def form(request):
message = None
if request.method == 'POST':
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
elif user.activation != User.ACTIVATION_NONE:
return error403(request, Message(request, 'users/activation/required', {'user': user}))
user.token = get_random_string(12)
user.save(force_update=True)
request.messages.set_flash(Message(request, 'users/password/reset_confirm', extra={'user':user}), 'success')
user.email_user(
request,
'users/password/confirm',
_("Confirm New Password Request")
)
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response('users/forgot_password.html',
{
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request));
def reset(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation != User.ACTIVATION_NONE:
return error403(request, Message(request, 'users/activation/required', {'user': user}))
if not token or not user.token or user.token != token:
return error403(request, Message(request, 'users/invalid_confirmation_link', {'user': user}))
new_password = get_random_string(6)
user.token = None
user.set_password(new_password)
user.save(force_update=True)
# Logout signed in and kill remember me tokens
Session.objects.filter(user=user).update(user=None)
Token.objects.filter(user=user).delete()
# Set flash and mail new password
request.messages.set_flash(Message(request, 'users/password/reset_done', extra={'user':user}), 'success')
user.email_user(
request,
'users/password/new',
_("Your New Password"),
{'password': new_password}
)
return redirect(reverse('sign_in'))
except User.DoesNotExist:
return error404(request)
def reset(request, username="", user="******", token=""):
user = int(user)
try:
user = User.objects.get(pk=user)
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
if user.activation != User.ACTIVATION_NONE:
return error403(
request,
Message(request, 'users/activation/required', {'user': user}))
if not token or not user.token or user.token != token:
return error403(
request,
Message(request, 'users/invalid_confirmation_link',
{'user': user}))
new_password = get_random_string(6)
user.token = None
user.set_password(new_password)
user.save(force_update=True)
# Logout signed in and kill remember me tokens
Session.objects.filter(user=user).update(user=None)
Token.objects.filter(user=user).delete()
# Set flash and mail new password
request.messages.set_flash(
Message(request, 'users/password/reset_done',
extra={'user': user}), 'success')
user.email_user(request, 'users/password/new', _("Your New Password"),
{'password': new_password})
return redirect(reverse('sign_in'))
except User.DoesNotExist:
return error404(request)
def form(request):
message = None
if request.method == 'POST':
form = UserSendSpecialMailForm(request.POST, request=request)
if form.is_valid():
user = form.found_user
user_ban = check_ban(username=user.username, email=user.email)
if user_ban:
return error_banned(request, user, user_ban)
elif user.activation != User.ACTIVATION_NONE:
return error403(
request,
Message(request, 'users/activation/required',
{'user': user}))
user.token = get_random_string(12)
user.save(force_update=True)
request.messages.set_flash(
Message(request,
'users/password/reset_confirm',
extra={'user': user}), 'success')
user.email_user(request, 'users/password/confirm',
_("Confirm New Password Request"))
return redirect(reverse('index'))
else:
message = Message(request, form.non_field_errors()[0])
else:
form = UserSendSpecialMailForm(request=request)
return request.theme.render_to_response(
'users/forgot_password.html', {
'message': message,
'form': FormLayout(form),
},
context_instance=RequestContext(request))
def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', activation=0, request=False):
token = ''
if activation > 0:
token = get_random_string(12)
if timezone == False:
try:
timezone = request.settings['default_timezone']
db_settings = request.settings
except AttributeError:
db_settings = DBSettings()
timezone = db_settings['default_timezone']
# Get first rank
try:
default_rank = Rank.objects.filter(special=0).order_by('order')[0]
except Rank.DoesNotExist:
default_rank = None
# Store user in database
new_user = User(
join_date=tz_util.now(),
join_ip=ip,
activation=activation,
token=token,
timezone=timezone,
rank=default_rank,
)
new_user.set_username(username)
new_user.set_email(email)
new_user.set_password(password)
new_user.full_clean()
new_user.default_avatar(db_settings)
new_user.save(force_insert=True)
# Set user roles
new_user.roles.add(Role.objects.get(token='registered'))
new_user.save(force_update=True)
# Load monitor
try:
monitor = request.monitor
except AttributeError:
monitor = Monitor()
# Update forum stats
if activation == 0:
monitor['users'] = int(monitor['users']) + 1
monitor['last_user'] = new_user.pk
monitor['last_user_name'] = new_user.username
monitor['last_user_slug'] = new_user.username_slug
else:
monitor['users_inactive'] = int(monitor['users_inactive']) + 1
# Return new user
return new_user
def process_request(self, request):
if request.user.is_crawler():
return None
if 'csrf_token' in request.session:
csrf_token = request.session['csrf_token']
else:
csrf_token = get_random_string(16);
request.session['csrf_token'] = csrf_token
request.csrf = CSRFProtection(csrf_token)
def process_request(self, request):
if request.user.is_crawler():
return None
if 'csrf_token' in request.session:
csrf_token = request.session['csrf_token']
else:
csrf_token = get_random_string(16)
request.session['csrf_token'] = csrf_token
request.csrf = CSRFProtection(csrf_token)
def _get_new_session_key(self):
return get_random_string(42)
def create_user(self,
username,
email,
password,
timezone=False,
ip='127.0.0.1',
activation=0,
request=False):
token = ''
if activation > 0:
token = get_random_string(12)
if timezone == False:
try:
timezone = request.settings['default_timezone']
db_settings = request.settings
except AttributeError:
db_settings = DBSettings()
timezone = db_settings['default_timezone']
# Get first rank
try:
default_rank = Rank.objects.filter(special=0).order_by('order')[0]
except Rank.DoesNotExist:
default_rank = None
# Store user in database
new_user = User(
join_date=tz_util.now(),
join_ip=ip,
activation=activation,
token=token,
timezone=timezone,
rank=default_rank,
)
new_user.set_username(username)
new_user.set_email(email)
new_user.set_password(password)
new_user.full_clean()
new_user.default_avatar(db_settings)
new_user.save(force_insert=True)
# Set user roles
new_user.roles.add(Role.objects.get(token='registered'))
new_user.save(force_update=True)
# Load monitor
try:
monitor = request.monitor
except AttributeError:
monitor = Monitor()
# Update forum stats
if activation == 0:
monitor['users'] = int(monitor['users']) + 1
monitor['last_user'] = new_user.pk
monitor['last_user_name'] = new_user.username
monitor['last_user_slug'] = new_user.username_slug
else:
monitor['users_inactive'] = int(monitor['users_inactive']) + 1
# Return new user
return new_user
def signin(request):
message = request.messages.get_message('security')
if request.method == 'POST':
form = SignInForm(
request.POST,
show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'],
request=request
)
if form.is_valid():
try:
# Configure correct auth and redirect links
if request.firewall.admin:
auth_method = auth_admin
success_redirect = reverse(site.get_admin_index())
else:
auth_method = auth_forum
success_redirect = reverse('index')
# Authenticate user
user = auth_method(
request,
form.cleaned_data['user_email'],
form.cleaned_data['user_password'],
)
if not request.firewall.admin and request.settings['sessions_hidden'] and form.cleaned_data['user_stay_hidden']:
request.session.hidden = True
sign_user_in(request, user, request.session.hidden)
remember_me_token = False
if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']:
remember_me_token = get_random_string(42)
remember_me = Token(
id=remember_me_token,
user=user,
created=timezone.now(),
accessed=timezone.now(),
hidden=request.session.hidden
)
remember_me.save()
if remember_me_token:
request.cookie_jar.set('TOKEN', remember_me_token, True)
request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security')
return redirect(success_redirect)
except AuthException as e:
message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban})
message.type = 'error'
# If not in Admin, register failed attempt
if not request.firewall.admin and e.type == auth.CREDENTIALS:
SignInAttempt.objects.register_attempt(request.session.get_ip(request))
# Have we jammed our account?
if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)):
request.jam.expires = timezone.now()
return redirect(reverse('sign_in'))
else:
message = Message(request, form.non_field_errors()[0])
message.type = 'error'
else:
form = SignInForm(
show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'],
request=request
)
return request.theme.render_to_response('signin.html',
{
'message': message,
'form': FormLayout(form, [
(
None,
[('user_email', {'attrs': {'placeholder': _("Enter your e-mail")}}), ('user_password', {'has_value': False, 'placeholder': _("Enter your password")})]
),
(
None,
['user_remember_me', 'user_stay_hidden'],
),
]),
'hide_signin': True,
},
context_instance=RequestContext(request));
def _get_new_session_key(self):
return get_random_string(42)