def signup_with_password(request): """Create a password-protected account template: authopenid/signup_with_password.html """ logging.debug(get_request_info(request)) next = get_next_url(request) login_form = forms.LoginForm(initial={'next': next}) #this is safe because second decorator cleans this field provider_name = request.REQUEST['login_provider'] if askbot_settings.USE_RECAPTCHA: RegisterForm = forms.SafeClassicRegisterForm else: RegisterForm = forms.ClassicRegisterForm logging.debug('request method was %s' % request.method) if request.method == 'POST': form = RegisterForm(request.POST) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm(request.POST) #validation outside if to remember form values logging.debug('validating classic register form') form1_is_valid = form.is_valid() if form1_is_valid: logging.debug('classic register form validated') else: logging.debug('classic register form is not valid') form2_is_valid = email_feeds_form.is_valid() if form2_is_valid: logging.debug('email feeds form validated') else: logging.debug('email feeds form is not valid') if form1_is_valid and form2_is_valid: logging.debug('both forms are valid') next = form.cleaned_data['next'] username = form.cleaned_data['username'] password = form.cleaned_data['password1'] email = form.cleaned_data['email'] provider_name = form.cleaned_data['login_provider'] User.objects.create_user(username, email, password) logging.debug('new user %s created' % username) if provider_name != 'local': raise NotImplementedError('must run create external user code') user = authenticate(username=username, password=password, provider_name=provider_name, method='password') login(request, user) logging.debug('new user logged in') email_feeds_form.save(user) logging.debug('email feeds form saved') # send email #subject = _("Welcome email subject line") #message_template = get_emplate( # 'authopenid/confirm_email.txt' #) #message_context = Context({ # 'signup_url': askbot_settings.APP_URL + reverse('user_signin'), # 'username': username, # 'password': password, #}) #message = message_template.render(message_context) #send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, # [user.email]) #logging.debug('new password acct created, confirmation email sent!') return HttpResponseRedirect(next) else: #todo: this can be solved with a decorator, maybe form.initial['login_provider'] = provider_name logging.debug('create classic account forms were invalid') else: #todo: here we have duplication of get_password_login_provider... form = RegisterForm(initial={ 'next': next, 'login_provider': provider_name }) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() logging.debug('printing legacy signup form') major_login_providers = util.get_major_login_providers() minor_login_providers = util.get_minor_login_providers() context_data = { 'form': form, 'page_class': 'openid-signin', 'email_feeds_form': email_feeds_form, 'major_login_providers': major_login_providers.values(), 'minor_login_providers': minor_login_providers.values(), 'login_form': login_form } return render_into_skin('authopenid/signup_with_password.html', context_data, request)
def show_signin_view(request, login_form=None, account_recovery_form=None, account_recovery_message=None, sticky=False, view_subtype='default'): """url-less utility function that populates context of template 'authopenid/signin.html' and returns its rendered output """ allowed_subtypes = ('default', 'add_openid', 'email_sent', 'change_openid', 'bad_key') assert (view_subtype in allowed_subtypes) if sticky: next_url = reverse('user_signin') else: next_url = get_next_url(request) if login_form is None: login_form = forms.LoginForm(initial={'next': next_url}) if account_recovery_form is None: account_recovery_form = forms.AccountRecoveryForm( ) #initial = initial_data) #if request is GET if request.method == 'GET': logging.debug('request method was GET') #todo: this sthuff must be executed on some signal #because askbot should have nothing to do with the login app from askbot.models import AnonymousQuestion as AQ session_key = request.session.session_key logging.debug( 'retrieving anonymously posted question associated with session %s' % session_key) qlist = AQ.objects.filter(session_key=session_key).order_by('-added_at') if len(qlist) > 0: question = qlist[0] else: question = None from askbot.models import AnonymousAnswer as AA session_key = request.session.session_key logging.debug('retrieving posted answer associated with session %s' % session_key) alist = AA.objects.filter(session_key=session_key).order_by('-added_at') if len(alist) > 0: answer = alist[0] else: answer = None if request.user.is_authenticated(): existing_login_methods = UserAssociation.objects.filter( user=request.user) if view_subtype == 'default': page_title = _('Please click any of the icons below to sign in') elif view_subtype == 'email_sent': page_title = _('Account recovery email sent') elif view_subtype == 'change_openid': if len(existing_login_methods) == 0: page_title = _('Please add one or more login methods.') else: page_title = _( 'If you wish, please add, remove or re-validate your login methods' ) elif view_subtype == 'add_openid': page_title = _( 'Please wait a second! Your account is recovered, but ...') elif view_subtype == 'bad_key': page_title = _( 'Sorry, this account recovery key has expired or is invalid') logging.debug('showing signin view') data = { 'page_class': 'openid-signin', 'view_subtype': view_subtype, #add_openid|default 'page_title': page_title, 'question': question, 'answer': answer, 'login_form': login_form, 'use_password_login': util.use_password_login(), 'account_recovery_form': account_recovery_form, 'openid_error_message': request.REQUEST.get('msg', ''), 'account_recovery_message': account_recovery_message, 'use_password_login': util.use_password_login(), } major_login_providers = util.get_major_login_providers() minor_login_providers = util.get_minor_login_providers() active_provider_names = None if request.user.is_authenticated(): data['existing_login_methods'] = existing_login_methods active_provider_names = [ item.provider_name for item in existing_login_methods ] util.set_login_provider_tooltips( major_login_providers, active_provider_names=active_provider_names) util.set_login_provider_tooltips( minor_login_providers, active_provider_names=active_provider_names) data['major_login_providers'] = major_login_providers.values() data['minor_login_providers'] = minor_login_providers.values() return render_into_skin('authopenid/signin.html', data, request)
def signin( request, newquestion=False, #todo: not needed newanswer=False, #todo: not needed ): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug('in signin view') on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() next_url = get_next_url(request) logging.debug('next url is %s' % next_url) if next_url == reverse('user_signin'): next_url = '%(next)s?next=%(next)s' % {'next': next_url} login_form = forms.LoginForm(initial={'next': next_url}) #todo: get next url make it sticky if next is 'user_signin' if request.method == 'POST': login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data['login_provider_name'] if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert (password_action == 'login') ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data['username'] if util.ldap_check_password( username, login_form.cleaned_data['password']): user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method='ldap') if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request=request, user=user, user_identifier=username, login_provider_name=ldap_provider_name, redirect_url=next_url) else: if password_action == 'login': user = authenticate( username=login_form.cleaned_data['username'], password=login_form.cleaned_data['password'], provider_name=provider_name, method='password') if user is None: login_form.set_password_login_error() else: login(request, user) #todo: here we might need to set cookies #for external login sites return HttpResponseRedirect(next_url) elif password_action == 'change_password': if request.user.is_authenticated(): new_password = \ login_form.cleaned_data['new_password'] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name) request.user.message_set.create( message=_('Your new password saved')) return HttpResponseRedirect(next_url) else: logging.critical('unknown password action %s' % password_action) raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process logging.debug('processing signin with openid submission') #todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next': next_url})) return ask_openid(request, login_form.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req) elif login_form.cleaned_data['login_type'] == 'oauth': try: #this url may need to have "next" piggibacked onto callback_url = reverse('user_complete_oauth_signin') connection = util.OAuthConnection( provider_name, callback_url=callback_url) connection.start() request.session['oauth_token'] = connection.get_token() request.session['oauth_provider_name'] = provider_name request.session[ 'next_url'] = next_url #special case for oauth oauth_url = connection.get_auth_url(login_only=False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': provider_name } request.user.message_set.create(message=msg) elif login_form.cleaned_data['login_type'] == 'facebook': #have to redirect for consistency #there is a requirement that 'complete_signin' try: #this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate(method='facebook', facebook_user_id=user_id) return finalize_generic_signin( request=request, user=user, user_identifier=user_id, login_provider_name=provider_name, redirect_url=next_url) except util.FacebookError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': 'Facebook' } request.user.message_set.create(message=msg) else: #raise 500 error - unknown login type pass
def show_signin_view(request, login_form=None, account_recovery_form=None, account_recovery_message=None, sticky=False, view_subtype='default'): """url-less utility function that populates context of template 'authopenid/signin.html' and returns its rendered output """ allowed_subtypes = ('default', 'add_openid', 'email_sent', 'change_openid', 'bad_key') assert (view_subtype in allowed_subtypes) if sticky: next_url = reverse('user_signin') else: next_url = get_next_url(request) if login_form is None: login_form = forms.LoginForm(initial={'next': next_url}) if account_recovery_form is None: account_recovery_form = forms.AccountRecoveryForm( ) #initial = initial_data) #if request is GET if request.method == 'GET': logging.debug('request method was GET') #todo: this sthuff must be executed on some signal #because askbot should have nothing to do with the login app from askbot.models import AnonymousQuestion as AQ session_key = request.session.session_key logging.debug( 'retrieving anonymously posted question associated with session %s' % session_key) qlist = AQ.objects.filter(session_key=session_key).order_by('-added_at') if len(qlist) > 0: question = qlist[0] else: question = None from askbot.models import AnonymousAnswer as AA session_key = request.session.session_key logging.debug('retrieving posted answer associated with session %s' % session_key) alist = AA.objects.filter(session_key=session_key).order_by('-added_at') if len(alist) > 0: answer = alist[0] else: answer = None if request.user.is_authenticated(): existing_login_methods = UserAssociation.objects.filter( user=request.user) #annotate objects with extra data providers = util.get_enabled_login_providers() for login_method in existing_login_methods: try: provider_data = providers[login_method.provider_name] if provider_data['type'] == 'password': #only external password logins will not be deletable #this is because users with those can lose access to their accounts permanently login_method.is_deletable = provider_data.get( 'password_changeable', False) else: login_method.is_deletable = True except KeyError: logging.critical( 'login method %s is no longer available ' 'please delete records for this login method ' 'from the UserAssociation table', login_method.provider_name) continue if view_subtype == 'default': page_title = _('Please click any of the icons below to sign in') elif view_subtype == 'email_sent': page_title = _('Account recovery email sent') elif view_subtype == 'change_openid': if len(existing_login_methods) == 0: page_title = _('Please add one or more login methods.') else: page_title = _( 'If you wish, please add, remove or re-validate your login methods' ) elif view_subtype == 'add_openid': page_title = _( 'Please wait a second! Your account is recovered, but ...') elif view_subtype == 'bad_key': page_title = _( 'Sorry, this account recovery key has expired or is invalid') logging.debug('showing signin view') data = { 'page_class': 'openid-signin', 'view_subtype': view_subtype, #add_openid|default 'page_title': page_title, 'question': question, 'answer': answer, 'login_form': login_form, 'use_password_login': util.use_password_login(), 'account_recovery_form': account_recovery_form, 'openid_error_message': request.REQUEST.get('msg', ''), 'account_recovery_message': account_recovery_message, 'use_password_login': util.use_password_login(), } major_login_providers = util.get_enabled_major_login_providers() minor_login_providers = util.get_enabled_minor_login_providers() #determine if we are only using password login active_provider_names = [p['name'] for p in major_login_providers.values()] active_provider_names.extend( [p['name'] for p in minor_login_providers.values()]) have_buttons = True if (len(active_provider_names) == 1 and active_provider_names[0] == 'local'): if askbot_settings.SIGNIN_ALWAYS_SHOW_LOCAL_LOGIN == True: #in this case the form is not using javascript, so set initial values #here have_buttons = False login_form.initial['login_provider_name'] = 'local' if request.user.is_authenticated(): login_form.initial['password_action'] = 'change_password' else: login_form.initial['password_action'] = 'login' data['have_buttons'] = have_buttons if request.user.is_authenticated(): data['existing_login_methods'] = existing_login_methods active_provider_names = [ item.provider_name for item in existing_login_methods ] util.set_login_provider_tooltips( major_login_providers, active_provider_names=active_provider_names) util.set_login_provider_tooltips( minor_login_providers, active_provider_names=active_provider_names) data['major_login_providers'] = major_login_providers.values() data['minor_login_providers'] = minor_login_providers.values() return render_into_skin('authopenid/signin.html', data, request)
def signin(request): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug('in signin view') on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() #we need a special priority on where to redirect on successful login #here: #1) url parameter "next" - if explicitly set #2) url from django setting LOGIN_REDIRECT_URL #3) home page of the forum login_redirect_url = getattr(settings, 'LOGIN_REDIRECT_URL', None) next_url = get_next_url(request, default=login_redirect_url) logging.debug('next url is %s' % next_url) if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \ and request.user.is_authenticated(): return HttpResponseRedirect(next_url) if next_url == reverse('user_signin'): next_url = '%(next)s?next=%(next)s' % {'next': next_url} login_form = forms.LoginForm(initial={'next': next_url}) #todo: get next url make it sticky if next is 'user_signin' if request.method == 'POST': login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data['login_provider_name'] if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert (password_action == 'login') username = login_form.cleaned_data['username'] password = login_form.cleaned_data['password'] # will be None if authentication fails user = authenticate(username=username, password=password, method='ldap') if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request=request, user=user, user_identifier=username, login_provider_name=provider_name, redirect_url=next_url) else: if password_action == 'login': user = authenticate( username=login_form.cleaned_data['username'], password=login_form.cleaned_data['password'], provider_name=provider_name, method='password') if user is None: login_form.set_password_login_error() else: login(request, user) #todo: here we might need to set cookies #for external login sites return HttpResponseRedirect(next_url) elif password_action == 'change_password': if request.user.is_authenticated(): new_password = \ login_form.cleaned_data['new_password'] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name) request.user.message_set.create( message=_('Your new password saved')) return HttpResponseRedirect(next_url) else: logging.critical('unknown password action %s' % password_action) raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process logging.debug('processing signin with openid submission') #todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next': next_url})) return ask_openid(request, login_form.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req) elif login_form.cleaned_data['login_type'] == 'oauth': try: #this url may need to have "next" piggibacked onto callback_url = reverse('user_complete_oauth_signin') connection = util.OAuthConnection( provider_name, callback_url=callback_url) connection.start() request.session['oauth_token'] = connection.get_token() request.session['oauth_provider_name'] = provider_name request.session[ 'next_url'] = next_url #special case for oauth oauth_url = connection.get_auth_url(login_only=False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': provider_name } request.user.message_set.create(message=msg) elif login_form.cleaned_data['login_type'] == 'facebook': #have to redirect for consistency #there is a requirement that 'complete_signin' try: #this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate(method='facebook', facebook_user_id=user_id) return finalize_generic_signin( request=request, user=user, user_identifier=user_id, login_provider_name=provider_name, redirect_url=next_url) except util.FacebookError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': 'Facebook' } request.user.message_set.create(message=msg) elif login_form.cleaned_data['login_type'] == 'wordpress_site': #here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog wp = Client(askbot_settings.WORDPRESS_SITE_URL, login_form.cleaned_data['username'], login_form.cleaned_data['password']) try: wp_user = wp.call(GetUserInfo()) custom_wp_openid_url = '%s?user_id=%s' % (wp.url, wp_user.user_id) user = authenticate(method='wordpress_site', wordpress_url=wp.url, wp_user_id=wp_user.user_id) return finalize_generic_signin( request=request, user=user, user_identifier=custom_wp_openid_url, login_provider_name=provider_name, redirect_url=next_url) except WpFault, e: logging.critical(unicode(e)) msg = _('The login password combination was not correct') request.user.message_set.create(message=msg)
def signup_with_password(request): """Create a password-protected account template: authopenid/signup_with_password.html """ logging.debug(get_request_info(request)) login_form = forms.LoginForm(initial={'next': get_next_url(request)}) #this is safe because second decorator cleans this field provider_name = request.REQUEST['login_provider'] if askbot_settings.USE_RECAPTCHA: RegisterForm = forms.SafeClassicRegisterForm else: RegisterForm = forms.ClassicRegisterForm logging.debug('request method was %s' % request.method) if request.method == 'POST': form = RegisterForm(request.POST) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm(request.POST) #validation outside if to remember form values logging.debug('validating classic register form') form1_is_valid = form.is_valid() if form1_is_valid: logging.debug('classic register form validated') else: logging.debug('classic register form is not valid') form2_is_valid = email_feeds_form.is_valid() if form2_is_valid: logging.debug('email feeds form validated') else: logging.debug('email feeds form is not valid') if form1_is_valid and form2_is_valid: logging.debug('both forms are valid') next = form.cleaned_data['next'] username = form.cleaned_data['username'] password = form.cleaned_data['password1'] email = form.cleaned_data['email'] subscribe = email_feeds_form.cleaned_data['subscribe'] if askbot_settings.REQUIRE_VALID_EMAIL_FOR == 'nothing': user = create_authenticated_user_account(username=username, email=email, password=password, subscribe=subscribe) login(request, user) cleanup_post_register_session(request) return HttpResponseRedirect(get_next_url(request)) else: request.session['username'] = username request.session['email'] = email request.session['password'] = password request.session['subscribe'] = subscribe #todo: generate a key and save it in the session key = util.generate_random_key() email = request.session['email'] send_email_key(email, key, handler_url_name='verify_email_and_register') request.session['validation_code'] = key redirect_url = reverse('verify_email_and_register') + \ '?next=' + get_next_url(request) return HttpResponseRedirect(redirect_url) else: #todo: this can be solved with a decorator, maybe form.initial['login_provider'] = provider_name logging.debug('create classic account forms were invalid') else: #todo: here we have duplication of get_password_login_provider... form = RegisterForm(initial={ 'next': get_next_url(request), 'login_provider': provider_name }) email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() logging.debug('printing legacy signup form') major_login_providers = util.get_enabled_major_login_providers() minor_login_providers = util.get_enabled_minor_login_providers() context_data = { 'form': form, 'page_class': 'openid-signin', 'email_feeds_form': email_feeds_form, 'major_login_providers': major_login_providers.values(), 'minor_login_providers': minor_login_providers.values(), 'login_form': login_form } return render_into_skin('authopenid/signup_with_password.html', context_data, request)