmationHMAC.from_key(key) if not confirmation: return Response({"detail": "wrong confirm key or expired"}, status=status.HTTP_400_BAD_REQUEST) email = confirmation.confirm(self.request) if email is None: return Response({"detail": "this email already confirmed."}, status=status.HTTP_400_BAD_REQUEST) else: return Response({"email": email.email})
def get_object(self, key): confirmation = EmailConfirmationHMAC.from_key(key) if confirmation is None: try: qs = EmailConfirmation.objects.all_valid() confirmation = qs.select_related('email_address__user').get( key=key.lower()) except ObjectDoesNotExist: raise return confirmation
def patch(self, request, key=None): try: confirmation = EmailConfirmationHMAC.from_key(key) confirmation.confirm(self.request) serializer = PressPassEmailAddressSerializer( confirmation.email_address) return Response(serializer.data) except EmailConfirmation.DoesNotExist: return Response("Please specify a valid key", status=status.HTTP_400_BAD_REQUEST)
def ConfirmEmail(request, key): emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: qs = EmailConfirmation.objects.all_valid() queryset = qs.select_related("email_address__user") try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: return render(request, 'confirm_email.html', {'error': True}) emailconfirmation.confirm(request) return render(request, 'confirm_email.html', {'error': False})
def get_object(self, queryset=None): key = get_adapter().email_confirmation_key(self.request) emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: if queryset is None: queryset = self.get_queryset() try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: pass return emailconfirmation
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: return Response(status.HTTP_406_NOT_ACCEPTABLE) return email_confirmation
def get_object(self, queryset=None): key = self.kwargs['key'] emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: if queryset is None: queryset = self.get_queryset() try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: raise EmailConfirmation.DoesNotExist return emailconfirmation
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: # A React Router Route will handle the failure scenario return HttpResponseRedirect('/login/failure') return email_confirmation
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: return Response({'detail': 'Failure'}, status=status.HTTP_404_NOT_FOUND) return email_confirmation
def account_confirm_email(request, key): emailconfirmation = EmailConfirmationHMAC.from_key(key) if not emailconfirmation: queryset = EmailConfirmation.objects.all_valid() queryset = queryset.select_related("email_address__user") try: emailconfirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: raise Http404() emailconfirmation.confirm(request) return Response("Test")
def get_email_confirmation(self, verification_key=None): """ Retreive EmailConfirmation object for provided `key` Throws 404 if does not exist """ email_confirmation = EmailConfirmationHMAC.from_key(verification_key) if not email_confirmation: try: email_confirmation = EmailConfirmation.objects.all_valid( ).select_related("email_address__user").get( key=verification_key.lower()) except EmailConfirmation.DoesNotExist: raise Http404() return email_confirmation
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: # A React Router Route will handle the failure scenario return Response({ "details": "Failed to register E-mail ID. An error occured!" }) return email_confirmation
def get_object(self, queryset=None): key = self.kwargs['key'] email_confirmation = EmailConfirmationHMAC.from_key(key) if not email_confirmation: if queryset is None: queryset = self.get_queryset() try: email_confirmation = queryset.get(key=key.lower()) except EmailConfirmation.DoesNotExist: # A React Router Route will handle the failure scenario return Response( { "detail": "The verification email has expired, please request a new verification email" }, status=status.HTTP_400_BAD_REQUEST) return email_confirmation
def get_email_confirmation_redirect_url(self, request, badgr_app=None): """ The URL to return to after successful e-mail confirmation. """ if badgr_app is None: badgr_app = BadgrApp.objects.get_current(request) if not badgr_app: logger = logging.getLogger(self.__class__.__name__) logger.warning("Could not determine authorized badgr app") return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request) try: resolver_match = resolve(request.path) confirmation = EmailConfirmationHMAC.from_key( resolver_match.kwargs.get('confirm_id')) # publish changes to cache email_address = CachedEmailAddress.objects.get( pk=confirmation.email_address.pk) email_address.publish() query_params = {'email': email_address.email.encode('utf8')} # Pass source and signup along to UI source = request.query_params.get('source', None) if source: query_params['source'] = source signup = request.query_params.get('signup', None) if signup: query_params['signup'] = 'true' return set_url_query_params( badgr_app.get_path('/auth/welcome'), **query_params) else: return set_url_query_params( urllib.parse.urljoin( badgr_app.email_confirmation_redirect.rstrip('/') + '/', urllib.parse.quote( email_address.user.first_name.encode('utf8'))), **query_params) except Resolver404 as xxx_todo_changeme: EmailConfirmation.DoesNotExist = xxx_todo_changeme return badgr_app.email_confirmation_redirect
def get_confirmkey_data(request): """ Get data for an email confirmation key """ response = {} status = 405 if request.is_ajax() and request.method == 'POST': key = request.POST['key'] confirmation = EmailConfirmationHMAC.from_key(key) if not confirmation: qs = EmailConfirmation.objects.all_valid() qs = qs.select_related("email_address__user") confirmation = qs.filter(key=key.lower()).first() if confirmation: status = 200 response['username'] = confirmation.email_address.user.username response['email'] = confirmation.email_address.email else: status = 404 return JsonResponse(response, status=status)
def get(self, request, **kwargs): """ Confirm an email address """ badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key( kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get( pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) # We allow multiple users to add the same (unverified) email address. # A user can claim the address by verifying it. # If a user verifies an email address, all other users who had added that address will have that address deleted CachedEmailAddress.objects \ .filter(email__iexact=emailconfirmation.email_address.email) \ .exclude(pk=emailconfirmation.email_address.pk) \ .delete() email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) redirect_url = badgrapp.ui_connect_success_redirect return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def post(self, request, *args, **kwargs): key = request.data.get('key') if not key: raise exceptions.ValidationError({'key': ['The key is invalid.']}) # Get HMAC confirmation emailconfirmation = EmailConfirmationHMAC.from_key(key) # Alternatively, get normal confirmation if not emailconfirmation: try: queryset = EmailConfirmation.objects.all_valid() emailconfirmation = queryset.get(key=key.lower()) except AttributeError: raise exceptions.ValidationError( {'key': ['The key is invalid.']}) except EmailConfirmation.DoesNotExist: raise exceptions.ValidationError( {'key': ['The key is invalid or has expired.']}) emailconfirmation.confirm(self.request) return Response({'status': 'success'})
def confirm_email(request, key): email_confirmation = EmailConfirmationHMAC.from_key(key) if email_confirmation: email_confirmation.confirm(request) return HttpResponseRedirect('http://truechat-client.herokuapp.com/auth')
def get(self, request, **kwargs): """ Confirm an email address with a token provided in an email --- parameters: - name: token type: string paramType: form description: The token received in the recovery email required: true """ token = request.query_params.get('token', '') badgrapp_id = request.query_params.get('a') # Get BadgrApp instance badgrapp = BadgrApp.objects.get_by_id_or_default(badgrapp_id) # Get EmailConfirmation instance emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id')) if emailconfirmation is None: logger.event(badgrlog.NoEmailConfirmation()) return redirect_to_frontend_error_toast(request, "Your email confirmation link is invalid. Please attempt to " "create an account with this email address, again.") # 202 # Get EmailAddress instance else: try: email_address = CachedEmailAddress.cached.get( pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: logger.event(badgrlog.NoEmailConfirmationEmailAddress( request, email_address=emailconfirmation.email_address)) return redirect_to_frontend_error_toast(request, "Your email confirmation link is invalid. Please attempt " "to create an account with this email address, again.") # 202 if email_address.verified: logger.event(badgrlog.EmailConfirmationAlreadyVerified( request, email_address=email_address, token=token)) return redirect_to_frontend_error_toast(request, "Your email address is already verified. You may now log in.") # Validate 'token' syntax from query param matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: logger.event(badgrlog.InvalidEmailConfirmationToken( request, token=token, email_address=email_address)) email_address.send_confirmation(request=request, signup=False) return redirect_to_frontend_error_toast(request, "Your email confirmation token is invalid. You have been sent " "a new link. Please check your email and try again.") # 2 uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): logger.event(badgrlog.InvalidEmailConfirmationToken( request, token=token, email_address=email_address)) email_address.send_confirmation(request=request, signup=False) return redirect_to_frontend_error_toast(request, "Your email confirmation token is invalid. You have been sent " "a new link. Please check your email and try again.") # 2 # Get User instance from literal 'token' value user = self._get_user(uidb36) if user is None or not default_token_generator.check_token(user, key): logger.event(badgrlog.EmailConfirmationTokenExpired( request, email_address=email_address)) email_address.send_confirmation(request=request, signup=False) return redirect_to_frontend_error_toast(request, "Your authorization link has expired. You have been sent a new " "link. Please check your email and try again.") if email_address.user != user: logger.event(badgrlog.OtherUsersEmailConfirmationToken( request, email_address=email_address, token=token, other_user=user)) return redirect_to_frontend_error_toast(request, "Your email confirmation token is associated with an unexpected " "user. You may try again") # Perform main operation, set EmaiAddress .verified and .primary True old_primary = CachedEmailAddress.objects.get_primary(user) if old_primary is None: email_address.primary = True email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) # Create an OAuth AccessTokenProxy instance for this user accesstoken = AccessTokenProxy.objects.generate_new_token_for_user( user, application=badgrapp.oauth_application if badgrapp.oauth_application_id else None, scope='rw:backpack rw:profile rw:issuer') redirect_url = get_adapter().get_email_confirmation_redirect_url( request, badgr_app=badgrapp) if badgrapp.use_auth_code_exchange: authcode = authcode_for_accesstoken(accesstoken) redirect_url = set_url_query_params(redirect_url, authCode=authcode) else: redirect_url = set_url_query_params(redirect_url, authToken=accesstoken.token) return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def get(self, request, **kwargs): """ Confirm an email address with a token provided in an email --- parameters: - name: token type: string paramType: form description: The token received in the recovery email required: true """ token = request.query_params.get('token') badgrapp_id = request.query_params.get('a', None) if badgrapp_id is None: badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1) try: badgrapp = BadgrApp.objects.get(id=badgrapp_id) except BadgrApp.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id')) if emailconfirmation is None: return Response(status=HTTP_404_NOT_FOUND) try: email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk) except CachedEmailAddress.DoesNotExist: return Response(status=HTTP_404_NOT_FOUND) matches = re.search(r'([0-9A-Za-z]+)-(.*)', token) if not matches: return Response(status=HTTP_404_NOT_FOUND) uidb36 = matches.group(1) key = matches.group(2) if not (uidb36 and key): return Response(status=HTTP_404_NOT_FOUND) user = self._get_user(uidb36) if user is None or not default_token_generator.check_token(user, key): return Response(status=HTTP_404_NOT_FOUND) if email_address.user != user: return Response(status=HTTP_404_NOT_FOUND) old_primary = CachedEmailAddress.objects.get_primary(user) if old_primary is None: email_address.primary = True email_address.verified = True email_address.save() process_email_verification.delay(email_address.pk) # get badgr_app url redirect redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp) # generate an AccessToken for the user accesstoken = BadgrAccessToken.objects.generate_new_token_for_user( user, application=badgrapp.oauth_application if badgrapp.oauth_application_id else None, scope='rw:backpack rw:profile rw:issuer') if badgrapp.use_auth_code_exchange: authcode = authcode_for_accesstoken(accesstoken) redirect_url = set_url_query_params(redirect_url, authCode=authcode) else: redirect_url = set_url_query_params(redirect_url, authToken=accesstoken.token) return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def confirm_email(request, key): email_confirmation = EmailConfirmationHMAC.from_key(key) if email_confirmation: email_confirmation.confirm(request) return HttpResponseRedirect(reverse_lazy('api'))