def is_request_banned(self, request):
ban = get_request_ip_ban(request)
if ban:
hydrated_ban = Ban(check_type=BAN_IP,
user_message=ban['message'],
expires_on=ban['expires_on'])
raise Banned(hydrated_ban)
def reset_password_form(request, pk, token):
requesting_user = get_object_or_404(get_user_model(), pk=pk)
try:
if (request.user.is_authenticated
and request.user.id != requesting_user.id):
message = _("%(user)s, your link has expired. "
"Please request new link and try again.")
message = message % {'user': requesting_user.username}
raise ResetError(message)
if not is_password_change_token_valid(requesting_user, token):
message = _("%(user)s, your link is invalid. "
"Please try again or request new link.")
message = message % {'user': requesting_user.username}
raise ResetError(message)
ban = get_user_ban(requesting_user)
if ban:
raise Banned(ban)
except ResetError as e:
return render(request,
'misago/forgottenpassword/error.html', {
'message': e.args[0],
},
status=400)
api_url = reverse('misago:api:change-forgotten-password',
kwargs={
'pk': pk,
'token': token,
})
request.frontend_context['CHANGE_PASSWORD_API'] = api_url
return render(request, 'misago/forgottenpassword/form.html')
def decorator(request, *args, **kwargs):
ban = get_request_ip_ban(request)
if ban:
hydrated_ban = Ban(check_type=Ban.IP,
user_message=ban['message'],
expires_on=ban['expires_on'])
raise Banned(hydrated_ban)
else:
return f(request, *args, **kwargs)
def test_banned(self):
"""banned exception is correctly handled"""
ban = Ban(user_message="This is test ban!")
response = exceptionhandler.handle_api_exception(Banned(ban), None)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.data['detail']['html'], "<p>This is test ban!</p>")
self.assertIn('expires_on', response.data)
def create_endpoint(request):
if settings.account_activation == 'closed':
raise PermissionDenied(_("New users registrations are currently closed."))
ban = get_ip_ban(request.user_ip, registration_only=True)
if ban:
raise Banned(ban)
serializer = RegisterUserSerializer(
data=request.data,
context={'request': request},
)
serializer.is_valid(raise_exception=True)
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER}
elif settings.account_activation == 'admin':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN}
try:
new_user = UserModel.objects.create_user(
serializer.validated_data['username'],
serializer.validated_data['email'],
serializer.validated_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs
)
except IntegrityError:
return Response(
{
'detail': _("Please try resubmitting the form."),
},
status=400,
)
send_welcome_email(request, new_user)
if not new_user.requires_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=serializer.validated_data['password'],
)
login(request, authenticated_user)
return Response(get_registration_result_json(new_user))
def activate_by_token(request, pk, token):
inactive_user = get_object_or_404(UserModel, pk=pk, is_active=True)
try:
if not inactive_user.requires_activation:
message = _("%(user)s, your account is already active.")
raise ActivationStopped(message % {'user': inactive_user.username})
if not is_activation_token_valid(inactive_user, token):
message = _(
"%(user)s, your activation link is invalid. "
"Try again or request new activation link."
)
raise ActivationError(message % {'user': inactive_user.username})
ban = get_user_ban(inactive_user)
if ban:
raise Banned(ban)
except ActivationStopped as e:
return render(request, 'misago/activation/stopped.html', {
'message': e.args[0],
})
except ActivationError as e:
return render(
request,
'misago/activation/error.html',
{
'message': e.args[0],
},
status=400,
)
inactive_user.requires_activation = UserModel.ACTIVATION_NONE
inactive_user.save(update_fields=['requires_activation'])
message = _("%(user)s, your account has been activated!")
return render(
request, 'misago/activation/done.html', {
'message': message % {
'user': inactive_user.username,
},
}
)
def reset_password_form(request, pk, token):
requesting_user = get_object_or_404(get_user_model(),
pk=pk,
is_active=True)
try:
if (request.user.is_authenticated
and request.user.id != requesting_user.id):
message = _(
"%(user)s, your link has expired. Please request new link and try again."
)
raise ResetError(message % {'user': requesting_user.username})
if not is_password_change_token_valid(requesting_user, token):
message = _(
"%(user)s, your link is invalid. Please try again or request new link."
)
raise ResetError(message % {'user': requesting_user.username})
ban = get_user_ban(requesting_user)
if ban:
raise Banned(ban)
except ResetError as e:
return render(request,
'misago/forgottenpassword/error.html', {
'message': e.args[0],
},
status=400)
request.frontend_context['store'].update({
'forgotten_password': {
'id': pk,
'token': token,
},
})
return render(request, 'misago/forgottenpassword/form.html')
def raise_misago_banned(request):
ban = Ban(user_message="Banned for test!")
raise Banned(ban)
def create_endpoint(request):
if settings.account_activation == 'closed':
raise PermissionDenied(_("New users registrations are currently closed."))
ban = get_ip_ban(request.user_ip, registration_only=True)
if ban:
raise Banned(ban)
serializer = RegisterUserSerializer(
data=request.data,
context={'request': request},
)
serializer.is_valid(raise_exception=True)
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER}
elif settings.account_activation == 'admin':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN}
try:
new_user = UserModel.objects.create_user(
serializer.validated_data['username'],
serializer.validated_data['email'],
serializer.validated_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs
)
except IntegrityError:
return Response(
{
'detail': _("Please try resubmitting the form."),
},
status=400,
)
mail_subject = _("Welcome on %(forum_name)s forums!")
mail_subject = mail_subject % {'forum_name': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=serializer.validated_data['password'],
)
login(request, authenticated_user)
mail_user(request, new_user, mail_subject, 'misago/emails/register/complete')
return Response({
'activation': None,
'username': new_user.username,
'email': new_user.email
})
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject, 'misago/emails/register/inactive', {
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
}
)
if activation_by_admin:
activation_method = 'admin'
else:
activation_method = 'user'
return Response({
'activation': activation_method,
'username': new_user.username,
'email': new_user.email
})
def confirm_user_not_banned(self, user):
ban = self.get_user_ban(user)
if ban:
raise Banned(ban=ban)
