def google_login_success(request):
if request.method == 'GET':
params = request.GET
elif request.method == 'POST':
params = request.POST
values = {
p.split('.')[-1]: params[p]
for p in params.keys() if 'value' in p
}
mode = params['openid.mode']
if mode != 'id_res':
# The user declined to sign in at Google
return _fail_login(request, 'could not verify your credentials')
email = values['email']
firstname = values['firstname']
lastname = values['lastname']
handle = params['openid.claimed_id']
# Break apart the handle to find the user's ID
# Assumes there are no other parameters attached to URL in 'openid.claimed_id'
userid = handle.split("?")[-1].split("=")[-1]
association = params['openid.assoc_handle']
# Use the information from Google to retrieve this user's profile,
# or create a new user and profile.
# 1) Try to retrieve this user's profile by openid handle
try:
profile = UserProfile.objects.get(openid_auth_stub__claimed_id=userid)
except UserProfile.DoesNotExist:
# 2) Try to retrieve the user's profile by email address (username)
try:
user = User.objects.get(username=email)
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
# 3) This person has never logged in before
user = User.create_user(email, random_string())
user.first_name = firstname
user.last_name = lastname
user.save()
profile = UserProfile(user=user)
# Save openid information when this user has never used openid before
# This should happen even if the user's profile already exists
profile.openid_auth_stub = OpenidAuthStub(association=association,
claimed_id=userid)
profile.save()
# Store the profile in the session
request.session['profile'] = profile
# Get the user's phone number if they do not have one already registered
if not profile.phone_number:
return HttpResponseRedirect(reverse('google_register'))
profile.user.backend = 'mongoengine.django.auth.MongoEngineBackend'
login(request, profile.user)
return HttpResponseRedirect(reverse('user_landing'))
def google_login_success( request ):
if request.method == 'GET':
params = request.GET
elif request.method == 'POST':
params = request.POST
values = { p.split('.')[-1] : params[p] for p in params.keys() if 'value' in p }
mode = params['openid.mode']
if mode != 'id_res':
# The user declined to sign in at Google
return _fail_login( request, 'could not verify your credentials' )
email = values['email']
firstname = values['firstname']
lastname = values['lastname']
handle = params['openid.claimed_id']
# Break apart the handle to find the user's ID
# Assumes there are no other parameters attached to URL in 'openid.claimed_id'
userid = handle.split("?")[-1].split("=")[-1]
association = params['openid.assoc_handle']
# Use the information from Google to retrieve this user's profile,
# or create a new user and profile.
# 1) Try to retrieve this user's profile by openid handle
try:
profile = UserProfile.objects.get( openid_auth_stub__claimed_id = userid )
except UserProfile.DoesNotExist:
# 2) Try to retrieve the user's profile by email address (username)
try:
user = User.objects.get( username=email )
profile = UserProfile.objects.get( user=user )
except User.DoesNotExist:
# 3) This person has never logged in before
user=User.create_user(email, random_string())
user.first_name = firstname
user.last_name = lastname
user.save()
profile = UserProfile( user=user )
# Save openid information when this user has never used openid before
# This should happen even if the user's profile already exists
profile.openid_auth_stub = OpenidAuthStub(association=association, claimed_id=userid)
profile.save()
# Store the profile in the session
request.session['profile'] = profile
# Get the user's phone number if they do not have one already registered
if not profile.phone_number:
return HttpResponseRedirect( reverse('google_register') )
profile.user.backend = 'mongoengine.django.auth.MongoEngineBackend'
login( request, profile.user )
return HttpResponseRedirect( reverse('user_landing' ) )
def forgot_password(request):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect(reverse('main_page'))
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s' % (_hostname(),
reverse('reset_password'),
reset_string, str(profile.id))
email_body = render_message(
'mongologin/static/emails/forgot_password.txt', locals())
send_email(email_to=user.username,
email_body=email_body,
email_subject="Reset your password")
messages.add_message(
request, messages.SUCCESS,
"An email has been sent to you with instructions on resetting your password."
)
return HttpResponseRedirect(reverse('main_page'))
else:
form = ForgotPasswordForm()
return render_to_response('forgot_password.html',
locals(),
context_instance=RequestContext(request))
def forgot_password( request ):
''' if the user forgot their password
renders ForgotPasswordForm, or processes it if a POST request
'''
if request.method == 'POST':
form = ForgotPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# Does the user in the email field even exist?
try:
user = User.objects.get(username=data['username'])
profile = UserProfile.objects.get(user=user)
except User.DoesNotExist:
return HttpResponseRedirect( reverse('main_page') )
# Ok, they do. Send them an email
reset_string = random_string()
profile.password_reset_stub = reset_string
profile.save()
reset_link = '%s%s?rid=%s&uid=%s'%(
_hostname(),
reverse( 'reset_password' ),
reset_string,
str(profile.id)
)
email_body = render_message(
'mongologin/static/emails/forgot_password.txt',
locals()
)
send_email( email_to=user.username, email_body=email_body, email_subject="Reset your password" )
messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." )
return HttpResponseRedirect( reverse('main_page') )
else:
form = ForgotPasswordForm()
return render_to_response( 'forgot_password.html',
locals(),
context_instance=RequestContext(request) )
