def mail_admins_contact(request, subject, message, context, sender, to):
"""Send a message to the admins, as defined by the ADMINS setting."""
LOGGER.info('contact form from %s', sender)
if not to and settings.ADMINS:
to = [a[1] for a in settings.ADMINS]
elif not settings.ADMINS:
messages.error(request,
_('Message could not be sent to administrator!'))
LOGGER.error('ADMINS not configured, can not send message!')
return
mail = EmailMultiAlternatives(
'{0}{1}'.format(settings.EMAIL_SUBJECT_PREFIX, subject % context),
'{}\n{}'.format(
message % context,
TEMPLATE_FOOTER.format(
address=get_ip_address(request),
agent=get_user_agent(request),
username=request.user.username,
),
),
to=to,
headers={'Reply-To': sender},
)
mail.send(fail_silently=False)
messages.success(request, _('Message has been sent to administrator.'))
def test_agent_long(self):
request = HttpRequest()
request.META['HTTP_USER_AGENT'] = 'agent ' * 200
self.assertLess(
len(get_user_agent(request)),
200
)
def mail_admins_contact(request, subject, message, context, sender, to):
"""Send a message to the admins, as defined by the ADMINS setting."""
LOGGER.info("contact form from %s", sender)
if not to and settings.ADMINS:
to = [a[1] for a in settings.ADMINS]
elif not settings.ADMINS:
messages.error(request, _("Could not send message to administrator."))
LOGGER.error("ADMINS not configured, cannot send message")
return
mail = EmailMultiAlternatives(
"{}{}".format(settings.EMAIL_SUBJECT_PREFIX, subject % context),
"{}\n{}".format(
message % context,
TEMPLATE_FOOTER.format(
address=get_ip_address(request),
agent=get_user_agent(request),
username=request.user.username,
),
),
to=to,
headers={"Reply-To": sender},
)
mail.send(fail_silently=False)
messages.success(
request,
_("Your request has been sent, you will shortly hear from us."))
def test_agent(self):
request = HttpRequest()
request.META['HTTP_USER_AGENT'] = 'agent'
self.assertEqual(
get_user_agent(request),
'Other / Other / Other'
)
def make_current(self, request):
if not self.is_current():
notify_account_activity(
self.user, request, 'tos', date=TOS_DATE.isoformat()
)
self.tos = TOS_DATE
self.address = get_ip_address(request)
self.user_agent = get_user_agent(request)
self.save()
def make_current(self, request):
if not self.is_current():
AuditLog.objects.create(
self.user, request, 'tos', date=TOS_DATE.isoformat()
)
self.tos = TOS_DATE
self.address = get_ip_address(request)
self.user_agent = get_user_agent(request)
self.save()
def make_current(self, request):
if not self.is_current():
notify_account_activity(self.user,
request,
'tos',
date=TOS_DATE.isoformat())
self.tos = TOS_DATE
self.address = get_ip_address(request)
self.user_agent = get_user_agent(request)
self.save()
def reset_password(request):
"""Password reset handling."""
if request.user.is_authenticated:
return redirect_profile()
if "email" not in get_auth_keys():
messages.error(
request,
_("Cannot reset password, e-mail authentication is turned off."))
return redirect("login")
captcha = None
# We're already in the reset phase
if "perform_reset" in request.session:
return reset_password_set(request)
if request.method == "POST":
form = ResetForm(request.POST)
if settings.REGISTRATION_CAPTCHA:
captcha = CaptchaForm(request, form, request.POST)
if (captcha is None or captcha.is_valid()) and form.is_valid():
if form.cleaned_data["email_user"]:
audit = AuditLog.objects.create(
form.cleaned_data["email_user"], request, "reset-request")
if not audit.check_rate_limit(request):
store_userid(request, True)
return social_complete(request, "email")
else:
email = form.cleaned_data["email"]
send_notification_email(
None,
[email],
"reset-nonexisting",
context={
"address": get_ip_address(request),
"user_agent:": get_user_agent(request),
"registration_hint": get_registration_hint(email),
},
)
return fake_email_sent(request, True)
else:
form = ResetForm()
if settings.REGISTRATION_CAPTCHA:
captcha = CaptchaForm(request)
return render(
request,
"accounts/reset.html",
{
"title": _("Password reset"),
"form": form,
"captcha_form": captcha,
"second_stage": False,
},
)
def create(self, user, request, activity, **params):
address = get_ip_address(request)
user_agent = get_user_agent(request)
if activity == "login" and self.is_new_login(user, address, user_agent):
activity = "login-new"
return super().create(
user=user,
activity=activity,
address=address,
user_agent=user_agent,
params=params,
)
def create(self, user, request, activity, **params):
address = get_ip_address(request)
user_agent = get_user_agent(request)
if activity == 'login' and self.is_new_login(user, address, user_agent):
activity = 'login-new'
return super(AuditLogManager, self).create(
user=user,
activity=activity,
address=address,
user_agent=user_agent,
params=params,
)
def create(self, user, request, activity, **params):
address = get_ip_address(request)
user_agent = get_user_agent(request)
if activity == 'login' and self.is_new_login(user, address, user_agent):
activity = 'login-new'
return super(AuditLogManager, self).create(
user=user,
activity=activity,
address=address,
user_agent=user_agent,
params=params,
)
def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account.
Returns whether the activity should be rate limited."""
address = get_ip_address(request)
user_agent = get_user_agent(request)
if activity == 'login' and is_new_login(user, address, user_agent):
activity = 'login-new'
audit = AuditLog.objects.create(
user, activity, address, user_agent, **kwargs
)
if audit.should_notify():
# Here we do not call the get*message methods to avoid
# evaluating here in request locales. We need to that later in
# the template with mail locale.
send_notification_email(
user.profile.language,
user.email,
'account_activity',
context={
'message': audit.get_message,
'extra_message': audit.get_extra_message,
'address': address,
'user_agent': user_agent,
},
info='{0} from {1}'.format(activity, address),
)
# Handle rate limiting
if activity == 'failed-auth' and user.has_usable_password():
failures = AuditLog.objects.get_after(user, 'login', 'failed-auth')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
user.set_unusable_password()
user.save(update_fields=['password'])
notify_account_activity(user, request, 'locked')
return True
elif activity == 'reset-request':
failures = AuditLog.objects.get_after(user, 'login', 'reset-request')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
return True
return False
def notify_account_activity(user, request, activity, **kwargs):
"""Notification about important activity with account.
Returns whether the activity should be rate limited."""
address = get_ip_address(request)
user_agent = get_user_agent(request)
if activity == 'login' and is_new_login(user, address):
activity = 'login-new'
audit = AuditLog.objects.create(
user, activity, address, user_agent, **kwargs
)
if audit.should_notify():
profile = Profile.objects.get_or_create(user=user)[0]
send_notification_email(
profile.language,
user.email,
'account_activity',
context={
'message': audit.get_message(),
'extra_message': audit.get_extra_message(),
'address': address,
'user_agent': user_agent,
},
info='{0} from {1}'.format(activity, address),
)
# Handle rate limiting
if activity == 'failed-auth' and user.has_usable_password():
failures = AuditLog.objects.get_after(user, 'login', 'failed-auth')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
user.set_unusable_password()
user.save(update_fields=['password'])
notify_account_activity(user, request, 'locked')
return True
elif activity == 'reset-request':
failures = AuditLog.objects.get_after(user, 'login', 'reset-request')
if failures.count() >= settings.AUTH_LOCK_ATTEMPTS:
return True
return False
def test_agent_long(self):
request = HttpRequest()
request.META['HTTP_USER_AGENT'] = 'agent ' * 200
self.assertLess(len(get_user_agent(request)), 200)
def test_agent(self):
request = HttpRequest()
request.META['HTTP_USER_AGENT'] = 'agent'
self.assertEqual(get_user_agent(request), 'Other / Other / Other')
def test_agent(self):
request = HttpRequest()
request.META["HTTP_USER_AGENT"] = "agent"
self.assertEqual(get_user_agent(request), "Other / Other / Other")
