def go(request, user_id, secret, url):
if request.user.is_authenticated():
if request.user.id != int(user_id):
messages.add_message(request, messages.INFO,
_('You are logged in with a different user account. Please logout first before using this link.'))
else:
user = get_object_or_404(auth.models.User, pk=int(user_id))
if not user.is_active:
messages.add_message(request, messages.ERROR,
_('Your account is not active.'))
raise Http404
account_manager = AccountManager(user)
if account_manager.check_autologin_secret(secret):
login_user(request, user)
return HttpResponseRedirect(url)
def test_confirmation_process(self):
user, password = AccountManager.create_user(first_name="Stefan",
last_name="Wehrmeyer", user_email="*****@*****.**", private=True)
AccountManager(user).send_confirmation_mail(password=password)
self.assertEqual(len(mail.outbox), 1)
message = mail.outbox[0]
match = re.search('/%d/(\w+)/' % user.pk, message.body)
response = self.client.get(reverse('account-confirm',
kwargs={'user_id': user.pk,
'secret': match.group(1)}))
self.assertEqual(response.status_code, 302)
self.assertNotEqual(response['Location'], reverse('account-login'))
def confirm(request, user_id, secret, request_id=None):
if request.user.is_authenticated():
messages.add_message(request, messages.ERROR,
_('You are logged in and cannot use a confirmation link.'))
return HttpResponseRedirect(reverse('account-show'))
user = get_object_or_404(auth.models.User, pk=int(user_id))
if user.is_active:
raise Http404
account_manager = AccountManager(user)
if account_manager.confirm_account(secret, request_id):
messages.add_message(request, messages.WARNING,
_('Your email address is now confirmed and you are logged in. You should change your password now by filling out the form below.'))
login_user(request, user)
if request_id is not None:
foirequest = FoiRequest.confirmed_request(user, request_id)
if foirequest:
messages.add_message(request, messages.SUCCESS,
_('Your request "%s" has now been sent') % foirequest.title)
return HttpResponseRedirect(reverse('account-show') + "?new#change-password-now")
else:
messages.add_message(request, messages.ERROR,
_('You can only use the confirmation link once, please login with your password.'))
return HttpResponseRedirect(reverse('account-login'))
def signup(request):
if request.user.is_authenticated():
messages.add_message(request, messages.ERROR,
_('You are currently logged in, you cannot signup.'))
return HttpResponseRedirect("/")
form = UserLoginForm()
signup_form = NewUserForm(request.POST)
if signup_form.is_valid():
user, password = AccountManager.create_user(**signup_form.cleaned_data)
AccountManager(user).send_confirmation_mail(password=password)
messages.add_message(request, messages.SUCCESS,
_('Please check your emails for a mail from us with a confirmation link.'))
return HttpResponseRedirect("/")
return render(request, 'account/login.html',
{"form": form,
"signup_form": signup_form,
"custom_base": "base.html",
"simple": False}, status=400)
def test_confirmation_process(self):
self.client.logout()
user, password = AccountManager.create_user(first_name=u"Stefan",
last_name=u"Wehrmeyer", user_email="*****@*****.**",
address=u"SomeRandomAddress\n11234 Bern", private=True)
AccountManager(user).send_confirmation_mail(password=password)
self.assertEqual(len(mail.outbox), 1)
message = mail.outbox[0]
match = re.search('/%d/(\w+)/' % user.pk, message.body)
response = self.client.get(reverse('account-confirm',
kwargs={'user_id': user.pk,
'secret': match.group(1)}))
self.assertEqual(response.status_code, 302)
self.assertIn(reverse('account-show'), response['Location'])
response = self.client.get(response['Location'])
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse('account-show'))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse('account-confirm',
kwargs={'user_id': user.pk,
'secret': 'a' * 32}))
self.assertEqual(response.status_code, 302)
self.client.logout()
response = self.client.get(reverse('account-confirm',
kwargs={'user_id': user.pk,
'secret': match.group(1)}))
# user is already active, link does not exist
self.assertEqual(response.status_code, 404)
# deactivate user
user = User.objects.get(pk=user.pk)
user.is_active = False
# set last_login back artificially so it's not the same
# as in secret link
user.last_login = user.last_login - datetime.timedelta(seconds=1)
user.save()
response = self.client.get(reverse('account-confirm',
kwargs={'user_id': user.pk,
'secret': match.group(1)}))
# user is inactive, but link was already used
self.assertEqual(response.status_code, 302)
self.assertIn(reverse('account-login'), response['Location'])
def submit_request(request, public_body=None):
error = False
foilaw = None
if public_body is not None:
public_body = get_object_or_404(PublicBody,
slug=public_body)
all_laws = FoiLaw.objects.filter(jurisdiction=public_body.jurisdiction)
else:
all_laws = FoiLaw.objects.all()
context = {"public_body": public_body}
request_form = RequestForm(all_laws, FoiLaw.get_default_law(public_body),
True, request.POST)
context['request_form'] = request_form
context['public_body_form'] = PublicBodyForm()
if public_body is None and \
request.POST.get('public_body') == "new":
pb_form = PublicBodyForm(request.POST)
context["public_body_form"] = pb_form
if pb_form.is_valid():
data = pb_form.cleaned_data
data['confirmed'] = False
public_body = PublicBody(**data)
else:
error = True
if not request_form.is_valid():
error = True
else:
if public_body is None and \
request_form.cleaned_data['public_body'] != '' and \
request_form.cleaned_data['public_body'] != 'new':
public_body = request_form.public_body_object
context['user_form'] = None
user = None
if not request.user.is_authenticated():
user_form = NewUserForm(request.POST)
context['user_form'] = user_form
if not user_form.is_valid():
error = True
else:
user = request.user
if not error:
password = None
if user is None:
user, password = AccountManager.create_user(**user_form.cleaned_data)
sent_to_pb = 1
if public_body is not None and public_body.pk is None:
public_body._created_by = user
public_body.save()
sent_to_pb = 2
elif public_body is None:
sent_to_pb = 0
if foilaw is None:
foilaw = request_form.foi_law
foi_request = FoiRequest.from_request_form(user, public_body,
foilaw, form_data=request_form.cleaned_data, post_data=request.POST)
if user.is_active:
if sent_to_pb == 0:
messages.add_message(request, messages.INFO,
_('Others can now suggest the Public Bodies for your request.'))
elif sent_to_pb == 2:
messages.add_message(request, messages.INFO,
_('Your request will be sent as soon as the newly created Public Body was confirmed by an administrator.'))
else:
messages.add_message(request, messages.INFO,
_('Your request has been sent.'))
return HttpResponseRedirect(foi_request.get_absolute_url())
else:
AccountManager(user).send_confirmation_mail(request_id=foi_request.pk,
password=password)
messages.add_message(request, messages.INFO,
_('Please check your inbox for mail from us to confirm your mail address.'))
# user cannot access the request yet!
return HttpResponseRedirect("/")
messages.add_message(request, messages.ERROR,
_('There were errors in your form submission. Please review and submit again.'))
return render(request, 'foirequest/request.html', context, status=400)
