def google_login_success(request): if request.method == 'GET': params = request.GET elif request.method == 'POST': params = request.POST values = { p.split('.')[-1]: params[p] for p in params.keys() if 'value' in p } mode = params['openid.mode'] if mode != 'id_res': # The user declined to sign in at Google return _fail_login(request, 'could not verify your credentials') email = values['email'] firstname = values['firstname'] lastname = values['lastname'] handle = params['openid.claimed_id'] # Break apart the handle to find the user's ID # Assumes there are no other parameters attached to URL in 'openid.claimed_id' userid = handle.split("?")[-1].split("=")[-1] association = params['openid.assoc_handle'] # Use the information from Google to retrieve this user's profile, # or create a new user and profile. # 1) Try to retrieve this user's profile by openid handle try: profile = UserProfile.objects.get(openid_auth_stub__claimed_id=userid) except UserProfile.DoesNotExist: # 2) Try to retrieve the user's profile by email address (username) try: user = User.objects.get(username=email) profile = UserProfile.objects.get(user=user) except User.DoesNotExist: # 3) This person has never logged in before user = User.create_user(email, random_string()) user.first_name = firstname user.last_name = lastname user.save() profile = UserProfile(user=user) # Save openid information when this user has never used openid before # This should happen even if the user's profile already exists profile.openid_auth_stub = OpenidAuthStub(association=association, claimed_id=userid) profile.save() # Store the profile in the session request.session['profile'] = profile # Get the user's phone number if they do not have one already registered if not profile.phone_number: return HttpResponseRedirect(reverse('google_register')) profile.user.backend = 'mongoengine.django.auth.MongoEngineBackend' login(request, profile.user) return HttpResponseRedirect(reverse('user_landing'))
def google_login_success( request ): if request.method == 'GET': params = request.GET elif request.method == 'POST': params = request.POST values = { p.split('.')[-1] : params[p] for p in params.keys() if 'value' in p } mode = params['openid.mode'] if mode != 'id_res': # The user declined to sign in at Google return _fail_login( request, 'could not verify your credentials' ) email = values['email'] firstname = values['firstname'] lastname = values['lastname'] handle = params['openid.claimed_id'] # Break apart the handle to find the user's ID # Assumes there are no other parameters attached to URL in 'openid.claimed_id' userid = handle.split("?")[-1].split("=")[-1] association = params['openid.assoc_handle'] # Use the information from Google to retrieve this user's profile, # or create a new user and profile. # 1) Try to retrieve this user's profile by openid handle try: profile = UserProfile.objects.get( openid_auth_stub__claimed_id = userid ) except UserProfile.DoesNotExist: # 2) Try to retrieve the user's profile by email address (username) try: user = User.objects.get( username=email ) profile = UserProfile.objects.get( user=user ) except User.DoesNotExist: # 3) This person has never logged in before user=User.create_user(email, random_string()) user.first_name = firstname user.last_name = lastname user.save() profile = UserProfile( user=user ) # Save openid information when this user has never used openid before # This should happen even if the user's profile already exists profile.openid_auth_stub = OpenidAuthStub(association=association, claimed_id=userid) profile.save() # Store the profile in the session request.session['profile'] = profile # Get the user's phone number if they do not have one already registered if not profile.phone_number: return HttpResponseRedirect( reverse('google_register') ) profile.user.backend = 'mongoengine.django.auth.MongoEngineBackend' login( request, profile.user ) return HttpResponseRedirect( reverse('user_landing' ) )
def forgot_password(request): ''' if the user forgot their password renders ForgotPasswordForm, or processes it if a POST request ''' if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.cleaned_data # Does the user in the email field even exist? try: user = User.objects.get(username=data['username']) profile = UserProfile.objects.get(user=user) except User.DoesNotExist: return HttpResponseRedirect(reverse('main_page')) # Ok, they do. Send them an email reset_string = random_string() profile.password_reset_stub = reset_string profile.save() reset_link = '%s%s?rid=%s&uid=%s' % (_hostname(), reverse('reset_password'), reset_string, str(profile.id)) email_body = render_message( 'mongologin/static/emails/forgot_password.txt', locals()) send_email(email_to=user.username, email_body=email_body, email_subject="Reset your password") messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." ) return HttpResponseRedirect(reverse('main_page')) else: form = ForgotPasswordForm() return render_to_response('forgot_password.html', locals(), context_instance=RequestContext(request))
def forgot_password( request ): ''' if the user forgot their password renders ForgotPasswordForm, or processes it if a POST request ''' if request.method == 'POST': form = ForgotPasswordForm(request.POST) if form.is_valid(): data = form.cleaned_data # Does the user in the email field even exist? try: user = User.objects.get(username=data['username']) profile = UserProfile.objects.get(user=user) except User.DoesNotExist: return HttpResponseRedirect( reverse('main_page') ) # Ok, they do. Send them an email reset_string = random_string() profile.password_reset_stub = reset_string profile.save() reset_link = '%s%s?rid=%s&uid=%s'%( _hostname(), reverse( 'reset_password' ), reset_string, str(profile.id) ) email_body = render_message( 'mongologin/static/emails/forgot_password.txt', locals() ) send_email( email_to=user.username, email_body=email_body, email_subject="Reset your password" ) messages.add_message( request, messages.SUCCESS, "An email has been sent to you with instructions on resetting your password." ) return HttpResponseRedirect( reverse('main_page') ) else: form = ForgotPasswordForm() return render_to_response( 'forgot_password.html', locals(), context_instance=RequestContext(request) )