def test_register_customer(self):
client = Client()
response = client.get(reverse('lfs_login'))
self.assertEqual(response.status_code, 200)
self.assertFalse(User.objects.filter(username='******').exists())
response = client.post(reverse('lfs_login'), {'email': '*****@*****.**',
'password_1': 'test',
'password_2': 'test',
'action': 'register',
'next': '/'})
self.assertTrue(User.objects.filter(username='******').exists())
response = client.post(reverse('lfs_login'), {'email': '*****@*****.**',
'password_1': 'test',
'password_2': 'test',
'action': 'register',
'next': '/'})
self.assertTrue(User.objects.filter(email='*****@*****.**').exists())
u = User.objects.get(email='*****@*****.**')
self.assertEqual(u.username, u.email[:30])
new_username = create_unique_username('*****@*****.**')
response = client.post(reverse('lfs_login'), {'email': '*****@*****.**',
'password_1': 'test',
'password_2': 'test',
'action': 'register',
'next': '/'})
self.assertTrue(User.objects.filter(email='*****@*****.**').exists())
u = User.objects.get(email='*****@*****.**')
self.assertEqual(u.username, new_username)
def login(request, template_name="lfs/checkout/login.html"):
"""Displays a form to login or register/login the user within the check out
process.
The form's post request goes to lfs.customer.views.login where all the logic
happens - see there for more.
"""
# If the user is already authenticate we don't want to show this view at all
if request.user.is_authenticated():
return HttpResponseRedirect(reverse("lfs_checkout"))
shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout allowed we don't want to show this view at all.
if shop.checkout_type == CHECKOUT_TYPE_ANON:
return HttpResponseRedirect(reverse("lfs_checkout"))
# Using Djangos default AuthenticationForm
login_form = AuthenticationForm()
login_form.fields["username"].label = _(u"E-Mail")
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = AuthenticationForm(data=request.POST)
login_form.fields["username"].label = _(u"E-Mail")
if login_form.is_valid():
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"),
msg=_(u"You have been logged in."))
elif request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
email = register_form.data.get("email")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(email), email=email, password=password)
# Notify
lfs.core.signals.customer_added.send(user)
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=email, password=password)
from django.contrib.auth import login
login(request, user)
return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"),
msg=_(u"You have been registered and logged in."))
return render_to_response(template_name, RequestContext(request, {
"login_form": login_form,
"register_form": register_form,
"anonymous_checkout": shop.checkout_type != CHECKOUT_TYPE_AUTH,
}))
def login(request, template_name="lfs/checkout/login.html"):
"""Displays a form to login or register/login the user within the check out
process.
The form's post request goes to lfs.customer.views.login where all the logic
happens - see there for more.
"""
# If the user is already authenticate we don't want to show this view at all
if request.user.is_authenticated():
return HttpResponseRedirect(reverse("lfs_checkout"))
shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout allowed we don't want to show this view at all.
if shop.checkout_type == CHECKOUT_TYPE_ANON:
return HttpResponseRedirect(reverse("lfs_checkout"))
# Using Djangos default AuthenticationForm
login_form = CustomerAuthenticationForm()
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = CustomerAuthenticationForm(data=request.POST)
login_form.fields["username"].label = _(u"E-Mail")
if login_form.is_valid():
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"),
msg=_(u"You have been logged in."))
elif request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
email = register_form.data.get("email")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(email), email=email, password=password)
# Notify
lfs.core.signals.customer_added.send(sender=user)
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=email, password=password)
from django.contrib.auth import login
login(request, user)
return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"),
msg=_(u"You have been registered and logged in."))
return render(request, template_name, {
"login_form": login_form,
"register_form": register_form,
"anonymous_checkout": shop.checkout_type != CHECKOUT_TYPE_AUTH,
})
def register(request):
register_form = RegisterForm()
if request.POST.get('action') == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
username = register_form.data.get("username")
tel = register_form.data.get("tel")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(username), password=password)
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
Customer.objects.filter()
# Notify
# 在此处增加邮箱验证 或者手机验证
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=username, password=password)
from django.contrib.auth import login
login(request, user)
redirect_to = request.POST.get("next")
Customer.objects.filter(user=user).update(tel=tel,
nickname=username)
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been registered and logged in."))
next_url = request.REQUEST.get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
return render_to_response(
'ymyj/register.html',
RequestContext(request, {
'form': register_form,
"next_url": next_url,
}))
def register(request):
register_form = RegisterForm()
if request.POST.get('action') == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
username = register_form.data.get("username")
tel = register_form.data.get("tel")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(username), password=password)
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
Customer.objects.filter()
# Notify
# 在此处增加邮箱验证 或者手机验证
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=username, password=password)
from django.contrib.auth import login
login(request, user)
redirect_to = request.POST.get("next")
Customer.objects.filter(user=user).update(tel=tel, nickname=username)
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been registered and logged in."))
next_url = request.REQUEST.get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
return render_to_response('ymyj/register.html', RequestContext(request, {
'form': register_form,
"next_url": next_url,
}))
def login(request, template_name="lfs/customer/login.html"):
"""Custom view to login or register/login a user.
The reason to use a custom login method are:
* validate checkout type
* integration of register and login form
It uses Django's standard AuthenticationForm, though.
"""
# shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout is allowed this view doesn't exists :)
# if shop.checkout_type == CHECKOUT_TYPE_ANON:
# raise Http404()
login_form = CustomerAuthenticationForm()
login_form.fields["username"].label = _(u"E-Mail")
RegisterForm = lfs.core.utils.import_symbol(REGISTER_FORM)
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = CustomerAuthenticationForm(data=request.POST)
login_form.fields["username"].label = _(u"E-Mail")
if login_form.is_valid():
redirect_to = request.POST.get("next")
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been logged in."))
elif request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
# !!!SPLICE: register_form is a form that gets validated after
# submission. Data retrieval should be from
# cleaned_data so that values are tagged as trusted
# email = register_form.data.get("email")
# password = register_form.data.get("password_1")
email = register_form.cleaned_data.get("email")
password = register_form.cleaned_data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(email),
email=email,
password=password)
# !!!SPLICE: Update user's taint here and save again.
# We have to have a separate step here
# because during registration, user.id has
# not yet been established. As such, user
# will never get tainted unless we set it here.
set_current_user_id(user.pk)
# UNCOMMENT FOR ROW-LEVEL TAINT
# user.taints = to_int(TaintSource.current_user_taint)
# CELL-LEVEL TAINT
user.username_taint = to_int(TaintSource.current_user_taint)
user.email_taint = to_int(TaintSource.current_user_taint)
user.password_taint = to_int(TaintSource.current_user_taint)
user.save()
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
customer.save()
# Notify
lfs.core.signals.customer_added.send(sender=user)
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=email, password=password)
from django.contrib.auth import login
login(request, user, backend='lfs.customer.auth.EmailBackend')
redirect_to = request.POST.get("next")
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been registered and logged in."))
# Get next_url
next_url = (request.POST
if request.method == 'POST' else request.GET).get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
try:
login_form_errors = login_form.errors["__all__"]
except KeyError:
login_form_errors = None
return render(
request, template_name, {
"login_form": login_form,
"login_form_errors": login_form_errors,
"register_form": register_form,
"next_url": next_url,
})
def login(request, template_name="lfs/customer/login.html"):
"""Custom view to login or register/login a user.
The reason to use a custom login method are:
* validate checkout type
* integration of register and login form
It uses Django's standard AuthenticationForm, though.
"""
# shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout is allowed this view doesn't exists :)
# if shop.checkout_type == CHECKOUT_TYPE_ANON:
# raise Http404()
login_form = CustomerAuthenticationForm()
login_form.fields["username"].label = _(u"E-Mail")
RegisterForm = lfs.core.utils.import_symbol(REGISTER_FORM)
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = CustomerAuthenticationForm(data=request.POST)
login_form.fields["username"].label = _(u"E-Mail")
if login_form.is_valid():
redirect_to = request.POST.get("next")
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been logged in."))
elif request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
email = register_form.data.get("email")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(email), email=email, password=password)
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
customer.save()
# Notify
lfs.core.signals.customer_added.send(sender=user)
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=email, password=password)
from django.contrib.auth import login
login(request, user, backend='lfs.customer.auth.EmailBackend')
redirect_to = request.POST.get("next")
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been registered and logged in."))
# Get next_url
next_url = (request.POST if request.method == 'POST' else request.GET).get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
try:
login_form_errors = login_form.errors["__all__"]
except KeyError:
login_form_errors = None
return render(request, template_name, {
"login_form": login_form,
"login_form_errors": login_form_errors,
"register_form": register_form,
"next_url": next_url,
})
def login(request, template_name="lfs/customer/login.html"):
"""Custom view to login or register/login a user.
The reason to use a custom login method are:
* validate checkout type
* integration of register and login form
It uses Django's standard AuthenticationForm, though.
"""
# shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout is allowed this view doesn't exists :)
# if shop.checkout_type == CHECKOUT_TYPE_ANON:
# raise Http404()
login_form = CustomerAuthenticationForm()
login_form.fields["username"].label = _(u"E-Mail")
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = CustomerAuthenticationForm(data=request.POST)
login_form.fields["username"].label = _(u"E-Mail")
if login_form.is_valid():
redirect_to = request.POST.get("next")
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or "//" in redirect_to or " " in redirect_to:
redirect_to = reverse("lfs_shop_view")
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(redirect_to, msg=_(u"You have been logged in."))
elif request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
email = register_form.data.get("email")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(username=create_unique_username(email), email=email, password=password)
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
# Notify
lfs.core.signals.customer_added.send(sender=user)
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=email, password=password)
from django.contrib.auth import login
login(request, user)
redirect_to = request.POST.get("next")
if not redirect_to or "//" in redirect_to or " " in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(redirect_to, msg=_(u"You have been registered and logged in."))
# Get next_url
next_url = (request.POST if request.method == "POST" else request.GET).get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
try:
login_form_errors = login_form.errors["__all__"]
except KeyError:
login_form_errors = None
return render_to_response(
template_name,
RequestContext(
request,
{
"login_form": login_form,
"login_form_errors": login_form_errors,
"register_form": register_form,
"next_url": next_url,
},
),
)
def login(request, template_name="lfs/customer/login.html"):
"""Custom view to login or register/login a user.
The reason to use a custom login method are:
* validate checkout type
* integration of register and login form
It uses Django's standard AuthenticationForm, though.
"""
# shop = lfs.core.utils.get_default_shop(request)
# If only anonymous checkout is allowed this view doesn't exists :)
# if shop.checkout_type == CHECKOUT_TYPE_ANON:
# raise Http404()
login_form = CustomerAuthenticationForm()
login_form.fields["username"].label = u'用户名'
register_form = RegisterForm()
if request.POST.get("action") == "login":
login_form = CustomerAuthenticationForm(data=request.POST)
if login_form.is_valid():
redirect_to = request.POST.get("next")
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
from django.contrib.auth import login
login(request, login_form.get_user())
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been logged in."))
if request.POST.get("action") == "register":
register_form = RegisterForm(data=request.POST)
if register_form.is_valid():
username = register_form.data.get("username")
tel = register_form.data.get("tel")
password = register_form.data.get("password_1")
# Create user
user = User.objects.create_user(
username=create_unique_username(username), password=password)
# Create customer
customer = customer_utils.get_or_create_customer(request)
customer.user = user
Customer.objects.filter()
# Notify
# 在此处增加邮箱验证 或者手机验证
# Log in user
from django.contrib.auth import authenticate
user = authenticate(username=username, password=password)
from django.contrib.auth import login
login(request, user)
redirect_to = request.POST.get("next")
Customer.objects.filter(user=user).update(tel=tel,
nickname=username)
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
redirect_to = reverse("lfs_shop_view")
return lfs.core.utils.set_message_cookie(
redirect_to, msg=_(u"You have been registered and logged in."))
# Get next_url
next_url = request.REQUEST.get("next")
if next_url is None:
next_url = request.META.get("HTTP_REFERER")
if next_url is None:
next_url = reverse("lfs_shop_view")
# Get just the path of the url. See django.contrib.auth.views.login for more
next_url = urlparse(next_url)
next_url = next_url[2]
try:
login_form_errors = login_form.errors["__all__"]
except KeyError:
login_form_errors = None
return render_to_response(
template_name,
RequestContext(
request, {
"login_form": login_form,
"login_form_errors": login_form_errors,
"register_form": register_form,
"next_url": next_url,
}))
