def create_primary_email(user, email):
ea = EmailAddress()
ea.user=user
ea.email=email
ea.verified=True
ea.primary=True
ea.save()
def load_extra_data(backend,
details,
response,
uid,
user,
social_user=None,
*args,
**kwargs):
"""Load extra data from provider and store it on current UserSocialAuth
extra_data field.
"""
social_user = social_user or \
UserSocialAuth.get_social_auth(backend.name, uid)
if kwargs['is_new'] and PROFILE_EMAIL_CONFIRMATION:
emailaddress = EmailAddress(**{
'user': user,
'email': user.email,
'verified': True,
'primary': True
})
emailaddress.save()
if social_user:
extra_data = backend.extra_data(user, uid, response, details)
if kwargs.get('original_email') and 'email' not in extra_data:
extra_data['email'] = kwargs.get('original_email')
if extra_data and social_user.extra_data != extra_data:
if social_user.extra_data:
social_user.extra_data.update(extra_data)
else:
social_user.extra_data = extra_data
social_user.save()
if backend.name == 'facebook' and kwargs['is_new']:
response = json.loads(
requests.get(
'https://graph.facebook.com/%s?access_token=%s' %
(extra_data['id'], extra_data['access_token'])).content)
try:
user.city, user.country = response.get('hometown').get(
'name').split(', ')
except AttributeError:
pass
try:
user.birth_date = datetime.strptime(response.get('birthday'),
'%m/%d/%Y').date()
except AttributeError:
pass
user.save()
return {'social_user': social_user}
def load_extra_data(backend, details, response, uid, user, social_user=None,
*args, **kwargs):
"""Load extra data from provider and store it on current UserSocialAuth
extra_data field.
"""
social_user = social_user or \
UserSocialAuth.get_social_auth(backend.name, uid)
if kwargs['is_new'] and PROFILE_EMAIL_CONFIRMATION:
emailaddress = EmailAddress(**{
'user': user,
'email': user.email,
'verified': True,
'primary': True
})
emailaddress.save()
if social_user:
extra_data = backend.extra_data(user, uid, response, details)
if kwargs.get('original_email') and 'email' not in extra_data:
extra_data['email'] = kwargs.get('original_email')
if extra_data and social_user.extra_data != extra_data:
if social_user.extra_data:
social_user.extra_data.update(extra_data)
else:
social_user.extra_data = extra_data
social_user.save()
if backend.name == 'facebook' and kwargs['is_new']:
response = json.loads(requests.get('https://graph.facebook.com/%s?access_token=%s' % (extra_data['id'], extra_data['access_token'])).content)
try:
user.city, user.country = response.get('hometown').get('name').split(', ')
except AttributeError:
pass
try:
user.birth_date = datetime.strptime(response.get('birthday'), '%m/%d/%Y').date()
except AttributeError:
pass
user.save()
return {'social_user': social_user}
def customer_register(email, username, zipcode, phone, password, address, method):
data = {}
# sanitize inputs
if email is not None:
email = check_email(email)
if email is None:
data["result"] = -1
data["result_msg"] = "Email address is used by another user."
return data
if zipcode is not None:
zipcode = check_zipcode(zipcode)
if zipcode is None:
data["result"] = -2
data["result_msg"] = "Zip Code is invalid or not in the system."
return data
if phone is not None:
phone = check_phone(phone)
if phone is None:
data["result"] = -3
data["result_msg"] = "Phone number is used by another user."
return data
if username is None:
if email is not None:
username = email
elif phone is not None:
username = phone
else:
data["result"] = -4
data["result_msg"] = "Either email address, phone number or username is required."
return data
is_random_password = False
if password is None:
s = string.lowercase + string.digits
password = ''.join(random.sample(s,6))
is_random_password = True
try:
user = User.objects.create_user(username, "", password)
user.save()
except IntegrityError:
data["result"] = -5
data["result_msg"] = "'" + username + "' is used by the other user."
return data
# create customer information
c = Customer(user=user, zipcode=zipcode, verified=True)
c.save()
CustomerPhone.objects.create(customer=c, number = phone)
c.set_location_from_address()
num_merchants = c.count_merchants_within_miles()
t = TxtTemplates()
args = {"email": email, "number": num_merchants}
if is_random_password:
args["password"] = password,
welcome_msg = t.render(TxtTemplates.templates["CUSTOMER"]["SIGNUP_SUCCESS"], args)
else:
welcome_msg = t.render(TxtTemplates.templates["CUSTOMER"]["SIGNUP_SUCCESS_NO_PASSWORD"], args)
if email is not None:
e = EmailAddress(user=user, email=email, verified=True, primary=True)
e.save()
send_mail('Welcome to Shoppley', welcome_msg, '*****@*****.**', [email], fail_silently=True)
if phone is not None:
if method == "SMS":
sms_notify(phone, welcome_msg)
else:
# send verification sms
verify_msg = t.render(TxtTemplates.templates["CUSTOMER"]["VERIFY_PHONE"], {})
sms_notify(phone, verify_msg)
data["result"] = 1
data["result_msg"] = "User registered successfully."
data["username"] = username
data["password"] = password
return data;
def test_account_password_reset_API(self):
url = reverse('api_account_password_reset')
# GET 403 - user must not be authenticated
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
# GET 405
response = self.client.get(url)
self.assertEqual(405, response.status_code)
# POST 400: missing required field
response = self.client.post(url)
self.assertContains(response, 'required', status_code=400)
# POST 400: email not found in the DB
response = self.client.post(url, { 'email': '*****@*****.**' })
self.assertContains(response, 'address not verified for any', status_code=400)
# POST 200
user = User.objects.get(username='******')
if PROFILE_EMAIL_CONFIRMATION:
email_address = EmailAddress(user=user, email=user.email, verified=True, primary=True)
email_address.save()
response = self.client.post(url, { 'email': user.email })
self.assertEqual(200, response.status_code)
self.assertEqual(PasswordReset.objects.filter(user=user).count(), 1, 'dummy email outbox should contain 1 email message')
self.assertEqual(len(mail.outbox), 1, 'dummy email outbox should contain 1 email message')
password_reset = PasswordReset.objects.get(user=user)
uid_36 = int_to_base36(user.id)
url = reverse('api_account_password_reset_key',
kwargs={ 'uidb36': uid_36, 'key': password_reset.temp_key })
# POST 400: wrong password
params = { 'password1': 'new_password', 'password2': 'wrong' }
response = self.client.post(url, params)
self.assertContains(response, '"password2"', status_code=400)
# correct
params['password2'] = 'new_password'
response = self.client.post(url, json.dumps(params), content_type='application/json')
self.assertContains(response, '"detail"')
# ensure password has been changed
user = User.objects.get(username='******')
self.assertTrue(user.check_password('new_password'))
# ensure password reset object has been used
password_reset = PasswordReset.objects.get(user=user)
self.assertTrue(password_reset.reset)
# request a new password reset key
response = self.client.post(reverse('api_account_password_reset'), { 'email': user.email })
self.assertEqual(200, response.status_code)
# test HTML version of password reset from key
password_reset = PasswordReset.objects.get(user=user, reset=False)
uid = int_to_base36(password_reset.user_id)
key = password_reset.temp_key
url = reverse('account_password_reset_key', args=[uid, key])
response = self.client.get(url)
self.assertEqual(200, response.status_code)
response = self.client.post(url, { 'password1': 'changed', 'password2': 'changed' } )
self.assertEqual(200, response.status_code)
# ensure password has been changed
user = User.objects.get(username='******')
self.assertTrue(user.check_password('changed'))
# ensure password reset object has been used
password_reset = PasswordReset.objects.filter(user=user).order_by('-id')[0]
self.assertTrue(password_reset.reset)
def import_users(self):
""" save users to local DB """
self.message('saving users into local DB')
saved_users = []
# loop over all extracted unique email addresses
for email in self.email_set:
owner = self.users_dict[email].get('owner')
# if owner is not specified, build username from email
if owner.strip() == '':
owner, domain = email.split('@')
# replace any points with a space
owner = owner.replace('.', ' ')
# if owner has a space, assume he specified first and last name
if ' ' in owner:
owner_parts = owner.split(' ')
first_name = owner_parts[0]
last_name = owner_parts[1]
else:
first_name = owner
last_name = ''
# username must be slugified otherwise won't get into the DB
username = slugify(owner)
# create one user for each mail address
user = User(**{
"username": username,
"password": self.generate_random_password(),
"first_name": first_name.capitalize(),
"last_name": last_name.capitalize(),
"email": email,
"is_active": True
})
# be sure username is unique
counter = 1
original_username = username
while True:
if User.objects.filter(username=user.username).count() > 0:
counter += 1
user.username = '******' % (original_username, counter)
else:
break
try:
# validate data and save
user.full_clean()
user.save()
# store id
self.users_dict[email]['id'] = user.id
# append to saved users
saved_users.append(user)
self.verbose('Saved user %s (%s) with email <%s>' % (user.username, user.get_full_name(), user.email))
except Exception as e:
self.message('Could not save user %s, got exception: %s' % (user.username, e))
# mark email address as confirmed if feature is enabled
if EMAIL_ADDRESS_APP_INSTALLED:
try:
email_address = EmailAddress(user=user, email=user.email, verified=True, primary=True)
email_address.full_clean()
email_address.save()
except Exception as e:
self.message('Could not save email address for user %s, got exception: %s' % (user.username, e))
self.message('saved %d users into local DB' % len(saved_users))
self.saved_users = saved_users
def test_account_password_reset_API(self):
url = reverse('api_account_password_reset')
# GET 403 - user must not be authenticated
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
# GET 405
response = self.client.get(url)
self.assertEqual(405, response.status_code)
# POST 400: missing required field
response = self.client.post(url)
self.assertContains(response, 'required', status_code=400)
# POST 400: email not found in the DB
response = self.client.post(url, {'email': '*****@*****.**'})
self.assertContains(response,
'address not verified for any',
status_code=400)
# POST 200
user = User.objects.get(username='******')
if PROFILE_EMAIL_CONFIRMATION:
email_address = EmailAddress(user=user,
email=user.email,
verified=True,
primary=True)
email_address.save()
response = self.client.post(url, {'email': user.email})
self.assertEqual(200, response.status_code)
self.assertEqual(
PasswordReset.objects.filter(user=user).count(), 1,
'dummy email outbox should contain 1 email message')
self.assertEqual(len(mail.outbox), 1,
'dummy email outbox should contain 1 email message')
password_reset = PasswordReset.objects.get(user=user)
uid_36 = int_to_base36(user.id)
url = reverse('api_account_password_reset_key',
kwargs={
'uidb36': uid_36,
'key': password_reset.temp_key
})
# POST 400: wrong password
params = {'password1': 'new_password', 'password2': 'wrong'}
response = self.client.post(url, params)
self.assertContains(response, '"password2"', status_code=400)
# correct
params['password2'] = 'new_password'
response = self.client.post(url,
json.dumps(params),
content_type='application/json')
self.assertContains(response, '"detail"')
# ensure password has been changed
user = User.objects.get(username='******')
self.assertTrue(user.check_password('new_password'))
# ensure password reset object has been used
password_reset = PasswordReset.objects.get(user=user)
self.assertTrue(password_reset.reset)
# request a new password reset key
response = self.client.post(reverse('api_account_password_reset'),
{'email': user.email})
self.assertEqual(200, response.status_code)
# test HTML version of password reset from key
password_reset = PasswordReset.objects.get(user=user, reset=False)
uid = int_to_base36(password_reset.user_id)
key = password_reset.temp_key
url = reverse('account_password_reset_key', args=[uid, key])
response = self.client.get(url)
self.assertEqual(200, response.status_code)
response = self.client.post(url, {
'password1': 'changed',
'password2': 'changed'
})
self.assertEqual(200, response.status_code)
# ensure password has been changed
user = User.objects.get(username='******')
self.assertTrue(user.check_password('changed'))
# ensure password reset object has been used
password_reset = PasswordReset.objects.filter(
user=user).order_by('-id')[0]
self.assertTrue(password_reset.reset)
def import_users(self):
""" save users to local DB """
self.message('saving users into local DB')
saved_users = []
# loop over all extracted unique email addresses
for email in self.email_set:
owner = self.users_dict[email].get('owner')
# if owner is not specified, build username from email
if owner.strip() == '':
owner, domain = email.split('@')
# replace any points with a space
owner = owner.replace('.', ' ')
# if owner has a space, assume he specified first and last name
if ' ' in owner:
owner_parts = owner.split(' ')
first_name = owner_parts[0]
last_name = owner_parts[1]
else:
first_name = owner
last_name = ''
# username must be slugified otherwise won't get into the DB
username = slugify(owner)
# check if user exists first
try:
# try looking by email
user = User.objects.get(email=email)
except User.DoesNotExist:
try:
# try looking by username
user = User.objects.get(username=username)
except User.DoesNotExist:
# otherwise init new
user = User()
# generate new password only for new users
user.password = self.generate_random_password()
# we'll create one user for each unique email address we've got
user.username = username
user.first_name = first_name.capitalize()
user.last_name = last_name.capitalize()
user.email = email
user.is_active = True
# extract date joined from old nodes
# find the oldest node of this user
oldest_node = OldNode.objects.filter(
email=email).order_by('added')[0]
user.date_joined = oldest_node.added
# be sure username is unique
counter = 1
original_username = username
while True:
# do this check only if user is new
if not user.pk and User.objects.filter(
username=user.username).count() > 0:
counter += 1
user.username = '******' % (original_username, counter)
else:
break
try:
# validate data and save
user.full_clean()
user.save()
except Exception as e:
# if user already exists use that instance
if (User.objects.filter(email=email).count() == 1):
user = User.objects.get(email=email)
# otherwise report error
else:
user = None
tb = traceback.format_exc()
self.message(
'Could not save user %s, got exception:\n\n%s' %
(user.username, tb))
# if we got a user to add
if user is not None:
# store id
self.users_dict[email]['id'] = user.id
# append to saved users
saved_users.append(user)
self.verbose('Saved user %s (%s) with email <%s>' %
(user.username, user.get_full_name(), user.email))
# mark email address as confirmed if feature is enabled
if EMAIL_ADDRESS_APP_INSTALLED and EmailAddress.objects.filter(
email=user.email).count() is 0:
try:
email_address = EmailAddress(user=user,
email=user.email,
verified=True,
primary=True)
email_address.full_clean()
email_address.save()
except Exception as e:
tb = traceback.format_exc()
self.message(
'Could not save email address for user %s, got exception:\n\n%s'
% (user.username, tb))
self.message('saved %d users into local DB' % len(saved_users))
self.saved_users = saved_users
