def update_display_settings_backend(
request: HttpRequest, user_profile: UserProfile,
twenty_four_hour_time: Optional[bool]=REQ(validator=check_bool, default=None),
dense_mode: Optional[bool]=REQ(validator=check_bool, default=None),
starred_message_counts: Optional[bool]=REQ(validator=check_bool, default=None),
fluid_layout_width: Optional[bool]=REQ(validator=check_bool, default=None),
high_contrast_mode: Optional[bool]=REQ(validator=check_bool, default=None),
color_scheme: Optional[int]=REQ(validator=check_int_in(
UserProfile.COLOR_SCHEME_CHOICES), default=None),
translate_emoticons: Optional[bool]=REQ(validator=check_bool, default=None),
default_language: Optional[str]=REQ(validator=check_string, default=None),
left_side_userlist: Optional[bool]=REQ(validator=check_bool, default=None),
emojiset: Optional[str]=REQ(validator=check_string_in(
emojiset_choices), default=None),
demote_inactive_streams: Optional[int]=REQ(validator=check_int_in(
UserProfile.DEMOTE_STREAMS_CHOICES), default=None),
timezone: Optional[str]=REQ(validator=check_string_in(all_timezones),
default=None)) -> HttpResponse:
# We can't use REQ for this widget because
# get_available_language_codes requires provisioning to be
# complete.
if (default_language is not None and
default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid default_language"))
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
result: Dict[str, Any] = {}
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
return json_success(result)
def process_zcommands(content: str, user_profile: UserProfile) -> Dict[str, Any]:
if not content.startswith('/'):
raise JsonableError(_('There should be a leading slash in the zcommand.'))
command = content[1:]
if command == 'ping':
ret = dict() # type: Dict[str, Any]
return ret
if command == 'night':
if user_profile.night_mode:
msg = 'You are still in night mode.'
else:
msg = 'Changed to night mode! To revert night mode, type `/day`.'
do_set_user_display_setting(user_profile, 'night_mode', True)
ret = dict(msg=msg)
return ret
if command == 'day':
if user_profile.night_mode:
msg = 'Changed to day mode! To revert day mode, type `/night`.'
do_set_user_display_setting(user_profile, 'night_mode', False)
else:
msg = 'You are still in day mode.'
ret = dict(msg=msg)
return ret
raise JsonableError(_('No such command: %s') % (command,))
def process_zcommands(content: str, user_profile: UserProfile) -> Dict[str, Any]:
command = content.replace('/', '')
if command == 'ping':
ret = dict() # type: Dict[str, Any]
return ret
if command == 'night':
if user_profile.night_mode:
msg = 'You are still in night mode.'
else:
msg = 'Changed to night mode! To revert night mode, type `/day`.'
do_set_user_display_setting(user_profile, 'night_mode', True)
ret = dict(msg=msg)
return ret
if command == 'day':
if user_profile.night_mode:
msg = 'Changed to day mode! To revert day mode, type `/night`.'
do_set_user_display_setting(user_profile, 'night_mode', False)
else:
msg = 'You are still in day mode.'
ret = dict(msg=msg)
return ret
raise JsonableError(_('No such command: %s') % (command,))
def process_zcommands(content: str,
user_profile: UserProfile) -> Dict[str, Any]:
if not content.startswith('/'):
raise JsonableError(
_('There should be a leading slash in the zcommand.'))
command = content[1:]
if command == 'ping':
ret = dict() # type: Dict[str, Any]
return ret
night_commands = ['night', 'dark']
day_commands = ['day', 'light']
if command in night_commands:
if user_profile.night_mode:
msg = 'You are still in night mode.'
else:
msg = 'Changed to night mode! To revert night mode, type `%s`.' % (
content, )
do_set_user_display_setting(user_profile, 'night_mode', True)
ret = dict(msg=msg)
return ret
if command in day_commands:
if user_profile.night_mode:
msg = 'Changed to day mode! To revert day mode, type `%s`.' % (
content, )
do_set_user_display_setting(user_profile, 'night_mode', False)
else:
msg = 'You are still in day mode.'
ret = dict(msg=msg)
return ret
raise JsonableError(_('No such command: %s') % (command, ))
def update_display_settings_backend(
request: HttpRequest, user_profile: UserProfile,
twenty_four_hour_time: Optional[bool]=REQ(validator=check_bool, default=None),
dense_mode: Optional[bool]=REQ(validator=check_bool, default=None),
starred_message_counts: Optional[bool]=REQ(validator=check_bool, default=None),
high_contrast_mode: Optional[bool]=REQ(validator=check_bool, default=None),
night_mode: Optional[bool]=REQ(validator=check_bool, default=None),
translate_emoticons: Optional[bool]=REQ(validator=check_bool, default=None),
default_language: Optional[bool]=REQ(validator=check_string, default=None),
left_side_userlist: Optional[bool]=REQ(validator=check_bool, default=None),
emojiset: Optional[str]=REQ(validator=check_string, default=None),
timezone: Optional[str]=REQ(validator=check_string, default=None)) -> HttpResponse:
if (default_language is not None and
default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid language '%s'" % (default_language,)))
if (timezone is not None and
timezone not in get_all_timezones()):
raise JsonableError(_("Invalid timezone '%s'" % (timezone,)))
if (emojiset is not None and
emojiset not in UserProfile.emojiset_choices()):
raise JsonableError(_("Invalid emojiset '%s'" % (emojiset,)))
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
result = {} # type: Dict[str, Any]
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
return json_success(result)
def update_display_settings_backend(request, user_profile,
twenty_four_hour_time=REQ(validator=check_bool, default=None),
high_contrast_mode=REQ(validator=check_bool, default=None),
default_language=REQ(validator=check_string, default=None),
left_side_userlist=REQ(validator=check_bool, default=None),
emoji_alt_code=REQ(validator=check_bool, default=None),
emojiset=REQ(validator=check_string, default=None),
timezone=REQ(validator=check_string, default=None)):
# type: (HttpRequest, UserProfile, Optional[bool], Optional[bool], Optional[str], Optional[bool], Optional[bool], Optional[Text], Optional[Text]) -> HttpResponse
if (default_language is not None and
default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid language '%s'" % (default_language,)))
if (timezone is not None and
timezone not in get_all_timezones()):
raise JsonableError(_("Invalid timezone '%s'" % (timezone,)))
if (emojiset is not None and
emojiset not in UserProfile.emojiset_choices()):
raise JsonableError(_("Invalid emojiset '%s'" % (emojiset,)))
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
result = {} # type: Dict[str, Any]
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
return json_success(result)
def change_mode_setting(command: str, switch_command: str, setting: str,
setting_value: int) -> str:
msg = 'Changed to {command} mode! To revert ' \
'{command} mode, type `/{switch_command}`.'.format(
command=command,
switch_command=switch_command,
)
do_set_user_display_setting(user_profile=user_profile,
setting_name=setting,
setting_value=setting_value)
return msg
def update_display_settings_backend(
request: HttpRequest,
user_profile: UserProfile,
twenty_four_hour_time: Optional[bool] = REQ(validator=check_bool,
default=None),
dense_mode: Optional[bool] = REQ(validator=check_bool, default=None),
starred_message_counts: Optional[bool] = REQ(validator=check_bool,
default=None),
fluid_layout_width: Optional[bool] = REQ(validator=check_bool,
default=None),
high_contrast_mode: Optional[bool] = REQ(validator=check_bool,
default=None),
night_mode: Optional[bool] = REQ(validator=check_bool, default=None),
translate_emoticons: Optional[bool] = REQ(validator=check_bool,
default=None),
default_language: Optional[bool] = REQ(validator=check_string,
default=None),
left_side_userlist: Optional[bool] = REQ(validator=check_bool,
default=None),
emojiset: Optional[str] = REQ(validator=check_string, default=None),
demote_inactive_streams: Optional[int] = REQ(validator=check_int,
default=None),
timezone: Optional[str] = REQ(validator=check_string, default=None)
) -> HttpResponse:
if (default_language is not None
and default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid language '%s'") % (default_language, ))
if (timezone is not None and timezone not in get_all_timezones()):
raise JsonableError(_("Invalid timezone '%s'") % (timezone, ))
if (emojiset is not None and emojiset not in [
emojiset_choice['key']
for emojiset_choice in UserProfile.emojiset_choices()
]):
raise JsonableError(_("Invalid emojiset '%s'") % (emojiset, ))
if (demote_inactive_streams is not None and demote_inactive_streams
not in UserProfile.DEMOTE_STREAMS_CHOICES):
raise JsonableError(
_("Invalid setting value '%s'") % (demote_inactive_streams, ))
request_settings = {
k: v
for k, v in list(locals().items()) if k in user_profile.property_types
}
result = {} # type: Dict[str, Any]
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
return json_success(result)
def update_display_settings_backend(
request,
user_profile,
twenty_four_hour_time=REQ(validator=check_bool, default=None),
default_language=REQ(validator=check_string, default=None),
left_side_userlist=REQ(validator=check_bool, default=None),
emoji_alt_code=REQ(validator=check_bool, default=None),
timezone=REQ(validator=check_string, default=None)):
# type: (HttpRequest, UserProfile, Optional[bool], Optional[str], Optional[bool], Optional[bool], Optional[Text]) -> HttpResponse
if (default_language is not None
and default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid language '%s'" % (default_language, )))
if (timezone is not None and timezone not in get_all_timezones()):
raise JsonableError(_("Invalid timezone '%s'" % (timezone, )))
result = {} # type: Dict[str, Any]
if (default_language is not None
and user_profile.default_language != default_language):
do_set_user_display_setting(user_profile, "default_language",
default_language)
result['default_language'] = default_language
elif (twenty_four_hour_time is not None
and user_profile.twenty_four_hour_time != twenty_four_hour_time):
do_set_user_display_setting(user_profile, "twenty_four_hour_time",
twenty_four_hour_time)
result['twenty_four_hour_time'] = twenty_four_hour_time
elif (left_side_userlist is not None
and user_profile.left_side_userlist != left_side_userlist):
do_set_user_display_setting(user_profile, "left_side_userlist",
left_side_userlist)
result['left_side_userlist'] = left_side_userlist
elif (emoji_alt_code is not None
and user_profile.emoji_alt_code != emoji_alt_code):
do_set_user_display_setting(user_profile, "emoji_alt_code",
emoji_alt_code)
result['emoji_alt_code'] = emoji_alt_code
elif (timezone is not None and user_profile.timezone != timezone):
do_set_user_display_setting(user_profile, "timezone", timezone)
result['timezone'] = timezone
return json_success(result)
def do_widget_pre_save_actions(message: MutableMapping[str, Any]) -> None:
if not settings.ALLOW_SUB_MESSAGES:
return
# this prevents errors of cyclical imports
from zerver.lib.actions import do_set_user_display_setting
content = message['message'].content
user_profile = message['message'].sender
if content == '/stats':
message['message'].content = 'We are running **1 server**.'
return
if content == '/night':
message['message'].content = 'Changed to night mode! To revert night mode, type `/day`.'
do_set_user_display_setting(user_profile, 'night_mode', True)
return
if content == '/day':
message['message'].content = 'Changed to day mode! To revert day mode, type `/night`.'
do_set_user_display_setting(user_profile, 'night_mode', False)
return
def do_widget_pre_save_actions(message: MutableMapping[str, Any]) -> None:
if not settings.ALLOW_SUB_MESSAGES:
return
# this prevents errors of cyclical imports
from zerver.lib.actions import do_set_user_display_setting
content = message['message'].content
user_profile = message['message'].sender
if content == '/stats':
message['message'].content = 'We are running **1 server**.'
return
if content == '/night':
message['message'].content = 'Changed to night mode! To revert night mode, type `/day`.'
do_set_user_display_setting(user_profile, 'night_mode', True)
return
if content == '/day':
message['message'].content = 'Changed to day mode! To revert day mode, type `/night`.'
do_set_user_display_setting(user_profile, 'night_mode', False)
return
def accounts_register(request: HttpRequest) -> HttpResponse:
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
password_required = prereg_user.password_required
is_realm_admin = prereg_user.invited_as == PreregistrationUser.INVITE_AS[
'REALM_ADMIN'] or realm_creation
is_guest = prereg_user.invited_as == PreregistrationUser.INVITE_AS[
'GUEST_USER']
try:
validators.validate_email(email)
except ValidationError:
return render(request,
"zerver/invalid_email.html",
context={"invalid_email": True})
if realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
else:
if get_subdomain(request) != prereg_user.realm.string_id:
return render_confirmation_key_error(
request,
ConfirmationKeyException(
ConfirmationKeyException.DOES_NOT_EXIST))
realm = prereg_user.realm
try:
email_allowed_for_realm(email, realm)
except DomainNotAllowedForRealmError:
return render(request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"closed_domain": True
})
except DisposableEmailError:
return render(request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"disposable_emails_not_allowed": True
})
except EmailContainsPlusError:
return render(request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"email_contains_plus": True
})
if realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return redirect_to_deactivation_notice()
try:
validate_email_for_realm(realm, email)
except ValidationError:
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
require_ldap_password = False
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
ldap_full_name = None
if settings.POPULATE_PROFILE_VIA_LDAP:
# If the user can be found in LDAP, we'll take the full name from the directory,
# and further down create a form pre-filled with it.
for backend in get_backends():
if isinstance(backend, LDAPBackend):
try:
ldap_username = backend.django_to_ldap_username(email)
except ZulipLDAPExceptionNoMatchingLDAPUser:
logging.warning(
"New account email %s could not be found in LDAP" %
(email, ))
break
# Note that this `ldap_user` object is not a
# `ZulipLDAPUser` with a `Realm` attached, so
# calling `.populate_user()` on it will crash.
# This is OK, since we're just accessing this user
# to extract its name.
#
# TODO: We should potentially be accessing this
# user to sync its initial avatar and custom
# profile fields as well, if we indeed end up
# creating a user account through this flow,
# rather than waiting until `manage.py
# sync_ldap_user_data` runs to populate it.
ldap_user = _LDAPUser(backend, ldap_username)
try:
ldap_full_name, _ = backend.get_mapped_name(ldap_user)
except TypeError:
break
# Check whether this is ZulipLDAPAuthBackend,
# which is responsible for authentication and
# requires that LDAP accounts enter their LDAP
# password to register, or ZulipLDAPUserPopulator,
# which just populates UserProfile fields (no auth).
require_ldap_password = isinstance(backend,
ZulipLDAPAuthBackend)
break
if ldap_full_name:
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name},
realm_creation=realm_creation)
request.session['authenticated_full_name'] = ldap_full_name
name_validated = True
elif realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(initial={
'full_name':
hesiod_name if "@" not in hesiod_name else ""
},
realm_creation=realm_creation)
name_validated = True
elif prereg_user.full_name:
if prereg_user.full_name_validated:
request.session[
'authenticated_full_name'] = prereg_user.full_name
name_validated = True
form = RegistrationForm({'full_name': prereg_user.full_name},
realm_creation=realm_creation)
else:
form = RegistrationForm(
initial={'full_name': prereg_user.full_name},
realm_creation=realm_creation)
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')},
realm_creation=realm_creation)
else:
form = RegistrationForm(realm_creation=realm_creation)
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update(
{'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata, realm_creation=realm_creation)
if not (password_auth_enabled(realm) and password_required):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm) and form['password'].field.required:
password = form.cleaned_data['password']
else:
# If the user wasn't prompted for a password when
# completing the authentication form (because they're
# signing up with SSO and no password is required), set
# the password field to `None` (Which causes Django to
# create an unusable password).
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
realm = do_create_realm(string_id, realm_name)
setup_realm_internal_bots(realm)
assert (realm is not None)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
default_stream_group_names = request.POST.getlist(
'default_stream_group')
default_stream_groups = lookup_default_stream_groups(
default_stream_group_names, realm)
timezone = ""
if 'timezone' in request.POST and request.POST[
'timezone'] in get_all_timezones():
timezone = request.POST['timezone']
if 'source_realm' in request.POST and request.POST[
"source_realm"] != "on":
source_profile = get_source_profile(email,
request.POST["source_realm"])
else:
source_profile = None
if not realm_creation:
try:
existing_user_profile = get_user_by_delivery_email(
email, realm) # type: Optional[UserProfile]
except UserProfile.DoesNotExist:
existing_user_profile = None
else:
existing_user_profile = None
user_profile = None # type: Optional[UserProfile]
return_data = {} # type: Dict[str, bool]
if ldap_auth_enabled(realm):
# If the user was authenticated using an external SSO
# mechanism like Google or GitHub auth, then authentication
# will have already been done before creating the
# PreregistrationUser object with password_required=False, and
# so we don't need to worry about passwords.
#
# If instead the realm is using EmailAuthBackend, we will
# set their password above.
#
# But if the realm is using LDAPAuthBackend, we need to verify
# their LDAP password (which will, as a side effect, create
# the user account) here using authenticate.
# pregeg_user.realm_creation carries the information about whether
# we're in realm creation mode, and the ldap flow will handle
# that and create the user with the appropriate parameters.
user_profile = authenticate(request,
username=email,
password=password,
realm=realm,
prereg_user=prereg_user,
return_data=return_data)
if user_profile is None:
can_use_different_backend = email_auth_enabled(
realm) or any_social_backend_enabled(realm)
if settings.LDAP_APPEND_DOMAIN:
# In LDAP_APPEND_DOMAIN configurations, we don't allow making a non-ldap account
# if the email matches the ldap domain.
can_use_different_backend = can_use_different_backend and (
not email_belongs_to_ldap(realm, email))
if return_data.get(
"no_matching_ldap_user") and can_use_different_backend:
# If both the LDAP and Email or Social auth backends are
# enabled, and there's no matching user in the LDAP
# directory then the intent is to create a user in the
# realm with their email outside the LDAP organization
# (with e.g. a password stored in the Zulip database,
# not LDAP). So we fall through and create the new
# account.
pass
else:
# TODO: This probably isn't going to give a
# user-friendly error message, but it doesn't
# particularly matter, because the registration form
# is hidden for most users.
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') +
'?email=' + urllib.parse.quote_plus(email))
elif not realm_creation:
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, user_profile)
else:
# With realm_creation=True, we're going to return further down,
# after finishing up the creation process.
pass
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name, user_profile)
do_set_user_display_setting(user_profile, 'timezone', timezone)
# TODO: When we clean up the `do_activate_user` code path,
# make it respect invited_as_admin / is_realm_admin.
if user_profile is None:
user_profile = do_create_user(
email,
password,
realm,
full_name,
short_name,
prereg_user=prereg_user,
is_realm_admin=is_realm_admin,
is_guest=is_guest,
tos_version=settings.TOS_VERSION,
timezone=timezone,
newsletter_data={"IP": request.META['REMOTE_ADDR']},
default_stream_groups=default_stream_groups,
source_profile=source_profile,
realm_creation=realm_creation)
if realm_creation:
bulk_add_subscriptions([realm.signup_notifications_stream],
[user_profile])
send_initial_realm_messages(realm)
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
auth_result = authenticate(username=user_profile.delivery_email,
realm=realm,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain,
user_profile.delivery_email,
))
return redirect('/')
return login_and_go_to_home(request, auth_result)
return render(
request,
'zerver/register.html',
context={
'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'password_required': password_auth_enabled(realm)
and password_required,
'require_ldap_password': require_ldap_password,
'password_auth_enabled': password_auth_enabled(realm),
'root_domain_available': is_root_domain_available(),
'default_stream_groups': get_default_stream_groups(realm),
'accounts': get_accounts_for_email(email),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
})
def accounts_register(request):
# type: (HttpRequest) -> HttpResponse
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
password_required = prereg_user.password_required
validators.validate_email(email)
if prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm
elif realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
else:
realm = get_realm(get_subdomain(request))
if realm and not email_allowed_for_realm(email, realm):
return render(request,
"zerver/closed_realm.html",
context={"closed_domain_name": realm.name})
if realm and realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return redirect_to_deactivation_notice()
try:
validate_email_for_realm(realm, email)
except ValidationError:
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(initial={
'full_name':
hesiod_name if "@" not in hesiod_name else ""
},
realm_creation=realm_creation)
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
ldap_attrs = _LDAPUser(
backend, backend.django_to_ldap_username(email)).attrs
try:
ldap_full_name = ldap_attrs[
settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session[
'authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name},
realm_creation=realm_creation)
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm(realm_creation=realm_creation)
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')},
realm_creation=realm_creation)
else:
form = RegistrationForm(realm_creation=realm_creation)
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update(
{'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata, realm_creation=realm_creation)
if not (password_auth_enabled(realm) and password_required):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
realm = do_create_realm(string_id, realm_name)
setup_initial_streams(realm)
assert (realm is not None)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
default_stream_group_names = request.POST.getlist(
'default_stream_group')
default_stream_groups = lookup_default_stream_groups(
default_stream_group_names, realm)
timezone = u""
if 'timezone' in request.POST and request.POST[
'timezone'] in get_all_timezones():
timezone = request.POST['timezone']
try:
existing_user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
existing_user_profile = None
return_data = {} # type: Dict[str, bool]
if ldap_auth_enabled(realm):
# If the user was authenticated using an external SSO
# mechanism like Google or GitHub auth, then authentication
# will have already been done before creating the
# PreregistrationUser object with password_required=False, and
# so we don't need to worry about passwords.
#
# If instead the realm is using EmailAuthBackend, we will
# set their password above.
#
# But if the realm is using LDAPAuthBackend, we need to verify
# their LDAP password (which will, as a side effect, create
# the user account) here using authenticate.
auth_result = authenticate(request,
username=email,
password=password,
realm_subdomain=realm.subdomain,
return_data=return_data)
if auth_result is None:
# TODO: This probably isn't going to give a
# user-friendly error message, but it doesn't
# particularly matter, because the registration form
# is hidden for most users.
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, auth_result)
elif existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name, user_profile)
do_set_user_display_setting(user_profile, 'timezone', timezone)
else:
user_profile = do_create_user(
email,
password,
realm,
full_name,
short_name,
prereg_user=prereg_user,
is_realm_admin=realm_creation,
tos_version=settings.TOS_VERSION,
timezone=timezone,
newsletter_data={"IP": request.META['REMOTE_ADDR']},
default_stream_groups=default_stream_groups)
if realm_creation:
setup_initial_private_stream(user_profile)
send_initial_realm_messages(realm)
if realm_creation:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
auth_result = authenticate(username=user_profile.email,
realm_subdomain=realm.subdomain,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain,
user_profile.email,
))
return redirect('/')
return login_and_go_to_home(request, auth_result)
return render(
request,
'zerver/register.html',
context={
'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'password_required': password_auth_enabled(realm)
and password_required,
'password_auth_enabled': password_auth_enabled(realm),
'root_domain_available': is_root_domain_available(),
'default_stream_groups': get_default_stream_groups(realm),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
})
def accounts_register(request):
# type: (HttpRequest) -> HttpResponse
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
try:
existing_user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
existing_user_profile = None
validators.validate_email(email)
# If OPEN_REALM_CREATION is enabled all user sign ups should go through the
# special URL with domain name so that REALM can be identified if multiple realms exist
unique_open_realm = get_unique_open_realm()
if unique_open_realm is not None:
realm = unique_open_realm # type: Optional[Realm]
elif prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm
elif prereg_user.realm:
# You have a realm set, even though nobody referred you. This
# happens if you sign up through a special URL for an open realm.
realm = prereg_user.realm
elif realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
elif settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm(get_subdomain(request))
else:
realm = get_realm_by_email_domain(email)
if realm and not email_allowed_for_realm(email, realm):
return render(request,
"zerver/closed_realm.html",
context={"closed_domain_name": realm.name})
if realm and realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return render(request,
"zerver/deactivated.html",
context={"deactivated_domain_name": realm.name})
try:
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
# Mirror dummy users to be activated must be inactive
is_inactive(email)
else:
# Other users should not already exist at all.
user_email_is_unique(email)
except ValidationError:
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(initial={
'full_name':
hesiod_name if "@" not in hesiod_name else ""
},
realm_creation=realm_creation)
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
ldap_attrs = _LDAPUser(
backend, backend.django_to_ldap_username(email)).attrs
try:
ldap_full_name = ldap_attrs[
settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session[
'authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name},
realm_creation=realm_creation)
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm(realm_creation=realm_creation)
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')},
realm_creation=realm_creation)
else:
form = RegistrationForm(realm_creation=realm_creation)
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update(
{'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata, realm_creation=realm_creation)
if not password_auth_enabled(realm):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
org_type = int(form.cleaned_data['realm_org_type'])
realm = do_create_realm(string_id, realm_name,
org_type=org_type)[0]
stream_info = settings.DEFAULT_NEW_REALM_STREAMS
create_streams_with_welcome_messages(realm, stream_info)
set_default_streams(realm, stream_info)
assert (realm is not None)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
first_in_realm = len(
UserProfile.objects.filter(realm=realm, is_bot=False)) == 0
timezone = u""
if 'timezone' in request.POST and request.POST[
'timezone'] in get_all_timezones():
timezone = request.POST['timezone']
# FIXME: sanitize email addresses and fullname
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name, user_profile)
do_set_user_display_setting(user_profile, 'timezone', timezone)
else:
user_profile = do_create_user(
email,
password,
realm,
full_name,
short_name,
prereg_user=prereg_user,
tos_version=settings.TOS_VERSION,
timezone=timezone,
newsletter_data={"IP": request.META['REMOTE_ADDR']})
if first_in_realm:
do_change_is_admin(user_profile, True)
send_initial_pms(user_profile)
if realm_creation and settings.REALMS_HAVE_SUBDOMAINS:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
return_data = {} # type: Dict[str, bool]
auth_result = authenticate(username=user_profile.email,
realm_subdomain=realm.subdomain,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain,
user_profile.email,
))
return redirect('/')
login(request, auth_result)
return HttpResponseRedirect(realm.uri +
reverse('zerver.views.home.home'))
return render(
request,
'zerver/register.html',
context={
'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'password_auth_enabled': password_auth_enabled(realm),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
})
def accounts_register(request: HttpRequest) -> HttpResponse:
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
password_required = prereg_user.password_required
is_realm_admin = prereg_user.invited_as_admin or realm_creation
try:
validators.validate_email(email)
except ValidationError:
return render(request, "zerver/invalid_email.html", context={"invalid_email": True})
if realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
else:
realm = get_realm(get_subdomain(request))
if realm is None or realm != prereg_user.realm:
return render_confirmation_key_error(
request, ConfirmationKeyException(ConfirmationKeyException.DOES_NOT_EXIST))
try:
email_allowed_for_realm(email, realm)
except DomainNotAllowedForRealmError:
return render(request, "zerver/invalid_email.html",
context={"realm_name": realm.name, "closed_domain": True})
except DisposableEmailError:
return render(request, "zerver/invalid_email.html",
context={"realm_name": realm.name, "disposable_emails_not_allowed": True})
except EmailContainsPlusError:
return render(request, "zerver/invalid_email.html",
context={"realm_name": realm.name, "email_contains_plus": True})
if realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return redirect_to_deactivation_notice()
try:
validate_email_for_realm(realm, email)
except ValidationError: # nocoverage # We need to add a test for this.
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(
initial={'full_name': hesiod_name if "@" not in hesiod_name else ""},
realm_creation=realm_creation)
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
try:
ldap_username = backend.django_to_ldap_username(email)
except ZulipLDAPException:
logging.warning("New account email %s could not be found in LDAP" % (email,))
form = RegistrationForm(realm_creation=realm_creation)
break
ldap_attrs = _LDAPUser(backend, ldap_username).attrs
try:
ldap_full_name = ldap_attrs[settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session['authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name},
realm_creation=realm_creation)
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm(realm_creation=realm_creation)
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')},
realm_creation=realm_creation
)
else:
form = RegistrationForm(realm_creation=realm_creation)
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update({'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata, realm_creation=realm_creation)
if not (password_auth_enabled(realm) and password_required):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
realm = do_create_realm(string_id, realm_name)
setup_initial_streams(realm)
setup_realm_internal_bots(realm)
assert(realm is not None)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
default_stream_group_names = request.POST.getlist('default_stream_group')
default_stream_groups = lookup_default_stream_groups(default_stream_group_names, realm)
timezone = ""
if 'timezone' in request.POST and request.POST['timezone'] in get_all_timezones():
timezone = request.POST['timezone']
if 'source_realm' in request.POST and request.POST["source_realm"] != "on":
source_profile = get_source_profile(email, request.POST["source_realm"])
else:
source_profile = None
if not realm_creation:
try:
existing_user_profile = get_user(email, realm) # type: Optional[UserProfile]
except UserProfile.DoesNotExist:
existing_user_profile = None
else:
existing_user_profile = None
return_data = {} # type: Dict[str, bool]
if ldap_auth_enabled(realm):
# If the user was authenticated using an external SSO
# mechanism like Google or GitHub auth, then authentication
# will have already been done before creating the
# PreregistrationUser object with password_required=False, and
# so we don't need to worry about passwords.
#
# If instead the realm is using EmailAuthBackend, we will
# set their password above.
#
# But if the realm is using LDAPAuthBackend, we need to verify
# their LDAP password (which will, as a side effect, create
# the user account) here using authenticate.
auth_result = authenticate(request,
username=email,
password=password,
realm=realm,
return_data=return_data)
if auth_result is not None:
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, auth_result)
if return_data.get("outside_ldap_domain") and email_auth_enabled(realm):
# If both the LDAP and Email auth backends are
# enabled, and the user's email is outside the LDAP
# domain, then the intent is to create a user in the
# realm with their email outside the LDAP organization
# (with e.g. a password stored in the Zulip database,
# not LDAP). So we fall through and create the new
# account.
#
# It's likely that we can extend this block to the
# Google and GitHub auth backends with no code changes
# other than here.
pass
else:
# TODO: This probably isn't going to give a
# user-friendly error message, but it doesn't
# particularly matter, because the registration form
# is hidden for most users.
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name, user_profile)
do_set_user_display_setting(user_profile, 'timezone', timezone)
# TODO: When we clean up the `do_activate_user` code path,
# make it respect invited_as_admin / is_realm_admin.
else:
user_profile = do_create_user(email, password, realm, full_name, short_name,
prereg_user=prereg_user, is_realm_admin=is_realm_admin,
tos_version=settings.TOS_VERSION,
timezone=timezone,
newsletter_data={"IP": request.META['REMOTE_ADDR']},
default_stream_groups=default_stream_groups,
source_profile=source_profile)
if realm_creation:
bulk_add_subscriptions([realm.signup_notifications_stream], [user_profile])
send_initial_realm_messages(realm)
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
auth_result = authenticate(username=user_profile.email,
realm=realm,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain, user_profile.email,))
return redirect('/')
return login_and_go_to_home(request, auth_result)
return render(
request,
'zerver/register.html',
context={'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'password_required': password_auth_enabled(realm) and password_required,
'password_auth_enabled': password_auth_enabled(realm),
'root_domain_available': is_root_domain_available(),
'default_stream_groups': get_default_stream_groups(realm),
'accounts': get_accounts_for_email(email),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
}
)
def json_change_settings(
request: HttpRequest,
user_profile: UserProfile,
full_name: str = REQ(default=""),
email: str = REQ(default=""),
old_password: str = REQ(default=""),
new_password: str = REQ(default=""),
twenty_four_hour_time: Optional[bool] = REQ(json_validator=check_bool,
default=None),
dense_mode: Optional[bool] = REQ(json_validator=check_bool, default=None),
starred_message_counts: Optional[bool] = REQ(json_validator=check_bool,
default=None),
fluid_layout_width: Optional[bool] = REQ(json_validator=check_bool,
default=None),
high_contrast_mode: Optional[bool] = REQ(json_validator=check_bool,
default=None),
color_scheme: Optional[int] = REQ(json_validator=check_int_in(
UserProfile.COLOR_SCHEME_CHOICES),
default=None),
translate_emoticons: Optional[bool] = REQ(json_validator=check_bool,
default=None),
default_language: Optional[str] = REQ(default=None),
default_view: Optional[str] = REQ(
str_validator=check_string_in(default_view_options), default=None),
left_side_userlist: Optional[bool] = REQ(json_validator=check_bool,
default=None),
emojiset: Optional[str] = REQ(
str_validator=check_string_in(emojiset_choices), default=None),
demote_inactive_streams: Optional[int] = REQ(json_validator=check_int_in(
UserProfile.DEMOTE_STREAMS_CHOICES),
default=None),
timezone: Optional[str] = REQ(str_validator=check_string_in(
pytz.all_timezones_set),
default=None),
email_notifications_batching_period_seconds: Optional[int] = REQ(
json_validator=check_int, default=None),
enable_stream_desktop_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_stream_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_stream_push_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_stream_audible_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
wildcard_mentions_notify: Optional[bool] = REQ(json_validator=check_bool,
default=None),
notification_sound: Optional[str] = REQ(default=None),
enable_desktop_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_sounds: Optional[bool] = REQ(json_validator=check_bool,
default=None),
enable_offline_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_offline_push_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_online_push_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
enable_digest_emails: Optional[bool] = REQ(json_validator=check_bool,
default=None),
enable_login_emails: Optional[bool] = REQ(json_validator=check_bool,
default=None),
enable_marketing_emails: Optional[bool] = REQ(json_validator=check_bool,
default=None),
message_content_in_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
pm_content_in_desktop_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
desktop_icon_count_display: Optional[int] = REQ(json_validator=check_int,
default=None),
realm_name_in_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None),
presence_enabled: Optional[bool] = REQ(json_validator=check_bool,
default=None),
enter_sends: Optional[bool] = REQ(json_validator=check_bool, default=None),
) -> HttpResponse:
# We can't use REQ for this widget because
# get_available_language_codes requires provisioning to be
# complete.
if default_language is not None and default_language not in get_available_language_codes(
):
raise JsonableError(_("Invalid default_language"))
if (notification_sound is not None
and notification_sound not in get_available_notification_sounds()
and notification_sound != "none"):
raise JsonableError(
_("Invalid notification sound '{}'").format(notification_sound))
if email_notifications_batching_period_seconds is not None and (
email_notifications_batching_period_seconds <= 0
or email_notifications_batching_period_seconds > 7 * 24 * 60 * 60):
# We set a limit of one week for the batching period
raise JsonableError(
_("Invalid email batching period: {} seconds").format(
email_notifications_batching_period_seconds))
if new_password != "":
return_data: Dict[str, Any] = {}
if email_belongs_to_ldap(user_profile.realm,
user_profile.delivery_email):
raise JsonableError(_("Your Zulip password is managed in LDAP"))
try:
if not authenticate(
request,
username=user_profile.delivery_email,
password=old_password,
realm=user_profile.realm,
return_data=return_data,
):
raise JsonableError(_("Wrong password!"))
except RateLimited as e:
assert e.secs_to_freedom is not None
secs_to_freedom = int(e.secs_to_freedom)
raise JsonableError(
_("You're making too many attempts! Try again in {} seconds.").
format(secs_to_freedom), )
if not check_password_strength(new_password):
raise JsonableError(_("New password is too weak!"))
do_change_password(user_profile, new_password)
# In Django 1.10, password changes invalidates sessions, see
# https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change
# for details. To avoid this logging the user out of their own
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
result: Dict[str, Any] = {}
new_email = email.strip()
if user_profile.delivery_email != new_email and new_email != "":
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
raise JsonableError(
_("Email address changes are disabled in this organization."))
error = validate_email_is_valid(
new_email,
get_realm_email_validator(user_profile.realm),
)
if error:
raise JsonableError(error)
try:
validate_email_not_already_in_realm(
user_profile.realm,
new_email,
verbose=False,
)
except ValidationError as e:
raise JsonableError(e.message)
do_start_email_change_process(user_profile, new_email)
if user_profile.full_name != full_name and full_name.strip() != "":
if name_changes_disabled(
user_profile.realm) and not user_profile.is_realm_admin:
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
# Note that check_change_full_name strips the passed name automatically
check_change_full_name(user_profile, full_name, user_profile)
# Loop over user_profile.property_types
request_settings = {
k: v
for k, v in list(locals().items()) if k in user_profile.property_types
}
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
req_vars = {
k: v
for k, v in list(locals().items())
if k in user_profile.notification_setting_types
}
for k, v in list(req_vars.items()):
if v is not None and getattr(user_profile, k) != v:
do_change_notification_settings(user_profile,
k,
v,
acting_user=user_profile)
if timezone is not None and user_profile.timezone != timezone:
do_set_user_display_setting(user_profile, "timezone", timezone)
# TODO: Do this more generally.
from zerver.lib.request import get_request_notes
request_notes = get_request_notes(request)
for req_var in request.POST:
if req_var not in request_notes.processed_parameters:
request_notes.ignored_parameters.add(req_var)
if len(request_notes.ignored_parameters) > 0:
result["ignored_parameters_unsupported"] = list(
request_notes.ignored_parameters)
return json_success(result)
def accounts_register(
request: HttpRequest,
key: str = REQ(default=""),
timezone: str = REQ(default="", converter=to_timezone_or_empty),
from_confirmation: Optional[str] = REQ(default=None),
form_full_name: Optional[str] = REQ("full_name", default=None),
source_realm_id: Optional[int] = REQ(default=None,
converter=to_converted_or_fallback(
to_non_negative_int, None)),
) -> HttpResponse:
try:
confirmation = Confirmation.objects.get(confirmation_key=key)
except Confirmation.DoesNotExist:
return render(request,
"zerver/confirmation_link_expired_error.html",
status=404)
prereg_user = confirmation.content_object
assert prereg_user is not None
if prereg_user.status == confirmation_settings.STATUS_REVOKED:
return render(request,
"zerver/confirmation_link_expired_error.html",
status=404)
email = prereg_user.email
realm_creation = prereg_user.realm_creation
password_required = prereg_user.password_required
role = prereg_user.invited_as
if realm_creation:
role = UserProfile.ROLE_REALM_OWNER
try:
validators.validate_email(email)
except ValidationError:
return render(request,
"zerver/invalid_email.html",
context={"invalid_email": True})
if realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
else:
if get_subdomain(request) != prereg_user.realm.string_id:
return render_confirmation_key_error(
request,
ConfirmationKeyException(
ConfirmationKeyException.DOES_NOT_EXIST))
realm = prereg_user.realm
try:
email_allowed_for_realm(email, realm)
except DomainNotAllowedForRealmError:
return render(
request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"closed_domain": True
},
)
except DisposableEmailError:
return render(
request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"disposable_emails_not_allowed": True
},
)
except EmailContainsPlusError:
return render(
request,
"zerver/invalid_email.html",
context={
"realm_name": realm.name,
"email_contains_plus": True
},
)
if realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return redirect_to_deactivation_notice()
try:
validate_email_not_already_in_realm(realm, email)
except ValidationError:
return redirect_to_email_login_url(email)
if settings.BILLING_ENABLED:
try:
check_spare_licenses_available_for_registering_new_user(
realm, email)
except LicenseLimitError:
return render(request, "zerver/no_spare_licenses.html")
name_validated = False
require_ldap_password = False
if from_confirmation:
try:
del request.session["authenticated_full_name"]
except KeyError:
pass
ldap_full_name = None
if settings.POPULATE_PROFILE_VIA_LDAP:
# If the user can be found in LDAP, we'll take the full name from the directory,
# and further down create a form pre-filled with it.
for backend in get_backends():
if isinstance(backend, LDAPBackend):
try:
ldap_username = backend.django_to_ldap_username(email)
except ZulipLDAPExceptionNoMatchingLDAPUser:
logging.warning(
"New account email %s could not be found in LDAP",
email)
break
# Note that this `ldap_user` object is not a
# `ZulipLDAPUser` with a `Realm` attached, so
# calling `.populate_user()` on it will crash.
# This is OK, since we're just accessing this user
# to extract its name.
#
# TODO: We should potentially be accessing this
# user to sync its initial avatar and custom
# profile fields as well, if we indeed end up
# creating a user account through this flow,
# rather than waiting until `manage.py
# sync_ldap_user_data` runs to populate it.
ldap_user = _LDAPUser(backend, ldap_username)
try:
ldap_full_name = backend.get_mapped_name(ldap_user)
except TypeError:
break
# Check whether this is ZulipLDAPAuthBackend,
# which is responsible for authentication and
# requires that LDAP accounts enter their LDAP
# password to register, or ZulipLDAPUserPopulator,
# which just populates UserProfile fields (no auth).
require_ldap_password = isinstance(backend,
ZulipLDAPAuthBackend)
break
if ldap_full_name:
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({"full_name": ldap_full_name},
realm_creation=realm_creation)
request.session["authenticated_full_name"] = ldap_full_name
name_validated = True
elif realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(
initial={
"full_name": hesiod_name if "@" not in hesiod_name else ""
},
realm_creation=realm_creation,
)
name_validated = True
elif prereg_user.full_name:
if prereg_user.full_name_validated:
request.session[
"authenticated_full_name"] = prereg_user.full_name
name_validated = True
form = RegistrationForm({"full_name": prereg_user.full_name},
realm_creation=realm_creation)
else:
form = RegistrationForm(
initial={"full_name": prereg_user.full_name},
realm_creation=realm_creation)
elif form_full_name is not None:
form = RegistrationForm(
initial={"full_name": form_full_name},
realm_creation=realm_creation,
)
else:
form = RegistrationForm(realm_creation=realm_creation)
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update(
full_name=request.session["authenticated_full_name"])
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata, realm_creation=realm_creation)
if not (password_auth_enabled(realm) and password_required):
form["password"].field.required = False
if form.is_valid():
if password_auth_enabled(realm) and form["password"].field.required:
password = form.cleaned_data["password"]
else:
# If the user wasn't prompted for a password when
# completing the authentication form (because they're
# signing up with SSO and no password is required), set
# the password field to `None` (Which causes Django to
# create an unusable password).
password = None
if realm_creation:
string_id = form.cleaned_data["realm_subdomain"]
realm_name = form.cleaned_data["realm_name"]
realm_type = form.cleaned_data["realm_type"]
is_demo_org = form.cleaned_data["is_demo_organization"]
realm = do_create_realm(string_id,
realm_name,
org_type=realm_type,
is_demo_organization=is_demo_org)
setup_realm_internal_bots(realm)
assert realm is not None
full_name = form.cleaned_data["full_name"]
enable_marketing_emails = form.cleaned_data["enable_marketing_emails"]
default_stream_group_names = request.POST.getlist(
"default_stream_group")
default_stream_groups = lookup_default_stream_groups(
default_stream_group_names, realm)
if source_realm_id is not None:
# Non-integer realm_id values like "string" are treated
# like the "Do not import" value of "".
source_profile: Optional[UserProfile] = get_source_profile(
email, source_realm_id)
else:
source_profile = None
if not realm_creation:
try:
existing_user_profile: Optional[
UserProfile] = get_user_by_delivery_email(email, realm)
except UserProfile.DoesNotExist:
existing_user_profile = None
else:
existing_user_profile = None
user_profile: Optional[UserProfile] = None
return_data: Dict[str, bool] = {}
if ldap_auth_enabled(realm):
# If the user was authenticated using an external SSO
# mechanism like Google or GitHub auth, then authentication
# will have already been done before creating the
# PreregistrationUser object with password_required=False, and
# so we don't need to worry about passwords.
#
# If instead the realm is using EmailAuthBackend, we will
# set their password above.
#
# But if the realm is using LDAPAuthBackend, we need to verify
# their LDAP password (which will, as a side effect, create
# the user account) here using authenticate.
# pregeg_user.realm_creation carries the information about whether
# we're in realm creation mode, and the ldap flow will handle
# that and create the user with the appropriate parameters.
user_profile = authenticate(
request=request,
username=email,
password=password,
realm=realm,
prereg_user=prereg_user,
return_data=return_data,
)
if user_profile is None:
can_use_different_backend = email_auth_enabled(realm) or (len(
get_external_method_dicts(realm)) > 0)
if settings.LDAP_APPEND_DOMAIN:
# In LDAP_APPEND_DOMAIN configurations, we don't allow making a non-LDAP account
# if the email matches the ldap domain.
can_use_different_backend = can_use_different_backend and (
not email_belongs_to_ldap(realm, email))
if return_data.get(
"no_matching_ldap_user") and can_use_different_backend:
# If both the LDAP and Email or Social auth backends are
# enabled, and there's no matching user in the LDAP
# directory then the intent is to create a user in the
# realm with their email outside the LDAP organization
# (with e.g. a password stored in the Zulip database,
# not LDAP). So we fall through and create the new
# account.
pass
else:
# TODO: This probably isn't going to give a
# user-friendly error message, but it doesn't
# particularly matter, because the registration form
# is hidden for most users.
view_url = reverse("login")
query = urlencode({"email": email})
redirect_url = add_query_to_redirect_url(view_url, query)
return HttpResponseRedirect(redirect_url)
elif not realm_creation:
# Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, user_profile)
else:
# With realm_creation=True, we're going to return further down,
# after finishing up the creation process.
pass
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_mirror_dummy_user(user_profile,
acting_user=user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name, user_profile)
do_set_user_display_setting(user_profile, "timezone", timezone)
# TODO: When we clean up the `do_activate_mirror_dummy_user` code path,
# make it respect invited_as_admin / is_realm_admin.
if user_profile is None:
user_profile = do_create_user(
email,
password,
realm,
full_name,
prereg_user=prereg_user,
role=role,
tos_version=settings.TOS_VERSION,
timezone=timezone,
default_stream_groups=default_stream_groups,
source_profile=source_profile,
realm_creation=realm_creation,
acting_user=None,
enable_marketing_emails=enable_marketing_emails,
)
if realm_creation:
bulk_add_subscriptions(realm, [realm.signup_notifications_stream],
[user_profile],
acting_user=None)
send_initial_realm_messages(realm)
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(
ExternalAuthResult(user_profile=user_profile,
data_dict={"is_realm_creation": True}))
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
auth_result = authenticate(
username=user_profile.delivery_email,
realm=realm,
return_data=return_data,
use_dummy_backend=True,
)
if return_data.get("invalid_subdomain"):
# By construction, this should never happen.
logging.error(
"Subdomain mismatch in registration %s: %s",
realm.subdomain,
user_profile.delivery_email,
)
return redirect("/")
return login_and_go_to_home(request, auth_result)
return render(
request,
"zerver/register.html",
context={
"form":
form,
"email":
email,
"key":
key,
"full_name":
request.session.get("authenticated_full_name", None),
"lock_name":
name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
"creating_new_team":
realm_creation,
"password_required":
password_auth_enabled(realm) and password_required,
"require_ldap_password":
require_ldap_password,
"password_auth_enabled":
password_auth_enabled(realm),
"root_domain_available":
is_root_domain_available(),
"default_stream_groups":
[] if realm is None else get_default_stream_groups(realm),
"accounts":
get_accounts_for_email(email),
"MAX_REALM_NAME_LENGTH":
str(Realm.MAX_REALM_NAME_LENGTH),
"MAX_NAME_LENGTH":
str(UserProfile.MAX_NAME_LENGTH),
"MAX_PASSWORD_LENGTH":
str(form.MAX_PASSWORD_LENGTH),
"MAX_REALM_SUBDOMAIN_LENGTH":
str(Realm.MAX_REALM_SUBDOMAIN_LENGTH),
"sorted_realm_types":
sorted(Realm.ORG_TYPES.values(), key=lambda d: d["display_order"]),
},
)
def accounts_register(request):
# type: (HttpRequest) -> HttpResponse
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
try:
existing_user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
existing_user_profile = None
validators.validate_email(email)
# If OPEN_REALM_CREATION is enabled all user sign ups should go through the
# special URL with domain name so that REALM can be identified if multiple realms exist
unique_open_realm = get_unique_open_realm()
if unique_open_realm is not None:
realm = unique_open_realm
elif prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm
elif prereg_user.realm:
# You have a realm set, even though nobody referred you. This
# happens if you sign up through a special URL for an open realm.
realm = prereg_user.realm
elif realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
elif settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm(get_subdomain(request))
else:
realm = get_realm_by_email_domain(email)
if realm and not email_allowed_for_realm(email, realm):
return render(request, "zerver/closed_realm.html",
context={"closed_domain_name": realm.name})
if realm and realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return render(request, "zerver/deactivated.html",
context={"deactivated_domain_name": realm.name,
"zulip_administrator": settings.ZULIP_ADMINISTRATOR})
try:
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
# Mirror dummy users to be activated must be inactive
is_inactive(email)
else:
# Other users should not already exist at all.
user_email_is_unique(email)
except ValidationError:
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(
initial={'full_name': hesiod_name if "@" not in hesiod_name else ""})
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs
try:
ldap_full_name = ldap_attrs[settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session['authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name})
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm()
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')}
)
else:
form = RegistrationForm()
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update({'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata)
if not password_auth_enabled(realm):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
org_type = int(form.cleaned_data['realm_org_type'])
realm = do_create_realm(string_id, realm_name, org_type=org_type)[0]
stream_info = settings.DEFAULT_NEW_REALM_STREAMS
create_streams_with_welcome_messages(realm, stream_info)
set_default_streams(realm, stream_info)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
first_in_realm = len(UserProfile.objects.filter(realm=realm, is_bot=False)) == 0
timezone = u""
if 'timezone' in request.POST and request.POST['timezone'] in get_all_timezones():
timezone = request.POST['timezone']
# FIXME: sanitize email addresses and fullname
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name)
do_set_user_display_setting(user_profile, 'timezone', timezone)
else:
user_profile = do_create_user(email, password, realm, full_name, short_name,
prereg_user=prereg_user,
tos_version=settings.TOS_VERSION,
timezone=timezone,
newsletter_data={"IP": request.META['REMOTE_ADDR']})
if first_in_realm:
do_change_is_admin(user_profile, True)
if realm_creation and settings.REALMS_HAVE_SUBDOMAINS:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
return_data = {} # type: Dict[str, bool]
auth_result = authenticate(username=user_profile.email,
realm_subdomain=realm.subdomain,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain, user_profile.email,))
return redirect('/')
login(request, auth_result)
return HttpResponseRedirect(realm.uri + reverse('zerver.views.home.home'))
return render(
request,
'zerver/register.html',
context={'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'password_auth_enabled': password_auth_enabled(realm),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
}
)
