def form(request): message = None if request.method == 'POST': form = UserSendSpecialMailForm(request.POST, request=request) if form.is_valid(): user = form.found_user user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) elif user.activation != User.ACTIVATION_NONE: return error403(request, Message(request, 'users/activation/required', {'user': user})) user.token = get_random_string(12) user.save(force_update=True) request.messages.set_flash(Message(request, 'users/password/reset_confirm', extra={'user':user}), 'success') user.email_user( request, 'users/password/confirm', _("Confirm New Password Request") ) return redirect(reverse('index')) else: message = Message(request, form.non_field_errors()[0]) else: form = UserSendSpecialMailForm(request=request) return request.theme.render_to_response('users/forgot_password.html', { 'message': message, 'form': FormLayout(form), }, context_instance=RequestContext(request));
def reset(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation != User.ACTIVATION_NONE: return error403(request, Message(request, 'users/activation/required', {'user': user})) if not token or not user.token or user.token != token: return error403(request, Message(request, 'users/invalid_confirmation_link', {'user': user})) new_password = get_random_string(6) user.token = None user.set_password(new_password) user.save(force_update=True) # Logout signed in and kill remember me tokens Session.objects.filter(user=user).update(user=None) Token.objects.filter(user=user).delete() # Set flash and mail new password request.messages.set_flash(Message(request, 'users/password/reset_done', extra={'user':user}), 'success') user.email_user( request, 'users/password/new', _("Your New Password"), {'password': new_password} ) return redirect(reverse('sign_in')) except User.DoesNotExist: return error404(request)
def reset(request, username="", user="******", token=""): user = int(user) try: user = User.objects.get(pk=user) user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) if user.activation != User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/required', {'user': user})) if not token or not user.token or user.token != token: return error403( request, Message(request, 'users/invalid_confirmation_link', {'user': user})) new_password = get_random_string(6) user.token = None user.set_password(new_password) user.save(force_update=True) # Logout signed in and kill remember me tokens Session.objects.filter(user=user).update(user=None) Token.objects.filter(user=user).delete() # Set flash and mail new password request.messages.set_flash( Message(request, 'users/password/reset_done', extra={'user': user}), 'success') user.email_user(request, 'users/password/new', _("Your New Password"), {'password': new_password}) return redirect(reverse('sign_in')) except User.DoesNotExist: return error404(request)
def form(request): message = None if request.method == 'POST': form = UserSendSpecialMailForm(request.POST, request=request) if form.is_valid(): user = form.found_user user_ban = check_ban(username=user.username, email=user.email) if user_ban: return error_banned(request, user, user_ban) elif user.activation != User.ACTIVATION_NONE: return error403( request, Message(request, 'users/activation/required', {'user': user})) user.token = get_random_string(12) user.save(force_update=True) request.messages.set_flash( Message(request, 'users/password/reset_confirm', extra={'user': user}), 'success') user.email_user(request, 'users/password/confirm', _("Confirm New Password Request")) return redirect(reverse('index')) else: message = Message(request, form.non_field_errors()[0]) else: form = UserSendSpecialMailForm(request=request) return request.theme.render_to_response( 'users/forgot_password.html', { 'message': message, 'form': FormLayout(form), }, context_instance=RequestContext(request))
def create_user(self, username, email, password, timezone=False, ip='127.0.0.1', activation=0, request=False): token = '' if activation > 0: token = get_random_string(12) if timezone == False: try: timezone = request.settings['default_timezone'] db_settings = request.settings except AttributeError: db_settings = DBSettings() timezone = db_settings['default_timezone'] # Get first rank try: default_rank = Rank.objects.filter(special=0).order_by('order')[0] except Rank.DoesNotExist: default_rank = None # Store user in database new_user = User( join_date=tz_util.now(), join_ip=ip, activation=activation, token=token, timezone=timezone, rank=default_rank, ) new_user.set_username(username) new_user.set_email(email) new_user.set_password(password) new_user.full_clean() new_user.default_avatar(db_settings) new_user.save(force_insert=True) # Set user roles new_user.roles.add(Role.objects.get(token='registered')) new_user.save(force_update=True) # Load monitor try: monitor = request.monitor except AttributeError: monitor = Monitor() # Update forum stats if activation == 0: monitor['users'] = int(monitor['users']) + 1 monitor['last_user'] = new_user.pk monitor['last_user_name'] = new_user.username monitor['last_user_slug'] = new_user.username_slug else: monitor['users_inactive'] = int(monitor['users_inactive']) + 1 # Return new user return new_user
def process_request(self, request): if request.user.is_crawler(): return None if 'csrf_token' in request.session: csrf_token = request.session['csrf_token'] else: csrf_token = get_random_string(16); request.session['csrf_token'] = csrf_token request.csrf = CSRFProtection(csrf_token)
def process_request(self, request): if request.user.is_crawler(): return None if 'csrf_token' in request.session: csrf_token = request.session['csrf_token'] else: csrf_token = get_random_string(16) request.session['csrf_token'] = csrf_token request.csrf = CSRFProtection(csrf_token)
def _get_new_session_key(self): return get_random_string(42)
def signin(request): message = request.messages.get_message('security') if request.method == 'POST': form = SignInForm( request.POST, show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'], show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'], request=request ) if form.is_valid(): try: # Configure correct auth and redirect links if request.firewall.admin: auth_method = auth_admin success_redirect = reverse(site.get_admin_index()) else: auth_method = auth_forum success_redirect = reverse('index') # Authenticate user user = auth_method( request, form.cleaned_data['user_email'], form.cleaned_data['user_password'], ) if not request.firewall.admin and request.settings['sessions_hidden'] and form.cleaned_data['user_stay_hidden']: request.session.hidden = True sign_user_in(request, user, request.session.hidden) remember_me_token = False if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']: remember_me_token = get_random_string(42) remember_me = Token( id=remember_me_token, user=user, created=timezone.now(), accessed=timezone.now(), hidden=request.session.hidden ) remember_me.save() if remember_me_token: request.cookie_jar.set('TOKEN', remember_me_token, True) request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security') return redirect(success_redirect) except AuthException as e: message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban}) message.type = 'error' # If not in Admin, register failed attempt if not request.firewall.admin and e.type == auth.CREDENTIALS: SignInAttempt.objects.register_attempt(request.session.get_ip(request)) # Have we jammed our account? if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)): request.jam.expires = timezone.now() return redirect(reverse('sign_in')) else: message = Message(request, form.non_field_errors()[0]) message.type = 'error' else: form = SignInForm( show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'], show_stay_hidden=not request.firewall.admin and request.settings['sessions_hidden'], request=request ) return request.theme.render_to_response('signin.html', { 'message': message, 'form': FormLayout(form, [ ( None, [('user_email', {'attrs': {'placeholder': _("Enter your e-mail")}}), ('user_password', {'has_value': False, 'placeholder': _("Enter your password")})] ), ( None, ['user_remember_me', 'user_stay_hidden'], ), ]), 'hide_signin': True, }, context_instance=RequestContext(request));