def signup_with_password(request):
"""Create a password-protected account
template: authopenid/signup_with_password.html
"""
logging.debug(get_request_info(request))
next = get_next_url(request)
login_form = forms.LoginForm(initial={'next': next})
#this is safe because second decorator cleans this field
provider_name = request.REQUEST['login_provider']
if askbot_settings.USE_RECAPTCHA:
RegisterForm = forms.SafeClassicRegisterForm
else:
RegisterForm = forms.ClassicRegisterForm
logging.debug('request method was %s' % request.method)
if request.method == 'POST':
form = RegisterForm(request.POST)
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm(request.POST)
#validation outside if to remember form values
logging.debug('validating classic register form')
form1_is_valid = form.is_valid()
if form1_is_valid:
logging.debug('classic register form validated')
else:
logging.debug('classic register form is not valid')
form2_is_valid = email_feeds_form.is_valid()
if form2_is_valid:
logging.debug('email feeds form validated')
else:
logging.debug('email feeds form is not valid')
if form1_is_valid and form2_is_valid:
logging.debug('both forms are valid')
next = form.cleaned_data['next']
username = form.cleaned_data['username']
password = form.cleaned_data['password1']
email = form.cleaned_data['email']
provider_name = form.cleaned_data['login_provider']
User.objects.create_user(username, email, password)
logging.debug('new user %s created' % username)
if provider_name != 'local':
raise NotImplementedError('must run create external user code')
user = authenticate(username=username,
password=password,
provider_name=provider_name,
method='password')
login(request, user)
logging.debug('new user logged in')
email_feeds_form.save(user)
logging.debug('email feeds form saved')
# send email
#subject = _("Welcome email subject line")
#message_template = get_emplate(
# 'authopenid/confirm_email.txt'
#)
#message_context = Context({
# 'signup_url': askbot_settings.APP_URL + reverse('user_signin'),
# 'username': username,
# 'password': password,
#})
#message = message_template.render(message_context)
#send_mail(subject, message, settings.DEFAULT_FROM_EMAIL,
# [user.email])
#logging.debug('new password acct created, confirmation email sent!')
return HttpResponseRedirect(next)
else:
#todo: this can be solved with a decorator, maybe
form.initial['login_provider'] = provider_name
logging.debug('create classic account forms were invalid')
else:
#todo: here we have duplication of get_password_login_provider...
form = RegisterForm(initial={
'next': next,
'login_provider': provider_name
})
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
logging.debug('printing legacy signup form')
major_login_providers = util.get_major_login_providers()
minor_login_providers = util.get_minor_login_providers()
context_data = {
'form': form,
'page_class': 'openid-signin',
'email_feeds_form': email_feeds_form,
'major_login_providers': major_login_providers.values(),
'minor_login_providers': minor_login_providers.values(),
'login_form': login_form
}
return render_into_skin('authopenid/signup_with_password.html',
context_data, request)
def show_signin_view(request,
login_form=None,
account_recovery_form=None,
account_recovery_message=None,
sticky=False,
view_subtype='default'):
"""url-less utility function that populates
context of template 'authopenid/signin.html'
and returns its rendered output
"""
allowed_subtypes = ('default', 'add_openid', 'email_sent', 'change_openid',
'bad_key')
assert (view_subtype in allowed_subtypes)
if sticky:
next_url = reverse('user_signin')
else:
next_url = get_next_url(request)
if login_form is None:
login_form = forms.LoginForm(initial={'next': next_url})
if account_recovery_form is None:
account_recovery_form = forms.AccountRecoveryForm(
) #initial = initial_data)
#if request is GET
if request.method == 'GET':
logging.debug('request method was GET')
#todo: this sthuff must be executed on some signal
#because askbot should have nothing to do with the login app
from askbot.models import AnonymousQuestion as AQ
session_key = request.session.session_key
logging.debug(
'retrieving anonymously posted question associated with session %s' %
session_key)
qlist = AQ.objects.filter(session_key=session_key).order_by('-added_at')
if len(qlist) > 0:
question = qlist[0]
else:
question = None
from askbot.models import AnonymousAnswer as AA
session_key = request.session.session_key
logging.debug('retrieving posted answer associated with session %s' %
session_key)
alist = AA.objects.filter(session_key=session_key).order_by('-added_at')
if len(alist) > 0:
answer = alist[0]
else:
answer = None
if request.user.is_authenticated():
existing_login_methods = UserAssociation.objects.filter(
user=request.user)
if view_subtype == 'default':
page_title = _('Please click any of the icons below to sign in')
elif view_subtype == 'email_sent':
page_title = _('Account recovery email sent')
elif view_subtype == 'change_openid':
if len(existing_login_methods) == 0:
page_title = _('Please add one or more login methods.')
else:
page_title = _(
'If you wish, please add, remove or re-validate your login methods'
)
elif view_subtype == 'add_openid':
page_title = _(
'Please wait a second! Your account is recovered, but ...')
elif view_subtype == 'bad_key':
page_title = _(
'Sorry, this account recovery key has expired or is invalid')
logging.debug('showing signin view')
data = {
'page_class': 'openid-signin',
'view_subtype': view_subtype, #add_openid|default
'page_title': page_title,
'question': question,
'answer': answer,
'login_form': login_form,
'use_password_login': util.use_password_login(),
'account_recovery_form': account_recovery_form,
'openid_error_message': request.REQUEST.get('msg', ''),
'account_recovery_message': account_recovery_message,
'use_password_login': util.use_password_login(),
}
major_login_providers = util.get_major_login_providers()
minor_login_providers = util.get_minor_login_providers()
active_provider_names = None
if request.user.is_authenticated():
data['existing_login_methods'] = existing_login_methods
active_provider_names = [
item.provider_name for item in existing_login_methods
]
util.set_login_provider_tooltips(
major_login_providers, active_provider_names=active_provider_names)
util.set_login_provider_tooltips(
minor_login_providers, active_provider_names=active_provider_names)
data['major_login_providers'] = major_login_providers.values()
data['minor_login_providers'] = minor_login_providers.values()
return render_into_skin('authopenid/signin.html', data, request)
def signin(
request,
newquestion=False, #todo: not needed
newanswer=False, #todo: not needed
):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug('in signin view')
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
next_url = get_next_url(request)
logging.debug('next url is %s' % next_url)
if next_url == reverse('user_signin'):
next_url = '%(next)s?next=%(next)s' % {'next': next_url}
login_form = forms.LoginForm(initial={'next': next_url})
#todo: get next url make it sticky if next is 'user_signin'
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data['login_provider_name']
if login_form.cleaned_data['login_type'] == 'password':
password_action = login_form.cleaned_data['password_action']
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert (password_action == 'login')
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data['username']
if util.ldap_check_password(
username, login_form.cleaned_data['password']):
user = authenticate(ldap_user_id=username,
provider_name=ldap_provider_name,
method='ldap')
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request=request,
user=user,
user_identifier=username,
login_provider_name=ldap_provider_name,
redirect_url=next_url)
else:
if password_action == 'login':
user = authenticate(
username=login_form.cleaned_data['username'],
password=login_form.cleaned_data['password'],
provider_name=provider_name,
method='password')
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
#todo: here we might need to set cookies
#for external login sites
return HttpResponseRedirect(next_url)
elif password_action == 'change_password':
if request.user.is_authenticated():
new_password = \
login_form.cleaned_data['new_password']
AuthBackend.set_password(
user=request.user,
password=new_password,
provider_name=provider_name)
request.user.message_set.create(
message=_('Your new password saved'))
return HttpResponseRedirect(next_url)
else:
logging.critical('unknown password action %s' %
password_action)
raise Http404
elif login_form.cleaned_data['login_type'] == 'openid':
#initiate communication process
logging.debug('processing signin with openid submission')
#todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
redirect_to = "%s%s?%s" % (
get_url_host(request), reverse('user_complete_signin'),
urllib.urlencode({'next': next_url}))
return ask_openid(request,
login_form.cleaned_data['openid_url'],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req)
elif login_form.cleaned_data['login_type'] == 'oauth':
try:
#this url may need to have "next" piggibacked onto
callback_url = reverse('user_complete_oauth_signin')
connection = util.OAuthConnection(
provider_name, callback_url=callback_url)
connection.start()
request.session['oauth_token'] = connection.get_token()
request.session['oauth_provider_name'] = provider_name
request.session[
'next_url'] = next_url #special case for oauth
oauth_url = connection.get_auth_url(login_only=False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': provider_name
}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data['login_type'] == 'facebook':
#have to redirect for consistency
#there is a requirement that 'complete_signin'
try:
#this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(method='facebook',
facebook_user_id=user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=user_id,
login_provider_name=provider_name,
redirect_url=next_url)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': 'Facebook'
}
request.user.message_set.create(message=msg)
else:
#raise 500 error - unknown login type
pass
def show_signin_view(request,
login_form=None,
account_recovery_form=None,
account_recovery_message=None,
sticky=False,
view_subtype='default'):
"""url-less utility function that populates
context of template 'authopenid/signin.html'
and returns its rendered output
"""
allowed_subtypes = ('default', 'add_openid', 'email_sent', 'change_openid',
'bad_key')
assert (view_subtype in allowed_subtypes)
if sticky:
next_url = reverse('user_signin')
else:
next_url = get_next_url(request)
if login_form is None:
login_form = forms.LoginForm(initial={'next': next_url})
if account_recovery_form is None:
account_recovery_form = forms.AccountRecoveryForm(
) #initial = initial_data)
#if request is GET
if request.method == 'GET':
logging.debug('request method was GET')
#todo: this sthuff must be executed on some signal
#because askbot should have nothing to do with the login app
from askbot.models import AnonymousQuestion as AQ
session_key = request.session.session_key
logging.debug(
'retrieving anonymously posted question associated with session %s' %
session_key)
qlist = AQ.objects.filter(session_key=session_key).order_by('-added_at')
if len(qlist) > 0:
question = qlist[0]
else:
question = None
from askbot.models import AnonymousAnswer as AA
session_key = request.session.session_key
logging.debug('retrieving posted answer associated with session %s' %
session_key)
alist = AA.objects.filter(session_key=session_key).order_by('-added_at')
if len(alist) > 0:
answer = alist[0]
else:
answer = None
if request.user.is_authenticated():
existing_login_methods = UserAssociation.objects.filter(
user=request.user)
#annotate objects with extra data
providers = util.get_enabled_login_providers()
for login_method in existing_login_methods:
try:
provider_data = providers[login_method.provider_name]
if provider_data['type'] == 'password':
#only external password logins will not be deletable
#this is because users with those can lose access to their accounts permanently
login_method.is_deletable = provider_data.get(
'password_changeable', False)
else:
login_method.is_deletable = True
except KeyError:
logging.critical(
'login method %s is no longer available '
'please delete records for this login method '
'from the UserAssociation table',
login_method.provider_name)
continue
if view_subtype == 'default':
page_title = _('Please click any of the icons below to sign in')
elif view_subtype == 'email_sent':
page_title = _('Account recovery email sent')
elif view_subtype == 'change_openid':
if len(existing_login_methods) == 0:
page_title = _('Please add one or more login methods.')
else:
page_title = _(
'If you wish, please add, remove or re-validate your login methods'
)
elif view_subtype == 'add_openid':
page_title = _(
'Please wait a second! Your account is recovered, but ...')
elif view_subtype == 'bad_key':
page_title = _(
'Sorry, this account recovery key has expired or is invalid')
logging.debug('showing signin view')
data = {
'page_class': 'openid-signin',
'view_subtype': view_subtype, #add_openid|default
'page_title': page_title,
'question': question,
'answer': answer,
'login_form': login_form,
'use_password_login': util.use_password_login(),
'account_recovery_form': account_recovery_form,
'openid_error_message': request.REQUEST.get('msg', ''),
'account_recovery_message': account_recovery_message,
'use_password_login': util.use_password_login(),
}
major_login_providers = util.get_enabled_major_login_providers()
minor_login_providers = util.get_enabled_minor_login_providers()
#determine if we are only using password login
active_provider_names = [p['name'] for p in major_login_providers.values()]
active_provider_names.extend(
[p['name'] for p in minor_login_providers.values()])
have_buttons = True
if (len(active_provider_names) == 1
and active_provider_names[0] == 'local'):
if askbot_settings.SIGNIN_ALWAYS_SHOW_LOCAL_LOGIN == True:
#in this case the form is not using javascript, so set initial values
#here
have_buttons = False
login_form.initial['login_provider_name'] = 'local'
if request.user.is_authenticated():
login_form.initial['password_action'] = 'change_password'
else:
login_form.initial['password_action'] = 'login'
data['have_buttons'] = have_buttons
if request.user.is_authenticated():
data['existing_login_methods'] = existing_login_methods
active_provider_names = [
item.provider_name for item in existing_login_methods
]
util.set_login_provider_tooltips(
major_login_providers, active_provider_names=active_provider_names)
util.set_login_provider_tooltips(
minor_login_providers, active_provider_names=active_provider_names)
data['major_login_providers'] = major_login_providers.values()
data['minor_login_providers'] = minor_login_providers.values()
return render_into_skin('authopenid/signin.html', data, request)
def signin(request):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug('in signin view')
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
#we need a special priority on where to redirect on successful login
#here:
#1) url parameter "next" - if explicitly set
#2) url from django setting LOGIN_REDIRECT_URL
#3) home page of the forum
login_redirect_url = getattr(settings, 'LOGIN_REDIRECT_URL', None)
next_url = get_next_url(request, default=login_redirect_url)
logging.debug('next url is %s' % next_url)
if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \
and request.user.is_authenticated():
return HttpResponseRedirect(next_url)
if next_url == reverse('user_signin'):
next_url = '%(next)s?next=%(next)s' % {'next': next_url}
login_form = forms.LoginForm(initial={'next': next_url})
#todo: get next url make it sticky if next is 'user_signin'
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data['login_provider_name']
if login_form.cleaned_data['login_type'] == 'password':
password_action = login_form.cleaned_data['password_action']
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert (password_action == 'login')
username = login_form.cleaned_data['username']
password = login_form.cleaned_data['password']
# will be None if authentication fails
user = authenticate(username=username,
password=password,
method='ldap')
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request=request,
user=user,
user_identifier=username,
login_provider_name=provider_name,
redirect_url=next_url)
else:
if password_action == 'login':
user = authenticate(
username=login_form.cleaned_data['username'],
password=login_form.cleaned_data['password'],
provider_name=provider_name,
method='password')
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
#todo: here we might need to set cookies
#for external login sites
return HttpResponseRedirect(next_url)
elif password_action == 'change_password':
if request.user.is_authenticated():
new_password = \
login_form.cleaned_data['new_password']
AuthBackend.set_password(
user=request.user,
password=new_password,
provider_name=provider_name)
request.user.message_set.create(
message=_('Your new password saved'))
return HttpResponseRedirect(next_url)
else:
logging.critical('unknown password action %s' %
password_action)
raise Http404
elif login_form.cleaned_data['login_type'] == 'openid':
#initiate communication process
logging.debug('processing signin with openid submission')
#todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
redirect_to = "%s%s?%s" % (
get_url_host(request), reverse('user_complete_signin'),
urllib.urlencode({'next': next_url}))
return ask_openid(request,
login_form.cleaned_data['openid_url'],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req)
elif login_form.cleaned_data['login_type'] == 'oauth':
try:
#this url may need to have "next" piggibacked onto
callback_url = reverse('user_complete_oauth_signin')
connection = util.OAuthConnection(
provider_name, callback_url=callback_url)
connection.start()
request.session['oauth_token'] = connection.get_token()
request.session['oauth_provider_name'] = provider_name
request.session[
'next_url'] = next_url #special case for oauth
oauth_url = connection.get_auth_url(login_only=False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': provider_name
}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data['login_type'] == 'facebook':
#have to redirect for consistency
#there is a requirement that 'complete_signin'
try:
#this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(method='facebook',
facebook_user_id=user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=user_id,
login_provider_name=provider_name,
redirect_url=next_url)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': 'Facebook'
}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data['login_type'] == 'wordpress_site':
#here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog
wp = Client(askbot_settings.WORDPRESS_SITE_URL,
login_form.cleaned_data['username'],
login_form.cleaned_data['password'])
try:
wp_user = wp.call(GetUserInfo())
custom_wp_openid_url = '%s?user_id=%s' % (wp.url,
wp_user.user_id)
user = authenticate(method='wordpress_site',
wordpress_url=wp.url,
wp_user_id=wp_user.user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=custom_wp_openid_url,
login_provider_name=provider_name,
redirect_url=next_url)
except WpFault, e:
logging.critical(unicode(e))
msg = _('The login password combination was not correct')
request.user.message_set.create(message=msg)
def signup_with_password(request):
"""Create a password-protected account
template: authopenid/signup_with_password.html
"""
logging.debug(get_request_info(request))
login_form = forms.LoginForm(initial={'next': get_next_url(request)})
#this is safe because second decorator cleans this field
provider_name = request.REQUEST['login_provider']
if askbot_settings.USE_RECAPTCHA:
RegisterForm = forms.SafeClassicRegisterForm
else:
RegisterForm = forms.ClassicRegisterForm
logging.debug('request method was %s' % request.method)
if request.method == 'POST':
form = RegisterForm(request.POST)
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm(request.POST)
#validation outside if to remember form values
logging.debug('validating classic register form')
form1_is_valid = form.is_valid()
if form1_is_valid:
logging.debug('classic register form validated')
else:
logging.debug('classic register form is not valid')
form2_is_valid = email_feeds_form.is_valid()
if form2_is_valid:
logging.debug('email feeds form validated')
else:
logging.debug('email feeds form is not valid')
if form1_is_valid and form2_is_valid:
logging.debug('both forms are valid')
next = form.cleaned_data['next']
username = form.cleaned_data['username']
password = form.cleaned_data['password1']
email = form.cleaned_data['email']
subscribe = email_feeds_form.cleaned_data['subscribe']
if askbot_settings.REQUIRE_VALID_EMAIL_FOR == 'nothing':
user = create_authenticated_user_account(username=username,
email=email,
password=password,
subscribe=subscribe)
login(request, user)
cleanup_post_register_session(request)
return HttpResponseRedirect(get_next_url(request))
else:
request.session['username'] = username
request.session['email'] = email
request.session['password'] = password
request.session['subscribe'] = subscribe
#todo: generate a key and save it in the session
key = util.generate_random_key()
email = request.session['email']
send_email_key(email,
key,
handler_url_name='verify_email_and_register')
request.session['validation_code'] = key
redirect_url = reverse('verify_email_and_register') + \
'?next=' + get_next_url(request)
return HttpResponseRedirect(redirect_url)
else:
#todo: this can be solved with a decorator, maybe
form.initial['login_provider'] = provider_name
logging.debug('create classic account forms were invalid')
else:
#todo: here we have duplication of get_password_login_provider...
form = RegisterForm(initial={
'next': get_next_url(request),
'login_provider': provider_name
})
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
logging.debug('printing legacy signup form')
major_login_providers = util.get_enabled_major_login_providers()
minor_login_providers = util.get_enabled_minor_login_providers()
context_data = {
'form': form,
'page_class': 'openid-signin',
'email_feeds_form': email_feeds_form,
'major_login_providers': major_login_providers.values(),
'minor_login_providers': minor_login_providers.values(),
'login_form': login_form
}
return render_into_skin('authopenid/signup_with_password.html',
context_data, request)
