def is_request_banned(self, request): ban = get_request_ip_ban(request) if ban: hydrated_ban = Ban(check_type=BAN_IP, user_message=ban['message'], expires_on=ban['expires_on']) raise Banned(hydrated_ban)
def reset_password_form(request, pk, token): requesting_user = get_object_or_404(get_user_model(), pk=pk) try: if (request.user.is_authenticated and request.user.id != requesting_user.id): message = _("%(user)s, your link has expired. " "Please request new link and try again.") message = message % {'user': requesting_user.username} raise ResetError(message) if not is_password_change_token_valid(requesting_user, token): message = _("%(user)s, your link is invalid. " "Please try again or request new link.") message = message % {'user': requesting_user.username} raise ResetError(message) ban = get_user_ban(requesting_user) if ban: raise Banned(ban) except ResetError as e: return render(request, 'misago/forgottenpassword/error.html', { 'message': e.args[0], }, status=400) api_url = reverse('misago:api:change-forgotten-password', kwargs={ 'pk': pk, 'token': token, }) request.frontend_context['CHANGE_PASSWORD_API'] = api_url return render(request, 'misago/forgottenpassword/form.html')
def decorator(request, *args, **kwargs): ban = get_request_ip_ban(request) if ban: hydrated_ban = Ban(check_type=Ban.IP, user_message=ban['message'], expires_on=ban['expires_on']) raise Banned(hydrated_ban) else: return f(request, *args, **kwargs)
def test_banned(self): """banned exception is correctly handled""" ban = Ban(user_message="This is test ban!") response = exceptionhandler.handle_api_exception(Banned(ban), None) self.assertEqual(response.status_code, 403) self.assertEqual(response.data['detail']['html'], "<p>This is test ban!</p>") self.assertIn('expires_on', response.data)
def create_endpoint(request): if settings.account_activation == 'closed': raise PermissionDenied(_("New users registrations are currently closed.")) ban = get_ip_ban(request.user_ip, registration_only=True) if ban: raise Banned(ban) serializer = RegisterUserSerializer( data=request.data, context={'request': request}, ) serializer.is_valid(raise_exception=True) activation_kwargs = {} if settings.account_activation == 'user': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER} elif settings.account_activation == 'admin': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN} try: new_user = UserModel.objects.create_user( serializer.validated_data['username'], serializer.validated_data['email'], serializer.validated_data['password'], joined_from_ip=request.user_ip, set_default_avatar=True, **activation_kwargs ) except IntegrityError: return Response( { 'detail': _("Please try resubmitting the form."), }, status=400, ) send_welcome_email(request, new_user) if not new_user.requires_activation == 'none': authenticated_user = authenticate( username=new_user.email, password=serializer.validated_data['password'], ) login(request, authenticated_user) return Response(get_registration_result_json(new_user))
def activate_by_token(request, pk, token): inactive_user = get_object_or_404(UserModel, pk=pk, is_active=True) try: if not inactive_user.requires_activation: message = _("%(user)s, your account is already active.") raise ActivationStopped(message % {'user': inactive_user.username}) if not is_activation_token_valid(inactive_user, token): message = _( "%(user)s, your activation link is invalid. " "Try again or request new activation link." ) raise ActivationError(message % {'user': inactive_user.username}) ban = get_user_ban(inactive_user) if ban: raise Banned(ban) except ActivationStopped as e: return render(request, 'misago/activation/stopped.html', { 'message': e.args[0], }) except ActivationError as e: return render( request, 'misago/activation/error.html', { 'message': e.args[0], }, status=400, ) inactive_user.requires_activation = UserModel.ACTIVATION_NONE inactive_user.save(update_fields=['requires_activation']) message = _("%(user)s, your account has been activated!") return render( request, 'misago/activation/done.html', { 'message': message % { 'user': inactive_user.username, }, } )
def reset_password_form(request, pk, token): requesting_user = get_object_or_404(get_user_model(), pk=pk, is_active=True) try: if (request.user.is_authenticated and request.user.id != requesting_user.id): message = _( "%(user)s, your link has expired. Please request new link and try again." ) raise ResetError(message % {'user': requesting_user.username}) if not is_password_change_token_valid(requesting_user, token): message = _( "%(user)s, your link is invalid. Please try again or request new link." ) raise ResetError(message % {'user': requesting_user.username}) ban = get_user_ban(requesting_user) if ban: raise Banned(ban) except ResetError as e: return render(request, 'misago/forgottenpassword/error.html', { 'message': e.args[0], }, status=400) request.frontend_context['store'].update({ 'forgotten_password': { 'id': pk, 'token': token, }, }) return render(request, 'misago/forgottenpassword/form.html')
def raise_misago_banned(request): ban = Ban(user_message="Banned for test!") raise Banned(ban)
def create_endpoint(request): if settings.account_activation == 'closed': raise PermissionDenied(_("New users registrations are currently closed.")) ban = get_ip_ban(request.user_ip, registration_only=True) if ban: raise Banned(ban) serializer = RegisterUserSerializer( data=request.data, context={'request': request}, ) serializer.is_valid(raise_exception=True) activation_kwargs = {} if settings.account_activation == 'user': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER} elif settings.account_activation == 'admin': activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN} try: new_user = UserModel.objects.create_user( serializer.validated_data['username'], serializer.validated_data['email'], serializer.validated_data['password'], joined_from_ip=request.user_ip, set_default_avatar=True, **activation_kwargs ) except IntegrityError: return Response( { 'detail': _("Please try resubmitting the form."), }, status=400, ) mail_subject = _("Welcome on %(forum_name)s forums!") mail_subject = mail_subject % {'forum_name': settings.forum_name} if settings.account_activation == 'none': authenticated_user = authenticate( username=new_user.email, password=serializer.validated_data['password'], ) login(request, authenticated_user) mail_user(request, new_user, mail_subject, 'misago/emails/register/complete') return Response({ 'activation': None, 'username': new_user.username, 'email': new_user.email }) else: activation_token = make_activation_token(new_user) activation_by_admin = new_user.requires_activation_by_admin activation_by_user = new_user.requires_activation_by_user mail_user( request, new_user, mail_subject, 'misago/emails/register/inactive', { 'activation_token': activation_token, 'activation_by_admin': activation_by_admin, 'activation_by_user': activation_by_user, } ) if activation_by_admin: activation_method = 'admin' else: activation_method = 'user' return Response({ 'activation': activation_method, 'username': new_user.username, 'email': new_user.email })
def confirm_user_not_banned(self, user): ban = self.get_user_ban(user) if ban: raise Banned(ban=ban)